They escalated me to someone on the hardware team that sounded like they have been around for a while XD. But here's what I was able to do: From the fastboot menu (using the power + vol down button to boot the phone) select "Recovery mode" then when the phone goes to the No Command screen, hold the power button for 1 second then press the vol up button and release both at the same time. This will give you a command prompt of sorts. Go to factory wipe/reset and vioala. You can reload your phone. Sure it sucks but if you were stuck like I was this is good enough.
Factory wipe/reset followed by 'Reload' sounds like you end up losing all of your data if it wasn't backed up elsewhere. Usually the value of the data outweighs the value of the device, especially with phones that are harder to backup than they should be.
> especially with phones that are harder to backup than they should be.
That's interesting, my experience with a physically destroyed Android is that I didn't lose any data without any backups other than the default settings, since apparently all the apps that I use sync to cloud by default, without me needing to configure any backups, and use local storage only for caching, so all the apps, settings and data could be automagically restored.
My fear is that your phone is also the primary MFA device, so losing that could mean you can't log into your account anymore (and therefore can't restore the cloud backup)…
Sorry, I should be clearer: to login to Google on a new device, you typically need to accept a prompt on an old device. But if your old device is dead, that's not possible. Authenticator does TOTP and things, which is typically not adequate for logging in (even though it _should_ be).
I'm not using Google Authenticator or anything like that but when my old phone dropped somewhere at the bottom of a river all my banking apps, which do 2FA, had a way to let me start again on my new phone. Services that don't assist their users in a disaster recover scenario are severely lacking.
This was my worst fear but I had opted-in to backup Authenticator with Google. Opting in to backup your data with Google is seamless and it also restores stuff like SMS messages.
But I suppose this is one more thing the anti-trust case against Google should probably be looking into. Should Google be allowed this deep integration with their cloud services?
Absolutely amazing how Google can release these updates for devices that _they make and support themselves_ without first running tests on the operating system and making sure these things don't happen.
Yes, I'm sure there's hard to track down bugs and this is likely one of them - but the fact that people are trying to get Google's attention because their phones are soft-bricking and Google continues to do nothing about it says volumes about how much they care about their customers.
I ran into a problem with the Pixel 5 I was running at the time. Woke up in the morning and the phone was off. Wouldn't boot. Wouldn't respond to anything at all. Thousands of people were having the same issue all within the span of a few months - Google Bug was created, nothing was done for 3-4 weeks while hundreds of users added their input on the bug... then the issue was suddenly closed with "won't fix" with no explanation.
I know the law is toothless against these massive corporations because the governments been bought out for decades at this point, but I'd sure love to see a company like Google/Alphabet shattered into tens of different companies. There's no reason why they need to control Search, Ads, Cloud Computing, Device Manufacturing, Operating System Development, etc. Same goes for all the other large companies doing the same thing.
I'm currently impacted by this bug. My grandfather just passed away and the family has been trading pictures in group messages. I've nowost access to my copies of those images.
Yes, it's my fault I hadn't backed up yet. However it's not like _i did something_ to invite this, like jump in a pool with my phone or lose it out a car window.
I'm typing this message on this phone, and I'm hoping a fix comes, because I really don't want to lose those photos.
I faced this issue last week. I use the other user profile for Android app development. My phone was lying on the table before me as I watched it abruptly reboot to a familiar black screen that prompted me to Try to restart or Factory reset the phone (losing all data). Obviously, fearing data loss, I chose to gamble with restart, not knowing what the issue was.
Then the phone began bootlooping with the Google logo and a progress bar stuck, going back to black and repeating. The power button + vol down move to get into fastboot was really really hard to get into. It took several attempts and about 15mins of time to finally get to the Factory reset option again. I lost all my data.
As an occasional android app dev who mainly writes apps for personal use, the thought of reporting the bug to Google didn't even cross my mind because (a) it seemed like a random filesystem corruption (b) I'm pretty much used to Google ignoring even high quality bugs reports from Android devs with helpful logs, so an end-user bug report with no logs would be beyond hope.
This may be a case of grass is greener, but Samsung in recent years has been responsive to bug fixes and updates while with Pixel's you basically get what comes through Android updates. Either way, as an Android user, bugs are a way of life.
I have another 3 year old device on Android 11 no longer eligible for updates with a similar 2 user profile setup, and that also randomly reboots to the Try to restart/Factory reset prompt usually after I hit the power button and the lock screen goes wonky. Just that restarting fortunately works in that case without any data loss.
I have said this before and I'll keep saying it until it changes: updates suck for 'regular' users, it's like a grenade with five pins, one of which will give you a working machine with some improvements and the other four will result in data loss, loss of critical functionality that you relied upon, more advertising and security issues. It's a total crap shoot and manufacturers should realize that with every botched update user trust in the computing industry is further eroded (assuming that is still possible).
I really wonder if the Android engineers just use iPhones. Quite a few of the security isolations/sandboxing have lead to some of the more basic usability bugs.
My dad hit one a few days ago, complained he couldn't restart his phone. I proceeded to watch him hold down the volume and power button to get the prompt to shutdown/reboot. Upon clicking, it did nothing. So I tried it then, still nothing. Realized at this point that the device had lockscreen locked. After unlocking the screen and repeating this it rebooted fine. (My first gut reaction was 'can't you just hold power button to get the reboot screen?', but nope that pops up some google assistant crap instead, so now he has to juggle not having it screenshot each time he needs to shut it off or restart it)
My parents, me and my wife’s side just completely moved away from Android because of random issues that old people are unable to figure it out. Android settings is like a minefield, my parents are just afraid to even open it.
Haha silly, expected that power button will work as power button by default in Android. Just set it the in the settings, really, dude! Can iphone’s power button run spyware? I guess not LMAO on them.
Seriously, there should be a law that elders and kids allowed to buy only iphones, because google primary preying on less cautious and computer illiterate people.
That's odd, Android's line-level management seemed very sure that their relentless focus on quality since 2021 was going great.
On the line-level, we'd grumble that "quality! focus!" was instead empowering a new middle management layer to continue burning themselves out and wasting ICs by failing to delegate.
Not to mention the kissing up and punching down it took to sustain that, leveraging a company happy to fire people.
I worried even this neutered version was unfair, but...as time progresses and trends continue...
They broke half a market of BLE devices in 2022 and never bothered with investigation or fix. P1, btw. Most manufacturers now just revert some commits (and they identified them in a month!), and some BLE manufacturers pushed firmware updates - after 6 months of broken equipment.
Those two stories is all what you need to know about "7 years of updates are important".
> it would be nice if Android phones had a comprehensive whole-phone backup feature, though
There is, or I should say, was a way to do this: adb backup
Unfortunately, for "security" reasons, nearly every app developer (Google included) opts out of it in the app manifest, completely nerfing the feature. [1]
We live in a truly terrible timeline where the infrastructure to do what the author describes exists and has been there for years, and yet has been made functionally useless by user-hostile policy choices.
Google's incentives are also opposed to allowing users to take an offline backup of their apps and app data, because now they're able to sell more cloud storage for your data.
It boils down to effort/cost vs value.
We disable all kinds of backup data on our android app, including local favorites (should be backed up imo) and auth data (should not be backed up). It's just a hassle to implement, handle, maintain, test and no one ever asked for it.
We had it enabled at some point but then had a bug only occur when a user was restoring data from a backup, crashing the app instantly on start. Of course then it gets decided to completely disable it, instead of spending say 1000€/month to maintain/test this feature 'noone' wants.
If you can install alternative OS, you have your bootloader unlocked. If you have your bootloader unlocked, you can install magisk. And with magisk, you own your device, not some corporates - so you can back up any data you want.
So which is the bigger practical risk in 2023? A person physically taking your phone and compromising it? Or a software update making your phone unusable and possibly suffer catastrophic data loss?
Yes. Note that the person in question doesn't have to be a random mugger on the street. It could be a suspicious spouse, nosey coworker, or a voyeuristic phone technician.
What "suspicious spouse"? If someone has personal computer and can sift data off phone via something like usb connection, they are probably either state level adversary or professional black hat.
At this point you may as well give up, because those people have access to (years old) 0-day exploits, which work flawlessly regardless of "security measures" used by phone manufacturer.
One who thinks the other is cheating and wants proof by sifting through texts or whatever.
> If someone has personal computer and can sift data off phone via something like usb connection, they are probably either state level adversary or professional black hat.
If bootloader is unlocked you can just replace the operating system with a backdoored version. Since theres no signature checking, there's nothing to check for this. No password cracking required. If you want to see what it looks like, look at x86 PC land where locked bootloaders aren't the norm: https://www.greyhathacker.net/?p=50
So have the fucking owner to put a password on it or have the device generate a random passphrase on first boot. Having locked boot loaders doesn't necessitate that you lock out the owner.
>If the bootloader is unlocked, it's only permanent until you reflash it.
That's very vendor specific. Of the android phones I've owned none of them exhibited that behavior. You could flash and reflash without re-unlocking. It only gets locked if you issue an explicit lock command.
>Also, there are options between "user has no control" and "totally unsecured bootloader" (ex. user-provided keys)
There are good reasons to have unlockable boot loaders, but this case specifically (ie. data loss from when your phone bootloops) isn't one of them. For one, do you really expect the average user to generate their own keys, reconfigure their bootloaders, and resign their roms? Even if they could pull it off that effort would surely be better spent setting up an actual backup solution, which would protect against other hazards that an unlocked boot loader would not (eg. phone falling into the ocean).
> You could flash and reflash without re-unlocking. It only gets locked if you issue an explicit lock command.
Slight miscommunication; I was intending to address the specific security threat of "attacker has (temporary) physical access and flashes something malicious onto the phone's root filesystem (anything from a complete ROM to a kernel module or background process that autostarts and runs as root every boot)", in which case the user can just re-flash the phone's non-encrypted partitions from known-good images and be on their merry way.
> do you really expect the average user to generate their own keys, reconfigure their bootloaders, and resign their roms
Since this only seems to be hitting people with multiple profiles, I bet it's the user profile system running into either permission issues or file structure issues.
It also happened to me with a company phone purchased specifically for the multiple profile experience, we chose a Pixel to avoid having unrequired customization on features as happens on Samsungs. We performed the setup with Android 13, one day after the update the device became a brick
I've avoided this (and I have two email accounts set up at once on my device under Android 14). That said, the entire handling of backing up / migrating all data could be MUCH better: I migrated from Pixel 6 to Pixel 8, photos were fine, but for everything else it was badly designed: it did a partial transfer of a handful of file types, leaving a range of documents/PDFs etc unmigrated (in the region of 2Gb of files). Subsequently I was able to copy content across using the copy to nearby device, but that recopied the already transferred files plus it screwed up the file creation dates. So then I had a long tedious de-dup stage to clear things up but at least I have everything across now.
Not the sort of experience you expect (but maybe I should!)
One more point: I'm sure this was better on previous Pixel to Pixel transfers.
I'm definitely noticing a number of regressions across the new OS. Central functions that worked fine getting stuttery,eg showing a PDF, although it has cleared up after a couple of weeks, it was 100% fine for years on the old Pixel 6 under Android 13.
I now ignore all Ron Amadeo articles on Ars. I don’t know where his disdain for Google originated but his predictably snarky dismissals of all things Google are just bad and lazy journalism.
This is the flipped script for our social contract with Google…they release product, they don’t have any obligation to care about users…dismissing us less loudly than the author, but no less real…
Technically yes, but I suspect the ransomware comparison was brought up to paint how malicious it is. Otherwise the better analogy would be dropping your phone from 50ft.
Well, no, ransomware is worse than losing all data on the device, since ransomware gangs generally also destroy your backups and also attempt extortion with threats to publish your data. All backups help against accidental destruction and incidents like in this article, but for ransomware protection most cloud storage solutions won't help you, you need either offline or append-only backups.
That asks a question: is a malware defined by its intent, or by what it actually does?
Functionally speaking, NotPetya was indistinguishable from a ransomware. It's creators intent however would make it a wiper.
EDIT: appears a user was able to recover from bootlooping, so not hard bricking.
Quote from https://old.reddit.com/r/GooglePixel/comments/178jj3i/need_h... below:
They escalated me to someone on the hardware team that sounded like they have been around for a while XD. But here's what I was able to do: From the fastboot menu (using the power + vol down button to boot the phone) select "Recovery mode" then when the phone goes to the No Command screen, hold the power button for 1 second then press the vol up button and release both at the same time. This will give you a command prompt of sorts. Go to factory wipe/reset and vioala. You can reload your phone. Sure it sucks but if you were stuck like I was this is good enough.
EDIT2:
https://issuetracker.google.com/issues/305766503?pli=1