Wait until your learn what a country or local government/police can do remotely to the baseband firmware of your phone with a court order...

10-20 years ago the FBI was regularly remotely programming firmware to listen in and record cell phone microphones to capture conversations of suspects. IIRC a mafia case hinged on data gathered in this way so it is not some abstract theoretical or crackpot theory (https://www.cnet.com/news/privacy/fbi-taps-cell-phone-mic-as...).

It's only gotten worse as phones have gotten more capable. You don't own squat about the device in your pocket at all times.

I rotate burner SIM's. I never make calls with the SIM. Instead I use jmp.chat if I need to use OTA calls or SMS. I am in airplane mode 99% of the time and use WIFI instead of cellular. I never activate cellular near my home. I am always connected to VPN so that the traffic cannot be analyzed. My phone is anonymous without any identifiers. I think all this mitigates the baseband attacks, but tell me if I am missing something.

From my experience, people who do take this type of an exaggerated approach often end up exposing themselves more in ways that they don't even realize...

How do you pay for jmp.chat? Do you trust their code to be bug-free and without possible exploits? Do they do regular security audits and code reviews? Do they have enough users and maintainers to be able to quickly detect and address security issues? Are you sure Airplane Mode turns off the baseband and cuts off all cellular communication? It doesn't, you can still emergency receive alerts in Airplane Mode. Your phone can tell exactly where you are by comparing your wifi search results + RSSIs to known public databases without even having to use GPS. How much do you trust your VPN provider to keep no logs? How do you pay for VPN?

All that plus the fact that, under general surveillance, behaving in a way that is consistent with avoiding tracking at great inconvenience is a great way to get flagged.

jmp.chat can be paid for with a virtual card and not tied to any ID. However I have it associated to my real ID in this case as it is the number everybody knows.

I use the word 'mitigate' not 'solve' since closed source baseband modems are a problem. Cellular traffic is off in airplane mode, but the baseband could be exploited if someone wanted to find me AND knew which IMEI to target. Because the IMEI has never been associated to me, that is a challenge.

I run my own VPN and share it with a few other people.

>I run my own VPN and share it with a few other people.

How confident are you in your VPN server configuration skills? Gaining access through mis-configured self-hosted boxes is the easiest attack vector usually as most people who self-host aren't experts in the software they are using leading to leaks. Besides that, do you keep a list of packages installed on your box, open ports, etc? How about security patches and regular updates as well as auditing access logs to ensure no one gained access to your box?

We're talking about the FBI here. They see traffic coming from a server. The ask who's server it is, your host tells them your name and address. The FBI asks the host for physical access to the server, and installs whatever monitoring they want regardless of your patch schedule. The FBI asks them to keep this off the access logs, and they do.

You might be assuming I am trying to evade an APT or I am of any interest to them. That is a fun rabbit hole to go down, and I realize they could spend resources to pursue these avenues. Other comments summarily say that if you try to protect your privacy too much, you automatically become a person of interest. The measures employed by an APT to target and monitor someone at these levels are expensive. They do have abundant resources, but they would be wasting much money and lose focus if they targeted every privacy seeking person. After spending thousands of dollars, they would find nothing interesting on me other than someone with above average tech knowledge who just doesn't like to be followed around. The suggestion that I am flagging myself for surveillance is ridiculous. If I am wrong, I hope they do surveil me to learn this themselves.

Airplane mode doesn't shut off your baseband. It just sends it a message saying "go into airplane mode". The firmware is still running. It could still be receiving and sending data for all you know.

I can verify they do in fact receive (if not transmit) data - I worked an immersive art project that had 100 Samsung cell phones that were in airplane mode, and we found out the hard and noisy way that they were still able to receive emergency and AMBER alerts (U.S. alerts that notify of potential child abductions).

They need to add possibility to disactivate the hardware components, in order to save battery power (in addition to disabling the features you mention).

Your location data. Tower associations can still happen with data "off", since there's plenty of "listen" components. All your home wifi connections are well Geo-located, thanks to other Android users picking up the ESSID as they walk / ride / drive past your house. Your shopping / outings? Forget it, fully known.

VPNs hide the content of connections, at least from MITM / eavesdroppers, but server-side data scrapes are quite effective at figuring out who you are (or what your phone is ... see below). Nothing really does a good job of hiding the fact that you are connected to a VPN except TOR, and where that connection originates (e.g., your wifi network, which is well Geo-located, remember?). And de-anonymization of VPN connections to identify downstream connections are possible, IIRC. Details about your phone are well recorded (MAC, SID, etc)

And always remember, your phone can be implicated based on location data, which will implicate you once it's discovered you own the phone. And that's as simple as looking up the SIM purchase / use.

From https://grapheneos.org/faq: "Connecting to your carrier's network inherently depends on you identifying yourself to it and anyone able to obtain administrative access. Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio. The baseband implements other functionality such as Wi-Fi and GPS functionality, but each of these components is separately sandboxed on the baseband and independent of each other. Enabling airplane mode disables the cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular radio again. This allows using the device as a Wi-Fi only device."

When I am at home, I am WIFI only. When I am out, WIFI & bluetooth are off. This takes some discipline at first but then just becomes habit. I know the spot on my commute home where I switch my settings.

I can promise that airplane mode does not fully disable the cellular radio, at least not on Samsung phones. Repeating a comment above: I can verify they do in fact receive data - I worked an immersive art project that had 100 Samsung cell phones that were in airplane mode, and we found out the hard and noisy way that they were still able to receive emergency and AMBER alerts (U.S. alerts that notify of potential child abductions).

BTW habitually switching at the same time and place is terrible opsec. It leaks a ton of information.

Yeah I'm not sure what information this really protects assuming you're only communicating over encrypted channels (https) already.

In theory it could protect location data from the carrier for locating you with a wild amount of opsec practice but I highly doubt you could pull that off for a daily driver.

Having wifi/bluetooth off in public isn't a terrible idea though as those are generally much easier attack surfaces and are leakier.

It is the same general location about half a mile from home where I flip over. This is to ensure location from cell tower triangulation does not identify my home and therefore me.

It’s all about your threat model.

Suppose you wanted to find someone that aways turned on their phone on at ~8:15 AM and found someone that always turned their phone off at ~8:10 AM within 15 miles. How difficult would you say it was to make this connection?

Nobody is looking for me. I don't have any regular commute either. I just make sure not to use cellular at my house since that would narrow the owner of the SIM down to one of the people living in this house.

Do you own a car with OnStar or SeriusXm ?

I have O*. How do I disable it?

No. I ride a bike.

The baseband is an entirely separate SoC that is a blackbox outside of the control of GrapheneOS. And your radios are solely under the control of that system. GrapheneOS just asks it nicely to do things on its behalf.

All of these privacy focussed phone OSes tread lightly on the fact that there are a grand total of zero modern open source basebands in existence.

Agreed. We can only mitigate by tactics: -not associating the device ID's to personal ID's. -only using cellular in limited situations. -rotating the SIMs periodically with other family members

You don’t get to choose those things if you don’t choose what the radio does. Swapping SIMs around doesn’t accomplish that. The hardware and software that the baseband has entirely within the confines of its own black box is enough to track you.

I would never trust that. It is how thing are supposed to work, not the way they necessarily will. Just buy a phone with physical disconnect switches if it is important enough for you.

I appreciate the extra information. I'm still skeptical on any phone except the OS/HW combo the faq was written against (which by the way was not in your original post)

In my country, this one girl is buying prepaid SIMs and selling them on darknet. Which is fully legal. Still she got notified from our intelligence agency, lol. They're butt-hurt a lot from this.

The sim basically doesn’t matter. The imei identifies the phone to the network, the sim identifies the subscriber. So the network sees phone x unknown subscriber prepaid carrier. Airplane mode does not prevent the phone system from triangulating your phone, or from turning the baseband on remotely even when the phone is “off”.

The carrier definitely knows where you live if you take your phone to your house at night, even if it is off. The only way to prevent that is to put it in a faraday pouch at your “airplane mode” checkpoint.

Why do you think basically zero phones have trivially removable/changeable batteries? Any phone that clams to be security first and doesn’t at least have a switch (an actual switch) that disconnects the battery altogether is a joke.

I’ve always assumed that behaviour like this is so unusual is would motivate a closer look by security services.

The only thing it evidences is that someone is smart and values their privacy.

> If they were, they wouldn't have been criminals in the first place.

What does intelligence have to do with whether someone is a criminal? There are dumb criminals and smart criminals; I'm not sure what the correlation here is.

And a smart enough person would also know that there's a long chain of caveats to this specious claim, significant enough that being a criminal and getting away with it is much more compelling.

None of the caveats include hypothetically being thrown in prison though. Being a criminal and getting away with it is significantly harder than phoning in your job as part of a capitalist machine

You're on a forum that's thematically dedicated to the idea of being a "hacker" in spirit; to a lot of people, the easy boring path isn't attractive.

"Why do this risky exciting dangerous thing over there when you could come over here and be a flacid lifeless drone with me at Bezos' personal blowjob-drone company. Marry the first person you meet, have some kids, yay stability!"

I think most criminals are dumb. Quick google search shows average IQ of a criminal is 85.

Average IQ of all criminals, or criminals that got caught?

It must just be the ones who got caught. If they weren't caught how can anyone be sure they were a criminal?

Honestly though they might as well just use the average IQ for the population. There's not a person alive who hasn't violated some law at some point. We're all criminals.

Probably not directly related, but mainly due to fewer opportunities. This is one of the reasons I strongly agree with universal basic income. The capitalistic game is harder than many people are capable of playing. They shouldn't have to suffer enormously because of that, and neither should society. Otherwise, should we assert that ethics are inherently easier for some people, yet penalize all people the same regardless of their capacities?

Just curious and I admire your commitment, but is there some aspect of your life that demands this diligence, or are you simply principled?

I just don't like people following me around. It is creepy.

A person's gotta have a hobby and an ethos. More power to you for the dedication.

You are going in the wrong direction. Lean into the surveillance. Use it to create an alibi.

So you're detected just by Wifi. Ok. Your phone is transmitting every network you saved. As OSINT you can pretty much fingerprint everybody with just that. And even since phones are using randomized MACs, there are methods to leak true MAC.

> Your phone is transmitting every network you saved.

That's not how saved networks work, as far as I know. If you have a source saying otherwise, I would like to read it.

The WiFi spec has something called "active scanning" [0] for clients (as opposed to passive scanning, where the client listens for the periodic AP beacons). There's something called a "directed probe request" [1] that a client can send during active scanning which will contain the AP's SSID it's directed towards. Whether or not your particular device sends these direct probe requests is probably configurable and different per client. According to this [2] post, Android devices will sometimes send SSIDs in a scan, but not all of them and not always. Might be possible to find the logic here in the Android source code, I assume it's there somewhere.

[0]: https://www.wi-fi.org/knowledge-center/faq/what-are-passive-... [1]: https://dot11ap.wordpress.com/active-scanning-probes/ [2]: https://stackoverflow.com/questions/36264440/phone-doesnt-se...

Active scanning (where the client sends the SSID of an AP it's trying to connect to) is ironically limited to just hidden AP SSIDs.

In theory: 1. Wait until you enable the cellular again 2. push an update to the baseband firmware 3. when you disconnect, the new firmware will tell the OS that the baseband is disconnect, in reality, it's doing nasty stuff. You'd only notice it due to the battery draw.

You need burner phones to cycle after each usage.

TBH, seems you cranked up the paranoia to 11. The VPN has to terminate somewhere, so if I was a state actor attacking you, I'd figure out where that is. WiFi+BT firmware isn't bullet proof, either, and hypothetically an exploit chain could be found to enter via WiFi and stealthy enable cellular. In practice XKCD #538 applies: https://xkcd.com/538/

For most of us the attacker is someone trying to make some money by scamming, stealing CC or installing a malicious app.

From my understanding, when installing an alternate OS (ie lineage) you can dive deeper into the partitioning of the device's os and see all components/folders. Under `vendor` you can choose not to install firmware for different kinds of stuff (wifi, baseband).

> if I am missing something

It's the day you miss something that your effort was pointless. Even if your solution is always secure, it only takes one slip up to ruin everything

Any threat as large as youre trying to protect against, if interested in you, can just wait for you to make a mistake.

> can just wait for you to make a mistake.

Anyhow, if one slip-up is enough, you're doing it wrong. Imagine you were a mad scientist testing out a jetpack- you are confident yes? But I imagine you would feel more confident with a bunch of nets, and a trampoline underneath that, and a lightning rod in case of a storm, and a requirement that you hold down multiple buttons at once to play with the controls, etc.

That is, if you are serious you will put in multiple safety nets at every layer of the stack so that "one slip" is not enough.

You like to talk to people, but you know that a long-term pseudonym is the gravest danger of them all.

You like virtualization, but you keep some crucial data and keys(treams) on a un-networked machine.

You like anonymizing networks, but you know the caveats of traffic tunneling and didn't connect from your home router.

You connect to a randomly-chosen wireless AP, but you know that just in case your MAC-spoofing fails or you get pwned or something, you are glad that you bought the device with cash and never tied its characteristics to your identity.

You are glad that the only transceiver connected to the device is an external wireless dongle so that when you are done, you don't accidentally connect with your device from home.

You are glad you waited for an overcast day so that you could thwart spy satellites that use visible/infrared light, and that you connected to the AP from afar to thwart cameras.

The list goes on. The guy whose face you see plastered in the news? Yeah, that guy thought his experimental jetpack was the shit. And it was- until it wasn't.

I doubt I am any target. I am just another regular Joe living under mass surveillance and avoiding when possible.

There is no such thing as anonymous. There is only more difficult. A government that controls enough endpoints (e.g. your country's backbone) can infer identity.

If the VPN is compromised, you're compromised.

What are the odds of seven chained VPNs all being compromised?

Doesn't matter. As long as one is compromised, you're screwed.

VPNs cannot break TLS, (unless you're dealing with the intelligence apparatus of a major power, which probably can break TLS) so they cannot introspect most of the content you send and receive anyways.

What they can do, however, is see the domain name of the HTTP requests you send when setting up TLS.

Chaining VPNs doesn't add security by any metric.

They don't have to break TLS. They just use an exploit to get access to one of the unencrypted sides of the link.

Good point.

Why?

Wrap your phone in aluminum foil when you're not using it.

What's your threat model?

I break into Tiffany's at midnight. Do I go for the vault? No, I go for the chandelier. It's priceless. As I'm taking it down, a woman catches me. She tells me to stop. It's her father's business. She's Tiffany. I say no. We make love all night. In the morning, the cops come and I escape in one of their uniforms. I tell her to meet me in Mexico, but I go to Canada. I don't trust her. Besides, I like the cold. Thirty years later, I get a postcard. I have a son and he's the chief of police. This is where the story gets interesting. I tell Tiffany to meet me in Paris by the Trocadero. She's been waiting for me all these years. She's never taken another lover. I don't care. I don't show up. I go to Berlin. That's where I stashed the chandelier.

Absolutely lost it at the coworking place. Luckily it wasn't too packed. Thank you kind sir.

What on earth does this have to do with the parent post? Please enlighten me.

It's a monologue from The Office which uses similarly extremely short sentence structure as seen in the GGP comment.

It's also possible GP is referencing GGPs arguably paranoid position on phones, relating it to similar paranoias held by Dwight (the character who delivers the monologue).

https://youtu.be/PlIzKaGBeHk

Nailed it :)

it's a reference to The Office, https://www.youtube.com/watch?v=PlIzKaGBeHk

They're both wild tales. /s

>I rotate burner SIM's. I never make calls with the SIM.

Do your family and friends do that?

Maybe it's better to blend in with the noise.

I was talking to someone who was charged with a fairly minor crime, and they said the first advice their very expensive/experienced lawyer gave them is to no longer trust their phone is not recording them, as the local police (australian) use this ability quite freely.

So drug lords throwing mobile phones out of the car window after each call is just a movie trope?

I am a reporter, and I cover crime. Occasionally, I cover a story whose publication might endanger people. Think cases involving gang violence and/or individuals cooperating with law enforcement. Before I publish those stories, I contact the lead detective on the case to ask whether that concern has merit, and whether certain people’s names, for example, should be anonymized.

In one of those conversations, I was asked to not publish details about the extensive cellular tracking data that had helped to make the case. According to the detective, despite the ubiquitousness of cellular tracking data in prosecutions, your everyday criminal is not doing anything remotely like ‘throwing mobile phones out of the car window after each call.’ Quite the opposite, they are posting pictures of themselves with contraband to Instagram, and using their phones to facilitate crime as if they were untouchable.

Perhaps drug lords are more careful than lower-level dealers, but I’m not so sure. Total conjecture here, but I suspect the money gets to their heads, which leads to a feeling of invincibility — with consequent opsec failures.

If you keep an eye on major arrests, criminals routinely get taken down in essentially the same ways as the criminals who were caught before them. Despite their belief that they had been taking precautions against those failure modes.

> Perhaps drug lords are more careful than lower-level dealers

At a certain level you stop buying burner phones and simply buy the whole phone company.

https://www.npr.org/2011/12/09/143442365/mexico-busts-drug-c...

I suspect this is survivorship bias: you're more likely to catch criminals who have bad opsec.

The problem with any defensive strategy is that the opponent only has to win once.

Street level criminals are like Fast food employees - replaceable. The guys up the chain can be invisible indefinitely, but hooking up with the wrong girl, pissing off the wrong guy, being too impulsive or too deliberate with a decision etc can be the one mistake.

You'd think the criminals would at least watch The Wire for some basic OpSec.

A big part of The Wire is the uniqueness of the discipline the criminals have, and ultimately how it stems from 1-2 people at the top.

Also, public telephones are no longer an option.

Each phone takes time to be detected, identified, and tampered with. So it may make sense to activate a new burner phone, talk about something sensitive, and destroy it right afterwards, before the law enforcement understands what phone was that.

When I worked in a wireless repair shop in early 2000's, we handled the local FBI field office account. Field agents would come in and I'd chat them up as they sat and waited for me to fix their phones.

This was also around the time remote meth labs were getting really common out in rural areas. Multiple agents were talking about how frustrated they were with getting access to burner phones since most of the companies were resellers. They said by the time they got a warrant to start recording the devices, they were already dead.

I guess the bad guys knew their burner phones were only good for about two to three months tops. That was usually the timeframe from when the FBI got a read on a line, saw a judge and got the warrant processed, to contacting the carrier and getting access.

Sounds like whatever was hampering them in the past has been fixed.

In The Wire, Lester sells Bernard tapped burners. It's the only way they could get up on the burners before they were thrown away.

There are a tonne of reddit links on this one so I'll leave it to the Interested Reader.

Call me paranoid but I would assume that intelligence services keep a special eye on newly activated non-smartphones.

Ability to detect and correlate these switches has been documented in Snowden leaks years ago.

Sure, but can they get a warrant and tap it in <24 hours? IDK, but that sure raises the barrier to entry.

When have intelligence services used warrants? They gather evidence illegally and pass it to law enforcement who then do parallel construction.

Whenever they don't want Congress up their ass. Four things can simultaneously be true, despite seeming contradictory:

1) Prudent opsec against nation-state adversaries dictates that you assume 0 time for them to have a tap on a device.

2) In reality, it takes >0 time, because people processes aren't instantaneous.

3) Intelligence services sometimes break the letter of the law.

4) Intelligence services usually follow the law, because it's less hassle.

> Whenever they don't want Congress up their ass.

That's not really a problem when intelligence services can just "remind" any would-be annoying congress person that they have endless amounts of data showing exactly what they and their family members have been doing and could plant whatever they want into the data they already have.

One of the things that finally convinced Snowden to give up everything he had in order to tell the American people that the NSA was violating their constitutional rights was when he watched NSA director James Clapper outright lie right to the faces of congress. After the truth came to light, do you think Mr. Clapper faced any meaningful consequences for that? Nope. Can you guess why not?

Intelligence services are too powerful to be held accountable by anyone. They'll do whatever they want.

I guess Clapper needs to see consequences.

I think I got hacked for trying to run for Congress.

"If video games have taught me anything, it's that if you encounter enemies then you're going the right way." - Ali G

lol

Are you saying that a phone manufactured in 2022 can have its firmware remotely changed to record microphones?

Specifically can your whatsapp/signal audio calls be recorded by FBI remotely in this manner?

> Are you saying that a phone manufactured in 2022 can have its firmware remotely changed to record microphones?

Yes, court records show the FBI has and continues to explicitly do this. Leaks from folks like Snowden show the NSA/CIA have done this too.

> Specifically can your whatsapp/signal audio calls be recorded by FBI remotely in this manner?

The baseband firmware is at a level 'below' the operating system of the phone. It can directly access peripherals and intercept them, so it could be reading your microphone and passing it along to the higher level OS at the same time. WhatsApp/Signal thinks it's secure, and if you look at its app signature or anything else it looks exactly like the normal app you expect. However your data is still getting intercepted at the lower level and recorded for a state/government actor.

No?

Baseband firmware is the firmware for the modem. It has no relation to the SoC that runs the phone, unless there is some sort of exploit that allows it direct hardware/memory access. To listen to the mic or capture video, it has to interface with the ADC chip which is not directly connected to it.

There may have been phones in the past that allowed DMA to the SoC from the baseband chip which hypothetically would have allowed a properly crafted exploit on a per app basis, but its not longer the case, as pretty evident by the FBI asking Apple to unlock the phones (if they could access the memory from baseband, they would not need to)

Many phones have the peripherals including microphone connected or accessible to the baseband.

Can you provide some examples?

I am not at all familiar with the hardware design of phones, so I want to be very clear in my understanding.

Are you saying that the electrical signals from the microphone and to the speakers pass through the baseband chip before/after going to the main chip on the phone? Or that the baseband chip has separate access to the microphone and speakers?

There are varying architectures, so it depends. But at a minimum, the baseband at a minimum has low level access to anything that goes over the network. In some implementations, the baseband can just read straight from main system memory if it wants.

Honestly, a phone manufactured in 2006 is probably vulnerable to a similar attack. The larger point is that state-sized threat actors (and the carriers they work with) have a crazy level of control that cannot be underestimated. Especially in 2022, it's hard to look at any sufficiently complex smartphone and assume it's not vulnerable to sufficiently motivated threat actors.

>whatsapp/signal

Hint, it's not the application you use but the microphone/speaker itself.

> It's only gotten worse as phones have gotten more capable

I wish my cellphone would not have all those sensors for this reason...

The camera and mic are pretty easy to destroy if you want to get rid of them!

Time to put on that tin foil hat and read: https://dl.acm.org/doi/abs/10.1145/3309074.3309076 :-)

That's not a bad idea... then just connect an external mic (headset) when you need one.

There's a bunch of other sensors though... also don't forget that there is often more then one microphone... like on the Pixel 7

Are attacks like these still possible? I've read here on HN that hardware makers are isolating the baseband processor as much as possible to prevent attacks like these. Surely there are countermeasures?

Most modern phones have signed firmware for everything, so the FBI would have to go to the manufacturer and court order them to hand over the signing key. Or take advantage of a leaked key.

What I meant was chips are increasingly being isolated at the hardware level so that they cannot access other peripherals directly. This would make them resistant to compromised firmware attacks.

People are discussing that in this thread:

https://news.ycombinator.com/item?id=33958252

It looks like the implementation isn't perfect yet but it's a start.

I really wouldn't be surprised if some three letter agency hasn't shown up to every one of the major chip manufactures out there and forced them to install backdoors for them.

intel's ime is a perfect example

Ridiculous, when has a blackbox co-processor with DMA to your entire device caused problems..?

Ah so that's the hack they were doing in the show Person of Interest

These are emergency broadcast alerts. Different countries have different laws on these - and in some countries you might not even be able to disable them.

Just because its listed under "Apps & notifications"/"Wireless emergency alerts", it doesn't mean they are "user settings". Its not necessarily the local "carrier" that turned the settings on, its more that connecting to a cell tower in a particular jurisdiction can enforce receiving emergency alerts.

More on the EU alerts systems: https://en.wikipedia.org/wiki/EU-Alert

If it's not a user setting, then it shouldn't be listed with all the other user settings, and labeled as something the user has control over. At the very least, any setting that can be overridden by the carrier should have a note or warning next to it, stating that.

The fact that it's so unclear leads me to wonder what other settings -- perhaps some related to my security or privacy -- the carrier can modify without my knowledge.

Hide number setting is something telcos can change remotely, at least its common.

It doesn't really matter what the laws say. When I tell my computer to do something, I expect it to be done, no questions asked. If I tell it to violate a law, I expect that law to be violated. I have free will and the computer must obey that will, not impose somebody else's will on me.

You’re using a utility and you must accept the terms to use that utility. There’s probably some verbiage in your carrier agreement about it.

You can’t disable 911/112 just because you don’t like it either.

I don't care what the carrier agreement says. If they want to send me the warnings, fine. My phone is perfectly equipped to receive them and will happily display them should I choose to allow it. What's unacceptable to me is forcing my phone to do anything. It doesn't matter to me if there's some piece of paper saying I can't turn them off, I will turn them off and I will resist them if they try to force it on.

I mean, you can try. At some point they may just kick you off the network. No shoes, no shirt, no service. IOW, providers have a right to tell you how and in which fashion you use the service. Just like you can’t walk into a 7/11 butt naked, you apparently can’t go into Germany without enrolling in emergency alerts that probably go off once every decade (not including tests).

9-1-1 doesn’t usually call me at odd hours though.

Is that a thing? At least in this part of the EU, they never ever sound unless it’s a genuine emergency or the monthly test. I’m pretty sure the only reason they would go off is for a tsunami because they don’t even go off for tornados.

I think in the US you can set it to a lower-than-highest level, but in Canada, they send the kid-in-a-custody-dispute ones at the nuclear incident level (which was also sent out by mistake once).

Nothing sadder/funnier than seeing politicians defend their broken system as it increasingly did broken things.

Can’t easily disable them in Canada. And all alerts are sent at “presidential” level, while the issuers fail to geo-target them, so you get alerts for “abducted” (usually child custody dispute) several hundred km away.

Buuuuut, these alerts are LTE/5G only, so I’ve set up an iPhone automation to switch my phone to 3G in the evening and back to whatever in the morning to avoid alerts at night. I’ll cry when 3G gets shutdown.

Just because another country has a law does not mean my phone should disregard what I told it to do.

This absolutely is a user setting.

How far we've fallen from sharing the DeCSS flag, to arguing that users shouldn't have control over their devices, and governments and carriers should.

People keep failing to understand that if you can't make your device do something that is illegal, it's not /your/ device. It's that simple. Politically crafted laws are not physical laws of the universe, they not only can be violated, they often /should/ be violated. Laws are not a moral imperative. This particular law (emergency alerts) might not be an issue, but the fact that your device will follow the government's mandate over the user's choice is all we really need to know about that device.

> all we really need to know about that device.

Namely, that it's created by a party / parties also subject to (and abiding by) these laws?

I'm not sure what you plan to do with this information; certainly a law-abiding supplier is more likely to remain in business, so perhaps it's indicative of a better chance of receiving long-term support for the device...

It's not the default of the device though.

We need to get rid of those in power who decide on things they have no fucking clue about it. The easiest way to do that is to not just go vote, but educate everyone else about who is running and why they are/are not a good choice. The harder way is also (at least for the US folks) showing up and engaging at primary votes and holding the primary candidates accountable, which takes a lot more effort but has the advantage that your vote is amplified in its effects.

Just root the device, then you can disable it. And don't give me any of this "it should be possible to do this without rooting the phone"

Smartphones are already locked down in a million other ways compared to eg a desktop Linux install. Why is this different?

> Smartphones are already locked down in a million other ways compared to eg a desktop Linux install. Why is this different?

It's not, but it's bad that smartphones are locked down like that, so we should be pushing back on it at every opportunity.

I'm with you there and in general, it just feels like a rather minor point even just compared to the excessive tracking Apple and Google do. I'm just thinking of the recent news where it was discovered iphones still send tracking data home even if disabled in the settings. That's way more concerning to me at least.

You enter a new country, in case Germany, you're automatically opted in to the emergency broadcast notifications, as any other local laws.

The EU legislation allows "opt out" from level 2/level 3 notifications, but is based on the notion that messages are received "without the need for the public to have to opt-in".

So for compliance sake, you're opted in. Maybe this should only happen the first time you enter EU or a member state, and then either your phone or cell service provider should remember your preference (which is probably not worth the resources to implement for the cell service provider, but maybe your phone already does?).

I'd be interested to see if this already exists, i.e. do you only need to opt out in Germany once? Does that opt-out at EU level?

When your wife disabled notifications, she merely opted out of notifications in whatever jurisdiction she was in (presumably US?), but opting out of something in US doesn't mean you opted out of every other similar law from every other nation state.

She actually opted out already being in Germany, and once she noticed the reverted settings, she turned them off again. Only to find they get turned back on by the carrier, enforcing a specific set of settings against her will. Which is when she told me about it. In this case it's more about the principle. At least for now.

The local (EU) law about emergency broadcast is clear in that it applies to both residents and visitors, and alerts are to be delivered without the need for “opt-in”. In other words, if you’re in range of local services, you must receive the alerts (which, you know, is handy in case of an actual emergency).

Gotcha. I'll just draft a law saying all devices must automatically unencrypt themselves when they enter my country's borders.

Hey, it's the law! You must comply, and for your convenience, your phone will do that automatically for you!

Good grief.

If you are in fact the monarch of a sovereign nation, you can indeed give companies a choice: "either design your products to automatically decrypt themselves when they enter my territory, or don't do business in my country."

Companies will then be forced to make a decision based on the market size of your country. Or they will break the law, and you will have to deal with enforcement.

Most companies would like to do business in the EU.

If you do not like the regulation, fight to change it. Do not expect your devices to do the fighting for you.

A better response to these laws would be that the device should just stop working if the settings I have selected conflict with local law. The cell towers are free to refuse to allow my phone to connect. They should send some sort of message to me to tell me what I'd need to do in order to comply with local law and be allowed on the network.

But of course, that wouldn't be convenient, and a lot of people would be confused, and that would generate costly support calls, so they'd rather just violate the sanctity of the things we apparently don't really own and put intrusive hooks into "our" hardware and software.

In the case of this particular requirement -- that wireless alerts be enabled -- I would almost certainly just enable them and go about my day. But reaching into my device and changing things without my consent crosses a line.

You can do that now with nearly all of the big carriers around the world.

You just need to sign a service level agreement along with paying for them to develop that feature and deploy it on your phone.

Given that the fight is between megacorps, megastates and ~mega~individuals, it feels like a slightly uneven fight.

The people who have the power to make the phones vs the people who have the power to make laws and prevent the makers from selling, vs a few individuals who actually care and a large majority who do not have the time to care.

I’d love to vote with my wallet, but I live in a country that 90%+ votes against me, so my vote is meaningless.

My devices should absolutely work on my behalf, and only my behalf, i.e. "do the fighting for me".

My device should serve me, not the EU. If I choose to violate EU emergency alert laws, that's on me.

Then you probably don't have one of those fancy new things called smartphones, as they are all very locked down and don't allow you to access or modify a lot of system settings, limit access to files apps create, don't allow to move some apps to the SD card, some of them even disallow you from installing apps from anywhere but their own app store. Certainly you don't have one of those devices that treat the user in a completely patronizong way.

Of course, you can liberate yourself quite a bit from the draconian rule of the manufacturer by rooting the device, but then you're also able to disable cell broadcasts permanently...

Notice that I used the word "should", not "does". And, in fact, I am deeply concerned about the war on general purpose computing.

For other use cases, I'd probably agree with you. But you being startled and confused during an emergency because you didn't see the instructions on time can be very dangerous for everyone around you. It's not just on you.

For people suffering from certain mental health issues, the alert itself can cause significant problems for them and others.

If you suffer from panic attacks, for example, and these alerts trigger them, they do not help you, no matter how well intended.

If you suffer from (C)PTSD, and these alerts trigger flooding, they actually make everything worse.

If this were to happen while you are driving, you might even cause an accident.

The world is sadly too complex for simple solutions that assume something to be always good or helpful.

Which is why I believe it's important for the user to eventually control his device.

If there is emergency, I'm sure you'll find out very soon that something is happening. We are usually not living in lone solitudies.

the same applies when the device is off, or i left it at home. unless there is a law that requires me to carry a functioning, powered device to receive emergency alerts at all times, there is no reason why a device should be required to receive alerts just because it is capable of receiving them. if i turn of alerts on my device, then it's no different from a device that doesn't have the capability to receive alerts.

The marginal upside to everyone else is not even close to worth the marginal downside to me. It's my choice to make. If a government wants to force messages on me so badly, they can set up something like an air raid siren (and they typically do, for actual emergencies).

I guess if we're at a point where the law says the phone must have a function and the user doesn't want that function to operate, the only real option is that the phone just not function in that region?

my brother in Christ, where do you think you are?

I can totally understand why Americans would want to silence these. I'm from the UK and I was in Central Park with my wife and kids when we got an 'Amber Alert' which said something like 'Black Ford SUV reg XYZ123' or something equally cryptic. It was not long after the terrorist attack in Nice where a guy drove a truck thorough a crowd of people walking beside the beach. Everyone's phones started going at the same time and we assumed it was some kind of disaster warning (the second worst level of disaster after a Red Alert?) as did many other tourists in the park! It went off again on the subway on the way back to the apartment and all the New Yorkers were totally unfazed by it. I asked the woman next to me what it was, she just said ignore it. I googled it later and it turned out an ex boyfriend had not showed up from picking their daughter up from school in a small town at the other end of New York state a couple of hundred miles away. Talk about crying wolf, I hope they have a different sound for when there actually is an inbound rogue North Korean nuke, otherwise 20 million people are going to think 'fuck's sake' and silence their phones without looking...

>I can totally understand why Americans would want to silence these.

Oh, it gets better. We also, by default, get alerts for severe/extreme weather. Nothing like getting an emergency alert because a tornado touched down on the other side of the state, or a flash-flood warning while you're at home, 300' above the nearest body of water.

That's really not at all fair, the NWS has put a lot of effort since the Joplin tornado into localizing warnings as much as possible to the affected area. They may geolocate the warning based on the tower rather than the phone, but that's still a long way away from "across the state". And you maybe should look into it, but flash floods have nothing to do with bodies of water. You could be 1k feet above a lake on the side of a mountain, but that mudslide caused by torrential rain might be a problem for you.

I live in North Texas, the weather alerts are pretty accurate here. With climate change, tornadoes and hurricanes are being pushed out of their natural places and regular seasons, and it's becoming normal for having a storm coming seemingly out of nowhere. We do appreciate here those alert broadcasts.

There are two different levels of these alerts. The phones allow people to silence Amber Alerts. The higher level is a National Alert, and those cannot be silenced.

They shouldn't be sending out Amber Alerts for something a couple hundred miles away, because as you said, that causes people to ignore them. In my area, we only get very localized Amber Alerts, which makes them pretty rare... 1-2 per year.

Do we have Amber Alerts in UK? I never got one, and I'd like to be told if I'm about to get nuked or an asteroid is imminent.

Emergency alerts (not Amber) are planned in 2023. Apparently there was a test today on some networks.

https://www.gov.uk/alerts

Ex boyfriend disappearing with a child is totally worth an Amber Alert, and a couple hundred miles is only a couple hours drive by the time they put the alert out...its easy enough to just keep an eye out for a license plate.

Nobody is going to know for sure if its a false alarm, or if we'll wind up with a murdered child until after the fact, so why wait or ignore it?

Clearly you haven't been involved in a child custody case. If you had, you'd know the kinds of tricks people will play, up-to-and-including falsely claiming the child has been kidnapped and is under threat. Family court never, and I mean NEVER, holds anyone accountable for false accusation, and there is a subset of family law attorneys in every town who knows this and uses it, if they get a chance. The collateral damage, "boy who cried wolf" style, is just another unhappy side-effect of this practice.

As for the risk of a murdered child, well, if that argument works for you, then why stop there? Why should police have to wait for a search warrant...what if we end up with a murdered child? Why should police have to avoid using deadly force to stop a fleeing suspect...what if we end up with a murdered child? Of course, we already have a (rather large, vocal) group of people who believe exactly this, which is why CPS is called on parents who, for example, run into a bakery, with their minivan idling with 6 kids in it, and get arrested for child endangerment.

It's easier to take an extreme, confident position when you don't know anything about it.

Then again, many bad things happen at a constant rate somewhere within a 400 mile circle. If all of those bad things generated an alert to all people within that circle, and then consider that every square inch is part of infinite other overlapping such circles... Evereyone but a few researchers in Antarctica would have useless phones that don't do anything but scream these alerts at all times.

The idea doesn't scale unless the events are actually quite selective, and a missing person that isn't even necessarily missing yet probably shouldn't qualify.

Even if you are sympathetic and care about that kid, it doesn't matter because it doesn't work anyway. Everyone just ignores the alert. It's just not a reasonable balance between how much some bad thing matters and how many people's attention are commandeered for it. Every single death even from peaceful old age after a rich full life is a tragedy, but the rest of the world can not care about it. Literally can not, because it doesn't scale. Those tragedies are happening at a constant rate of many new ones every second of every day at all times. Instead there are a much smaller set of people who care about or who's job is to care about each one, and that set is smaller than "everyone in a 400 mile circle". The fact that a person can drive 200 miles in any direction in a few hours doesn't change that.

It's probably a good thing for the system to exist, but if it's used the wrong way, it's entire utility and reason for existing is sabotaged and nullified.

However the real point not about the alert system but about a carrier's ability to control your device more than yourself, even if you own your device outright, that I do not say is a good thing that it exists. I accept that there's not much to do about it. I do have a rooted phone running LineageOS, which gives me a bit more control, but I don't kid myself that that really means much. But I don't think it's good or right.

Reductio ad absurdum, wouldn't it be better just to have everyone's phone explode? Chances are pretty good the (alleged) killer will have one on them, so let's just blow everyone up.

If you don't, we'll end up with a murdered child, so why not?

Is that supposed to be an absurd proposition? Because that is something I want. Stuff like advertising should be straight up banned, and it should be considered abuse to get a phone call from someone you have not explicitly whitelisted, especially corporations and governments.

No one should presume they have an IRQ line to your brain and attention. They don't get to interrupt you with bullshit you couldn't care less about.

Ok, what about an air raid siren? Someone speaking to you on the subway? A letter from the government about an upcoming election? A road sign warning of closures? Someone with a megaphone directing traffic?

I'd argue it's about the level of intrusion and your options in dealing with it.

My phone blaring at me at any time w/o warning and with no way to control this behavior seems quite a bit more intrusive to me than your examples.

IIRC they are just as loud and annoying as an earthquake alert. This makes earthquake alerts less useful.

Amber/Silver/Blue alerts should be more like a regular notification.

There are significant questions about the efficacy of AMBER Alerts, which is concerning given the massive disruption and potential for negative conditioning for other government-originated alerts (severe weather, terrorism, etc.). Here's one paper from 2014 that analyzes AMBER Alert cases compared to those without an alert:

https://www.tandfonline.com/doi/abs/10.1080/0735648X.2014.10...

So one child which might have died is the same as nuking NYC? (and 99% it’s custody dispute, no harm done)

Just want to go against the grain and say that I agree with you and disagree with fellow commenters comparing their phone buzzing once in a while to unwarranted police raids or government-sponsored mass murder.

The phone "buzzing once in a while" teaches everyone to ignore this buzzing and makes this massively counter productive - people will ignore it when serious disaster happens.

I guess I just don't believe you, and it will take more than people complaining to convince me. In the situation described in this thread, I cannot imagine everyone in Central Park dismissing this notification without anyone saying "hang on everyone, it says missile instead of amber this time". I have lived in several big cities in the US and have gotten these alerts less than once a month, sometimes with years in between. It is not a scourge on society. I do think you should be able to disable them, but I think that even if explicitly given the option, most people would leave them on.

Fwiw, I stopped looking at them when I got the 4th or 5th one. I got good at sliding to unlock and silence the alert without even looking.

Once I found out that I could disable them, I turned them off entirely.

I'd be more okay with them if they didn't all use that horrible klaxon noise. That noise usually indicates an immediate threat to life, which doesn't feel appropriate for Amber or Silver (which indicate a potential threat to a particular person's life in a rather large area). Save the klaxon for "we're getting nuked" and tornadoes.

That might be a country or phone-specific thing, with various Android phones in the US I've never gotten any kind of sound, just persistent buzzing until you dismiss it.

If you knew the alert could be about something hundreds of km's away, and that it usually is, it's very likely people would instinctively turn off the very loud alert instinctively. There's a reason why "alert fatigue" exists. And it has been documented in tons of different settings. Too many alerts and warnings are worse than none. Is there any reason to believe the same phenomenon wouldn't happen in this case?

Yes, because they happen so infrequently and are widely known to only be used for alerts that most people think are actually important, even if they aren't always relevant to every recipient.

I don't seem to get these alerts since I switched to a de-googled version of android

IMHO, carrier settings are a small portion and not super impactful part of the phone configuration you see in the settings list. This is actually a somewhat cool feature. Imagine going to another country, jumping on another network and your phone automatically knows what cell bands and towers to connect to.

Carriers can't change regular settings like language, lock screen code or background. Just what cell towers you connect to and a short list of telephony related features. Please correct me if I'm wrong.

The part you mention I was aware of and am actually thankful for. This, at least to me, goes much further. Hence the shock. Updated my post w/more details so it makes more sense (hopefully).

I don't know if this happens in The Netherlands, but if they forced your phone to receive NL Alerts it would seem very reasonable to me. Only the government issues those.

I've understood cell broadcasts are also used for advertisements/otherwise spammy stuff in eg. the US? Then I could understand you considering cell broadcast being turned on being unreasonable

> I've understood cell broadcasts are also used for advertisements/otherwise spammy stuff in eg. the US?

Err, no - emergency alerts aren’t used for advertising here.

> Only the government issues those.

Just wait when your neighbor repeats the packet at night, locally and undetected

https://en.m.wikipedia.org/wiki/Wireless_Emergency_Alerts#Se...

> inconveniences for no benefit to anyone.

Everyone will be forced to see how much they care which proves how good they are, like it or not!

Stranger than waking people up from sleep for a custody disagreement, is when they'd broadcast those on TV... The purpose of those is not to find the kid, but to send a message to TV viewers, none of whom would be of any assistance in finding the kid.

You see this display of "care" with storm sirens being set off after the storm already passed the area.

Amber alerts are a well-defined category of messages you can receive. The regulation about what constitutes a legitimate case for an emergency broadcast are very strict and subject to public review, so pretty hard to misuse for unrelated purposes.

Yet, no one is forcing governments to use the system as-designed. In Quebec, on my phone, I can disable quite a few types of cell broadcast alerts like AMBER alerts, Test alerts, etc. The only hidden setting is the one for presidential alerts.

Well guess what? The Quebec government sends every type of alert, even the regular test ones, with the presidential alert severity which makes all of these settings useless and does nothing but irritate the population with spammy messages. Recently, they sent out an AMBER alert that was supposed to be localized in some area and, instead, sent it everywhere in Quebec except for the affected area. This is exactly why people have the right to remain skeptical about alert systems like this one.

This entire thread is about the fact that in some case the carrier can override your decision and turn it back on.

> Imagine going to another country, jumping on another network and your phone automatically knows what cell bands and towers to connect to.

They already do that. Or, rather they don't need to "know" anything; a phone with no signal will scan through all the bands it has a radio for, and will find a network to connect to. If a network rejects the connection, it'll move on to another.

This is also something that traditionally has been configurable: you can tell your phone not to do this, if you want, and it will obey your command. But allowing the carrier to change settings on the phone after a connection is established is pretty intrusive, IMO.

How much of the baseband driver do they have access to on your device?

Absolutely, they can change this setting, in lots of different ways. Originally emergency services were set up by fields offered by the SIM. Occasionally these settings change, so an update mechanism had to be established.

  - Android comes with a list of carriers and their required configurations; when the MNC and MMC provided by the SIM match a carrier on that list, Android uses the configuration from that list. This list updates with Android updates, and so SIM don't have to be reprogrammed. 

  - Modern SIMs just Java cards with a SIM app (especially if they offer IMS). The Java cards also have a secure storage element to hold subscriber keys and mitigate tampering to change these keys. They also contain signing public keys which is queried by Android whenever /Carrier Privileges/ are requested. That way, an app signed by a carrier can very against the carrier's SIM in order to get access to this configuration.

  - There are remote configuration protocols, so Android will have a bare configuration for carriers just to fetch the latest configuration from them (to then use it).

This has been happening for quite a while. If you use(d) a carrier app for voicemail or setting up the service for the first time, you've used this. Except nowadays it seems Android actually /informs/ you about it.

https://source.android.com/docs/core/connect/uicc

https://source.android.com/docs/core/connect/carrier

One could probably write a rooted Android ROM that filters / requests user permission / logs changes to carrier settings, and there's utility in that since it may be a vector for espionage / traffic redirection (provided stolen keys or an exploit of the SIM's certificate storage machinery). SIM cards are usually directly connected to the CPU, not to the baseband.

See the Verizon OMA-DM spec[0] for one of those remote configuration protocols. It’s mostly used for configuring APN’s and other carrier specific settings to get the phone working on the network.

[0] https://opendevelopment.verizonwireless.com/content/dam/open...

What about the Android derivatives like LineageOS? Can't they just patch these stupid "features" out?

Thank you for the detailed pointers.

Back in the day my phone carrier in Argentina would send me ultra-high-priority alerts with ads several times a day.

A lot of people in this thread are understandably okay with good carriers doing this for good reasons, but it's very easy to abuse if there aren't strong enough communication laws. From the amount of spam I got when I lived there, I'm surprised this is not happening in America.

Wow, that's obnoxious. I'm sorry you had to suffer that. I live in Brazil and I get constant advertising and phisshing SMS messages, it got to the point I had to kill SMS notifications and forget it even exists. I still get robots trying to call me at random times during the day, there seems to be no way to turn off telephony but it's less disruptive. If my phone had unblockable advertising disguised as high priority disaster alerts I think I'd throw it off a bridge.

use Silence app from fdroid. it let's you mute sms selectively

> I must say I strongly dislike losing control over my own device. It feels dystopian to me.

Even with a rooted device where perhaps you personally coded up the ROM you are still missing a piece which is the binary blob that runs the baseband radio. That firmware is, afaik, not something which exists in any sort of open-source or rootable manner. It's a closed blob running proprietary software on your phone, and it runs at a lower level than the ROM/OS does. So, even if you go to great lengths to secure most of the software that runs on the device (a noble goal, it's your hardware after all!) then you still must contend with the uncertainty and perhaps risk (depending on your threat model) of that untrusted code running there. You can search around the web for articles covering baseband radio exploits that span the years...

For the PinePhone you can install a free OS running the Baseband Processor: https://hackaday.com/2022/07/12/open-firmware-for-pinephone-...

Probably illegal and the firmware running the radio hardware is still proprietary.

That's partially open source software on the broader Quectel EC25-G modem, but not the Qualcomm’s MDM9207 baseband that the modem uses.

> Not everything is open in this firmware. The baseband firmware, aka the RF bits known as ADSP firmware, remains closed and not yet reverse-engineered by anyone – you’re not gonna be running OpenBTS on this modem yet.

> The TrustZone kernel remains closed too – my understanding is that it’s signed by Qualcomm.

Moreover, some of these settings restrictions are encouraged or mandatory for the FCC/Ofcom/your-local-radio-regulator to certify your device. This is to prevent people from doing naughty things with the spectrum.

I don't believe this is entirely true anymore. Yes, years ago, the baseband processor (and firmware) had full DMA capabilities to the RAM ostensibly managed by the OS, and could do nefarious things if it wanted to. But I believe nowadays the baseband is a bit more isolated, and communication with it is mediated by the CPU and OS.

Some manufacturers likely still implement the "old" architecture, though.

You would hope but to a large extent SMMUs are still not meaningfully deployed in consumer smartphones. Even when they do exist, the bounding enforced upon them are so expansive that it's essentially pointless. For example, one device I found had an SMMU in front of its BT/WiFi chip but, unfortunately, the driver on the AP side configured the SMMU to have access to all of system memory. Baffling.

How can I find out what peripherals my smartphone's baseband processor has access to?

IIRC in purism phones baseband is totally/mostly isolated and has no DMA.

Edit typo

I used to work for a carrier and yes, there are some settings that can be changed. If your phone is locked to a carrier it can even hot-replace applications without you noticing (useful for embedded carrier applications that donwload a full APK when you open the one installed in the device by default)

I believe these varies by country, since this was done for a limited set of countries my Company sas operating on

If you can do it, or your phone is able to do it. Then it can be done remotely by the carrier and sometimes the ODM. Usually initiated by SMS that you will never see.

I bought a Pixel 7 recently.

When setting up the device, I was asked to insert my SIM card. Usually, I'd have skipped past this screen, but I thought "Ok, let me swap out my SIM", since I was trading in an older device.

Worst mistake ever. Even on an unlocked phone, all the verizon crapware was silently installed in the background. This doesn't happen when you put in the SIM after setting up the phone.

Such a backwards experience.

Sneaky.

Is it reversible? As in: can you eject the sim, reset the phone to factory defaults and restart the setup process, now inserting the sim card later?

Could this have happened on Graphene/Calyx/Lineage/Divest?

Yes, Cell Broadcasts are controllable by carriers and that's even mandated in some countries (e.g in USA the carrier can send out a broadcast that will ignore all "silent phone" settings and scream loudly no matter what you've set and where). This will happen on all phones allowed to be used in those regions - whether Apple, Google, Samsung, Nokia or even Huawei.

You can attempt to disable it, but you need to be aware that in many places it's outright illegal for phone manufacturer and carrier to allow that.

> e.g in USA the carrier can send out a broadcast that will ignore all "silent phone" settings and scream loudly no matter what you've set and where

My iOS settings and experience differ from this rather greatly - can you cite any such laws or regulations?

I have clear settings on my up to date ios device in the US, on a large American carrier that allow me to a)ignore emergency alerts, b) get them but silently if my phone is in silent mode, or c) allow them through at full blast.

There are types of broadcasts even in US (IIRC Presidental broadcasts, but don't quote me on that) that will ignore your settings.

See https://support.apple.com/en-us/HT202743 - note the little "3" note where it says that some broadcasts in some regions can't be disabled?

1) yes, but only got the warning once. 2) I think you need to root and disable OTA updates, but never tried. 3) Hate it, but I think it's a drop in an ocean of control, and probably way more harmless than depending on Google for everything (at least in my case). Not an Apple user, but apparently this is also a thing on Apple devices: https://www.vox.com/2015/2/12/11558938/what-is-this-carrier-...

OTA updates are updates to the OS, not the settings.

(1) I wasn't aware of it, but I am not surprised that something like this was written into the standard (presumably. I doubt carriers rolled their own thing)

(2) All the ways I can think off are significantly harder than rooting, so essentially no.

(3) I don't really mind that much, I have Google services running on my phone and I am certain those can do far more than my carrier could ever dream off. I have begrudgingly accepted those, so it would be a bit hypocritical to complain about my carrier turning cell broadcast back on. Especially since "turning cell broadcast back on" is a use case that I can see the argument behind.

It you care about this then I suggest you look up the relevant standard documents, probably you will find this behavior documented there.

> written into the standard

What standard are you referring to?

Parts of it are in the GSM, CDMA, CDMA2000, '3g', LTE, 4g/5g standards. They are thousands of pages long. They do quite a bit. Usually baked into the firmware from whoever makes the chipset.

Yes, I am aware carrier can control carrier/network settings since those are loaded from network anyway, you can try to override them, but obviously if it's something like Cell Broadcast, call forwarding/barring or caller ID and others, carrier can decide to use different settingh from yours.

I feel like you are confusing local Android settings with carrier settings loaded from network. For instance carrier is not going to change setting of your default keyboard or ringtone without (carrier customized) system update.

Thank you. I should have been more explicit.

The settings I am referring to are under "Apps & notifications"/"Wireless emergency alerts". They are about controlling whether to and which alerts one wants to receive on their phone.

This not only seems very user-facing to me, it's also something I definitely would want to have control over.

It's an unlocked Android One device. The carrier seems to be able to remotely change these settings (see the referenced Reddit post as well), which I would never expect. It seems to be because of the SIM the phone uses and the network it connects to. No user-controlled software change like updates.

Does my surprise make more sense now?

It doesn't really matter under what setting it's placed in the OS, but "emergency alerts" or CB is clearly network setting/service, so it's not surprising carrier can control status of this setting/service and override what you set in the phone.

Not... really? It's not the setting for whether the phone receives alerts; it's the setting for what the UI does in response (make a bunch of noise vs accept silently). The UI is very much on the user-controlled side of the phone.

they try to avoid people accidentally switching it off, it's much less harm if you hear it than vice versa

I'm aware that this is their reasoning. I do not accept this as an argument for it being a carrier setting.

Carriers can actually send arbitrary AT commands which are more or less arbitrary modem commands. Depending on how deep you think the integration between the broadband controller and the CPU are they could potentially also do much more. I wouldn't trust much on any phone.

In Germany people may not be as used to natural disasters and the like, but where I've travelled where the weather is way more extreme, these are like life saving emergency alerts so you don't get sucked into a tornado like a cow or die in a flood or tsunami. I love how jarring the alerts are, there was an incident in the USA recently where some way too close menu entry got hit at an emergency alert center for a nuclear bomb and people ended up taking cover thinking they were going to get nuked in Hawaii [1]. The USA system you can understand the technical workings of here [2] while this seems to cover more of the technical workings of the EU systems [3] - These are simply service area broadcasts [4]

[1] https://en.wikipedia.org/wiki/2018_Hawaii_false_missile_aler...

[2] https://www.youtube.com/watch?v=sdmkTkWB40Q

[3] https://media.ccc.de/v/osmodevcon2019-107-production-grade-c...

[4] https://osmocom.org/projects/cellular-infrastructure/wiki/Se...

You can turn off all the government alerts in iOS, in the US at least. I have had them all off for many years since one woke me up in the middle of the night for no reason.

Quite the opposite in Canada unfortunately, specifically Ontario but other provinces may be a joke as well... Can't turn off alerts, and we're well known for sending them out in the middle of the night, or just sending test alerts with no significant value. Thankfully silent mode turns them into vibrations, I feel sorry for those who use ringtones. Moved back here after living in SF for so long and this feels ass backwards, far preferred the optionality y'all are given.

That is unfortunate. The alert that caused me to turn them all off was even written about in the news that day. Millions of people in the entire NYC metro region had their sleep disturbed and were pissed.

https://nymag.com/intelligencer/2013/07/ambert-alert-phone-4...

I remember group chats of people discussing how to turn it off and my friends and I telling our parents how to turn them off.

Can't you pull out your sim card when you go to bed?

Seems pretty inconvenient, plus the world is moving to eSIM. Although, I wonder if the alert system even cares about SIM. Presumably they would send it out to any device connected to the network, not just those with a SIM?

> there was an incident in the USA [where a mistake] at an emergency alert center had people thought they were going to get nuked in Hawaii

I think your example is a powerful reminder why folks turn off alerts. For most of us tho, it was the bazillionth urgent notice of a non-applicable event.

I've disabled them on my phone because it's always either a test or some nonsense "it's too busy in <town> 10km away, stay away". Alerts they would never turn on the sirens for. I'd be very annoyed if my carrier re-enabled alerts.

Where I am I've been fortunate that the weather alerts have generally been for critical situations such as tornadoes.

The Amber alerts, OTOH, have been usually across the state and of debatable usefulness[0].

0: https://www.tandfonline.com/doi/abs/10.1080/0735648X.2014.10...

A little tangential, but carriers and hackers can execute arbitrary code on your device through OTA updates with the baseband modem. It's even been done on 5G.

Which also reminds me how the NSA has intentionally crippled standards in the past so they could eavesdrop or inject code without having to go through the carrier. This means Johnny Scriptsalot can do it too.

(1) Yeah, though I definitely forgot. In my country, it used to be really hard to find a plan with mobile hotspot, which used to be a x€/month (don't remember the number) option that would just hide the setting. That was a very long time ago since I saw on but I think some plans still have those restrictions and use that method to enforce it.

(2) Changing to a device that doesn't have that feature. Which probably means no Android and no iOS. I would not be willing to do so, I'd change carrier instead if it was problematic enough to me.

(3) I don't mind when it's to set settings for a good reason. I assume some settings are configured that way for the phone to properly work on the carrier network. On the other hand, I hate it when it's to enforce a stupid thing or extract more money from a built-in feature.

Absolutely they can. Carriers have access to the system partition aka We do what we want (hopefully they do what makes sense). This is how bloatware is installed (the things you can't get ride of).

Your thinking is tainted by the american model where you buy carrier locked phones. But no, that is not usually how it works. The system partition can be modified by the party who issues system updates. Normally this would be the company making the phone, such as Samsung. But in the US, some carriers sell modified phones locked to their network, and in that case the carrier is also the one shipping updates.

Worked at Sprint back in the day and we (I) had to do this. Special certificates to produce a special OS build with the right privileges (carrier specific). The carriers and builders (Samsung etc) work together to get this in place. That on top of zero rating data being sent out for tracking allow the carrier (or builder) to do what they want.

Are you sure this is the case? All the carrier app loading implementations that I am aware of (this is a small number) explicitly whitelist some carriers or even some apps by certain carriers. For instance, the implementation I worked on myself (as a reviewer) only granted a single carrier to load one of their apps when the SIM card was inserted.

With that implementation, it would not be possible for any random carrier in a foreign country to load random bloat onto my phone just by me crossing the border to that country.

If you don't have root access to your phone (or baseband), you have no control over it. That's Google and Apple's plan. In Apple's own words "It's their platform"

It’s very difficult for me, in all honesty, to even understand why the act of emergency alerts being re-enabled by a carrier leads to this kind of reaction.

I'm experiencing the opposite; my wife and I have the same iPhone model (13), with the OS up to date. When we bought the phones, 18 months ago, I customized them to have identical settings; while doing that, I also disabled the Amber Alerts. Still, a few weeks ago, our phones started to emit an unheard (til then) sound in the middle of the night: it was an Amber Alert. WTH? did any of the OS updates enable the AA? I looked at the phones and - hey, where did that setting go? the alerts are no longer visible in Notifications. What's weird, is the fact that you can type "Govern" (for Government Alerts) in the Search field, and Notifications comes up - but, when you go into Notifications, there's nothing there.

I googled the issue and it's affecting quite a lot of people. It's unclear whether the culprit is the provider or a long-standing bug in iOS (the first mention I found is a few years old). Some people suggested that you take out the SIM and the options would reappear. Didn't work in my case.

On my iPhone 12 running iOS 16, the "Government Alerts" section is at the bottom of the Notification settings screen, just need to scroll down for it.

Related, specification from 2019.

https://www.etsi.org/deliver/etsi_ts/102900_102999/102900/01...

Check Security Considerstions in 5.5.

Thank you.

Doesn't surprise me, Android lets carriers and manufacturers install all sorts of garbage you can't remove. It's a pretty terrible operating system. I just disable amber alerts when I get a new phone, never gotten any other type of alert in the US, haven't ever gotten an alert in another country. I also hear that Canada sends out amber alerts with an unblockable "presidential" priority, so if I were ever to move to Canada, I would figure out how to disable that type of alert as well.

Tornado? Nuclear strike? Missing child? It's all the same level of danger, right?

Similar thing is with call recording, as one of my SIM card is from Germany my phone doesn't allow me to enable call recording, but, as I don't live in Germany, and it's legal to do so here, I have a manufacturer-specific app (3rd party, ofc) that basically runs in background and periodically and on boot, re-enables this setting. Wonder if something similar could be made, or exists for your phone.

Pretty sure they're "required" in Germany and cannot be disabled by the user.

You travel to other countries, you abide by their laws. This is no different.