Samsung's 'Repair Mode' Lets Technicians Look At Your Phone, Not Your Data

An anonymous reader quotes a report from Ars Technica: Samsung is introducing an interesting new feature for people sending in their Galaxy phones for repair: "repair mode." When shipping off your phone, you might want to do something to protect your data, and the new feature sounds like a great solution. It locks down your data, but not your phone. [...] While in repair mode, technicians can still poke around in your device and test everything, but they'll only see the default apps with blank data. When you get your device back, you can re-authenticate and disable repair mode and you'll get all your data back. The feature was first spotted by SamMobile, and Samsung has so far only announced the feature in a Korean press release; it is first launching in Korea for the Galaxy S21 (the S22 is Samsung's latest flagship phone). Repair mode can be turned on from the settings menu, and Samsung says (through Google translate), "You won't be able to access your personal data, such as photos, messages, and accounts," and anyone with the phone will "only use the default installed apps." Repair mode can be exited the same way, though you'll need to authenticate with a pattern, pin, or fingerprint.

Someone will make this illegal.

[Seven Spirals]

This seems like a great idea with practical applications. Quick! Someone make it illegal.

Re:Someone will make this illegal.

[slazzy]

I'm sure as soon as someone gets pulled over by the police and sticks there phone in repair mode it'll happen

Re:

[Kernel Kurtz]

Especially if they are black and American.

Alternative

[fahrbot-bot]

For those w/o Samsung phones, TFA notes:

Android has a number of built-in capabilities that would make it relatively simple to implement such a feature. Android supports multiple user accounts, which allow for multiple separate sets of apps and data. It wouldn't take much to lock down the primary user and spin up a "guest" user with no data for the repair people to work with.

If your phone storage is encrypted, this might be enough. Personally, I'd also logout of the Google account associated with your profile.

Re:

[Powercntrl]

And of course if you have an iPhone, it will never break, because we all know Apple's stuff just works.

I kid, of course. Back up your phones regularly, folks.

Send in for repair

[fermion]

Back up the phone

Erase the phone

Send it in

Data security solved.

Re:

[splutty]

That's assuming anything you can back it up with still works. And since one of the most common problems is the USB port going kroink...

Re:

[Powercntrl]

That's assuming anything you can back it up with still works. And since one of the most common problems is the USB port going kroink...

I know it's a crazy concept, but you're generally supposed to make regular backups while your device still functions properly. The idea being that in addition to breaking, phones also get lost, stolen, dropped overboard from a boat, those sort of things...

Re:

[fermion]

So if I understand correctly, android has no way to back up a phone so, that, for instance, if your phone breaks you can be back in an hour or so?

Re: Send in for repair

[Shangrila12]

Unless you have your phone continuously backing up even on cellular data, even your iPhone doesn't have a 100% current backup at all times. Android/Samsung do automatic backups on wifi probably once a day. Before I do a repair I just run a manual backup on WiFi. Restore is painless but still need to go through a few steps and wait

Re:

[bill_mcgonigle]

Correct. Even if you trust cloud backup many settings are lost. SnapSeed is making some progress. Titanium has been useless for years. Apps can exclude themselves from being eligible for backup.

Android backup is a disaster.

Re:

[ctilsie242]

All smartphone backups seem to just be woefully inadequate. At best, you get an all or nothing backup with iOS, and Android is all over the place. It was nice when Titanium Backup and its sync app worked, because it not just backed up apps, but also encrypted the backups and sent them to a provider like Dropbox, ensuring that stuff was saved off.

At best, one has to link a cloud provider and hope their app has sync functionality. Because without that, any app that doesn't have its own backup mechanism, pr

Re:

[AmiMoJo]

That's why it's important to keep it backed up all the time. If you sign in to a Google account then that will back up most stuff, or there are third party apps that can do it (including open source ones).

Then just don't give the repair people your password, tell them that they can factory reset if they need to get in.

How can I activate this repair mode

[fabioalcor]

If my phone is broken?

Re:

[Powercntrl]

If my phone is broken?

Considering that this is Samsung, they'll probably send your phone back only partially repaired. You can then activate repair mode before sending it back.

Anecdotal source: My partner had a bad experience with repairs on one of the Note series of phones. I forget which one. No, it wasn't the one with the exploding battery. It had to go back to Samsung three times.

Re:

[Darinbob]

I've seen things with similar capabilities, not consumer devices though. Customers hold the certs to the data, and the manufacturer can't decrypt it. Partially applicable to phones, even though customers don't directly hold certs but there may be a security module that the manufacturer can't read (like the fingerprint scanner on the iphone).

Have a pending patent that is vaguely similar, for non-consumer products, but there could be a debug port that is unlocked separately after the customer authorizes, bu

Re:

[Kernel Kurtz]

If you don't remember what the phone was can you really be sure it was three times?

In future news ...

[fahrbot-bot]

Samsung phone owners complain that activating "Repair Mode" doesn't repair their phone.

Re:

[Powercntrl]

It doesn't!? I haven't been this disappointed since the time I found out that "airplane mode" doesn't enable my phone to fly.

Re:

[Mal-2]

Your phone will fly just fine, with sufficient thrust, but the landing may be a bit rough.

Soon to be followed by "police mode".

[MacMann]

This sounds like a great start for people that don't like the idea of police snooping into their phone.

With one unlock code they can show a phone with nothing but their high scores on Candy Crush, a contact list with only their business contacts and plumber, and photos taken at the park and zoo. Repair mode is obviously going to anger the police for hiding things from them, but a mode that shows the phone is a bit "lived in" isn't going to raise the same kinds of suspicions.

The police might be able to argu

Re:

[JaredOfEuropa]

Sounds like you need to repair your police or your laws.

Re:

[ctilsie242]

The closest thing I've seen to this was PhonebookFS. It allowed one filesystem to have multiple keys, and it even had some "chaff" (random garbage files) so even if all keys were used, there would still be stuff that wasn't decryptable, for plausible deniability.

It would be nice if one could separate their phone into sub-containers, where one could access a sub-container by their choice of authentication. For example, some stuff, I didn't care if it authenticated via the fingerprint. Other stuff, I'd wan

It would be even more private

[electroniceric]

If Samsung wasn't harvesting your data for themselves.
For example, any Samsung apps must be updated through Galaxy store, which oddly enough requires access to your contacts to work. Same with updating Galaxy Buds.
And there's a Samsung service monitoring app launches running by default on Galaxy devices.
Maybe they should do something to fix that.

Removable Storage

[Ed Tice]

Or you know they could just let you keep your data on some sort of removable storage that you could, you know, physically remove before you sent your phone for repair. Wow what an amazing new concept!