Apple added a feature called "inactivity reboot" in iOS 18.1. This is implemented in keybagd and the AppleSEPKeyStore kernel extension. It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device. So if you don't unlock your iPhone for a while... it will reboot!

In the news: "Police Freak Out at iPhones Mysteriously Rebooting Themselves, Locking Cops Out"
https://www.404media.co/police-freak-out-at-iphones-mysteriously-rebooting-themselves-locking-cops-out/

iOS version diffs to see yourself:
https://github.com/search?q=repo%3Ablacktop%2Fipsw-diffs%20inactivity_reboot&type=code

@soph yeah I think the earlier reboots are unrelated...

@jiska one wonders whether this is an intentional security feature or just a workaround for some hard to fix bug.

@pcwizz GrapheneOS does the same, so I think it's intended.

https://grapheneos.social/@GrapheneOS/112204443465440601

@jiska at least police have effectively confirmed for us that they keep seized phones powered up in a Faraday cage

@mikelabonte Not really new. Faraday bags are part of the Cellebrite toolkit https://cellebrite.com/en/from-murdaugh-to-josephson-how-south-carolina-law-enforcement-division-is-taking-on-big-cases-with-digital-intelligence/ @jiska

@jiska 😂

@jiska that's amazing!
I wish Google would copy these Graphene OS features into AOSP too.

@jiska thats interesting.

@jiska @tsia_ Sometimes (often) I love Apple.

@jiska "Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time."

Nearby? Are they saying that one iPhone can tell another iPhone to reboot?

@dandylyons I didn't find any traces of that, either it doesn't exist and the phones from the article rebooted because of something else, or it's yet another feature.

There's a new article with more details on when the new inactivity reboot is triggered on iOS 18:
https://www.404media.co/apple-quietly-introduced-iphone-reboot-code-which-is-locking-out-cops/

This is a cheap & great mitigation! While most people won't have their phone forensically analyzed, many more will have their devices stolen. It protects user data in both cases.

@jiska
So, now that people know because it's something something security, they can cut down costs with kernel QA. Something gone wrong? Just reboot the poor sucker. 😇

Hope I can give you more details on inactivity reboot in ~4 days 🤞

@jiska lol that’s one way to find things out

@jiska Are we sure this works? maybe the iPhone is really shy and only reboots if it knows for sure it is not being watched?