Hey everyone, I’m Ayush. I’m a student and I’ve been doing some deep-dive testing on my new CMF Phone 2 Pro. Since I have a background in coding, I tend to look at how the hardware and software actually talk to each other, and I’ve found a pretty big security gap that I think the Nothing team should look at.
Basically, I’ve been comparing the “Power Off Verify” feature to how Samsung does it on the A35. On the CMF 2 Pro, the software part is cool, but it’s too easy to bypass. If you just hold down the power button for about 15 seconds, the hardware forces a restart anyway, skipping the password check entirely. Even crazier, if you press all four buttons, you can get straight to the factory reset screen.
On a Samsung, you can’t really do that—their security is baked into the kernel, so the hardware buttons won’t let you reboot or wipe the phone without a PIN if it’s locked. I really think Nothing needs to bridge this gap so a thief can’t just hardware-reset our phones.
Also, just a suggestion for the “Nothing Ecosystem”—I think you guys would be the absolute best in the market if you did the “A to Z” approach. Instead of using basic Google tools, give us a Nothing-style Dialer, Password Manager, and even your own Package Installer. That kind of vertical integration is why Samsung feels so “complete,” and with Nothing’s design language, it would look amazing.
