Consider i have a phone, and it’s bootloader is unlocked. What is the worst that could happen?

I’m interested in the security aspect of it. Consider you’re detained by the police, and they want access to your phone. Can they get access if the bootloader is unlocked?

What is the role of the password? I.e., i’m using a 4-digit PIN for my phone today. Can the phone’s data be secured against police force if they get physical access to the phone?

To further elaborate:

I’m well aware of the XKCD:

I’m wondering, apart from applying physical force, what are the surveillance aspects? Could somebody sneakily install spyware on my phone that can read all files on the phone’s internal storage if they get a physical hold of it for (let’s say) 15 minutes?

  • Lucy :3@feddit.org
    221·
    5 days ago

    While unlocking the bootloader […] unleashes the full potential of the bootloader, it also poses a security risk. Even with your lockscreen protected with a pattern/PIN/password, not having flashed a custom recovery, having an anti-theft app installed (maybe even converted/installed as a system app) your phone’s data is easily accessible for a knowledgeable thief.

    All the thief needs to do is reboot into the bootloader and boot or flash a custom recovery such as ClockWorkMod or TWRP. It’s then possible to boot into recovery and use ADB commands to gain access to the phone’s data on the internal memory (unless you have it encrypted) and copy/remove files at will.

    Granted, the risk seems low. The thief would not only require knowledge of fastboot, he would have to turn off the phone before you have issued a wipe command using an anti-theft app. You could of course flash back the stock recovery & relock the bootloader after being done with flashing stuff, but that would require you to unlock it again if needed which will erase your userdata.

    Of course, a thief can/is also the government.

    But, most phones can be unlocked by the pigs regardless, with eg. Cellebrite. The best bet is probably a pixel, as it can be relocked easily, with graphene. Or no phone at all.
    Also, I’d guess many Cellebrite tricks work with (weak?) pins/patterns. Use a password, and no fingerprint. And on eg. graphene, the emergency wipe after 10 wrong pws etc.

    • gandalf_der_12te@discuss.tchncs.deOP
      7·
      5 days ago

      Thank you for your comment.

      I assume using a password is better than using a PIN/pattern (as you said) because it has more entropy.

      IIRC Android actually encrypts all userdata by default nowadays but it only encrypts userdata and not the system partition.

      So if an attacker got access to the phone, they could install an update on the system partition that includes spyware and then spy on my password next time that i enter it. So once an attacker got a hold of my phone, i should assume they installed spyware on the system partition and the phone is no longer trustworthy. In that case, i’d have to flash and reformat the whole phone.

      (If i re-lock the bootloader, it has the advantage that i’d be notified if an attacker wrote updates to the system partition because all userdata would be wiped.)

      • WhyJiffie@sh.itjust.worksEnglish
        1·
        5 days ago

        (If i re-lock the bootloader, it has the advantage that i’d be notified if an attacker wrote updates to the system partition because all userdata would be wiped.)

        are you sure that makes the data wiped? as I know, locking itself wipes, but it is not possible to write partitions anymore with standard tools, and the bootloader will check signatures with dm-verity (a linux tool) and if it doesn’t match it’ll just refuse to boot

      • WhyJiffie@sh.itjust.worksEnglish
        1·
        5 days ago

        In that case, i’d have to flash and reformat the whole phone.

        you could try restoring partition images. needs testing though, maybe it doesn’t work for some reason