Consider i have a phone, and it’s bootloader is unlocked. What is the worst that could happen?
I’m interested in the security aspect of it. Consider you’re detained by the police, and they want access to your phone. Can they get access if the bootloader is unlocked?
What is the role of the password? I.e., i’m using a 4-digit PIN for my phone today. Can the phone’s data be secured against police force if they get physical access to the phone?
To further elaborate:
I’m well aware of the XKCD:
I’m wondering, apart from applying physical force, what are the surveillance aspects? Could somebody sneakily install spyware on my phone that can read all files on the phone’s internal storage if they get a physical hold of it for (let’s say) 15 minutes?
Thank you for your comment.
I assume using a password is better than using a PIN/pattern (as you said) because it has more entropy.
IIRC Android actually encrypts all userdata by default nowadays but it only encrypts userdata and not the system partition.
So if an attacker got access to the phone, they could install an update on the system partition that includes spyware and then spy on my password next time that i enter it. So once an attacker got a hold of my phone, i should assume they installed spyware on the system partition and the phone is no longer trustworthy. In that case, i’d have to flash and reformat the whole phone.
(If i re-lock the bootloader, it has the advantage that i’d be notified if an attacker wrote updates to the system partition because all userdata would be wiped.)
are you sure that makes the data wiped? as I know, locking itself wipes, but it is not possible to write partitions anymore with standard tools, and the bootloader will check signatures with dm-verity (a linux tool) and if it doesn’t match it’ll just refuse to boot
no, locking itself doesn’t wipe. unlocking wipes. at least on most devices.
you could try restoring partition images. needs testing though, maybe it doesn’t work for some reason