Consider i have a phone, and it’s bootloader is unlocked. What is the worst that could happen?

I’m interested in the security aspect of it. Consider you’re detained by the police, and they want access to your phone. Can they get access if the bootloader is unlocked?

What is the role of the password? I.e., i’m using a 4-digit PIN for my phone today. Can the phone’s data be secured against police force if they get physical access to the phone?

To further elaborate:

I’m well aware of the XKCD:

I’m wondering, apart from applying physical force, what are the surveillance aspects? Could somebody sneakily install spyware on my phone that can read all files on the phone’s internal storage if they get a physical hold of it for (let’s say) 15 minutes?

    • fuckwit_mcbumcrumble@lemmy.dbzer0.comEnglish
      1·
      6 days ago

      If the bootloader is unlocked then very easy. Just boot a custom recovery and backup the internal storage to your pc. Nobody’s going to try to extract the entirety of your phones storage while you’re taking a piss.

      • WhyJiffie@sh.itjust.worksEnglish
        4·
        6 days ago

        that’s not how it works at least for half a decade now. unless a manufacturer has gone way out of their way to disable it, android phones need to support some kind of data encryption to be certified by google

        • gandalf_der_12te@discuss.tchncs.deOP
          3·
          6 days ago

          yeah Android actually encrypts all userdata by default nowadays

          the PIN/pattern/password is used as the encryption/decryption key. That’s why i guess choosing a 4-letter PIN as lock protection is weak and could be broken.

          It would be nice if you could use a password for encryption (that means you’d have to enter it once after every re-boot), and then use a PIN while the device is running. Sadly i haven’t found a way to do that yet.

          • WhyJiffie@sh.itjust.worksEnglish
            2·
            6 days ago

            It would be nice if you could use a password for encryption (that means you’d have to enter it once after every re-boot), and then use a PIN while the device is running. Sadly i haven’t found a way to do that yet.

            also if we could set up multiple authentication methods, such that both biometric and pin is required. it would help against shoulder- and camera surfing, and legally against forcing your hand to the sensor to get it unlocked.

        • fuckwit_mcbumcrumble@lemmy.dbzer0.comEnglish
          1·
          6 days ago

          I never said it wouldn’t be encrypted. But if they extract it and they’re willing (or there’s an exploit) they could de encrypt it.

          Or it could be like the Android 7(?) days where you flash a quick zip and your data is unencrypted.