I agree with you. Even if your phone (with unlocked bootloader) is stolen, it will almost certainly be reset and sold further, no one will bother to get your files. And having in mind overall support for (older) cheap SoCs, there’s no much difference if you use old unlocked phone with new(er) LineageOS or old locked phone with e.g. Android 9/10 that stopped receiving updates 2 years ago. And there are more than billion such devices still in use
Samsung offers good value for the money, but those phones are not so easy to set properly if you care about privacy. And you have to remove/disable bunch of Samsung, Google and Microsoft apps.
The A54 delivers a great deal of goodies for its price bracket. Five years of support, nice camera, nice audio. However, if you’re a privacy-savvy techie, you will need to spend a lot of time undoing the defaults, making sure your system behaves. The out-of-the-box permissions are way too aggressive, and you can’t use most of the Samsung software without an account, which also makes things worse. It’s almost like a competition between Google and Samsung, and you’re caught in between, a poor consumer with not one but two mega-entities fighting over your data, your choices and your meaningless existence.
I would rather go for Motorola (G32), especially if CalyxOS can be installed (or DivestOS/LineageOS). Or even keep stock Android on Motorola than to use Samsung. But issue with (cheaper) Motorola phones is lack of gorilla glass, so they can crack quite easily
I assume (but am not sure) that DOS encrypts user data, so files wouldnt even be able to be removed in that situation. Unlocked bootloader would allow for (as mentioned previously) an evil maid attack, but that seems like a fairly remote possibility.
This could be the case. However, it doesn’t change the fact that opening up the bootloader would provide a huge door to tamper with the system. I am not sure whether the encryption is reliable to protect user files if the system is altered.
It’s a comparison between the risk you face everyday by using an outdated/unpatched OS, and the remote risk (rare) from getting your phone stolen
But the fact is that half of my contacts use outdated/unpatched OS, and who knows which crappy apps installed (possible malware). So I can expect that regardless of my setup, other side has compromised phone that can leak all data they have on me (my contact details, our chats, photos, etc.)
And my outdated OS/hardware might be actually more secure, than someone’s new and updated, if I’m more careful about how I use it. E.g. I can not get malware from google play store apps if I don’t use play store. It’s not so common, but it happened before (and will happen again)
There were similar discussions in PC space 2 decades ago (windows updates, anti-virus programs, linux security, etc.). At the end, user is the weakest link.
I cannot agree with a recommendation for a unlocked bootloader phone. If you just lose the device everything can be breached, it is a massive disaster imho and that nullify any benefit of a privacy respecting ROM.
If we recommend a budget phone relocking the bootloader should be required, we can’t endorse a totally insecure device.
Wouldn’t the data remain encrypted and inaccessible? Is the risk that the device could be modified to allow for encrypted data extraction and/or allow for a brute-force of the pw?
FWIW, I agree about locked bootloader. However, I think the theory here is “don’t let perfect be the enemy of good” scenarios.
Actually I may be confusing. I had a phone with unlocked bootloader and I installed a custom recovery and I remember I could simply access data from the recovery without the need to unlock. But I’m not sure that was possible just for the recovery or for the unlocked bootloader or both.
If the phone’s bootloader is locked, which almost never happens with custom roms, your data is relatively safe. Situation, however, severely changes with unlocked bootloader.
Unlocked bootloader, among other things, means access to fastboot flashing, and here is the terrifying scenario: attacker boots TWRP recovery via fastboot. He is greeted with a prompt for pin/password/pattern. Instead of entering the same, he presses ‘cancel’ button, which will result in TWRP having the full access to system partitions. After that he can remove pin/password/pattern without ever knowing them. Depending on the device, those are stored in 1-4 files usually starting with lock*** in system/data (Android encryption scheme does not include system partitions, which are always unencrypted). After removing the files, a simple reboot would result in system falling back to the hard-coded ‘default_password’ which in turn will be used to re-encrypt the master key. On boot, the attacker will have full access to the phone including data.
It seems unlocking the bootloader is a severe security issue. With this issue, privacy is not relevant anymore, as there’s none - zero if your phone got stolen. It might be better to use an outdated Android version instead of unlocking the bootloader, especially on some device which unlocking the bootloader is irreversible, e.g. Sony.
I don’t have enough knowledge to confirm whether the answer is accurate, though.
It would be good to know what brands/models this applies to. For example, a couple yers ago I was unable to find a specialized data recovery firm that would be able to recover data from a xiaomi device that its owner (a relative who had asked me for help) had forgotten the password to. Supposedly xiaomi phones running miui dont do it in the standard android manner. This is what I was told
edit: phone was running miui eu, bootloader was unlocked
I have compiled a small list of links that may be helpful for this conversation (no idea if these are reliable or helpful, just thought I’d put them out there):
The final link in my above post (LineageOS, FBE, unlocked bootloader and security | XDA Forums), is in response to the question detailed above by the most recent poster. I don’t know whether the answers provided are trustworthy, but something to consider I guess
That’s because your phone is explicitly not encrypted (or your custom recovery supports decryption, you could know by checking whether or not it asks for password to decrypt data)
The phone was encrypted but the recovery was surely able to decrypt and access data to perform tasks. So, my question is: with only bootloader unlocked if the phone is lost data can not be read and just evil maid attacks are possible?
As long as the phone is encrypted, the user data can’t just be viewed by anyone checking TWRP. At the very least it was the case back when I used TWRP. Being unable to decrypt data partition is the most common TWRP “bug”
I had TWRP and it was indeed able to access data and that makes sense because without access it wouldn’t be able to perform any task like backups, install pkg or else.
I agree with @anon28734771 there is no good recommendation to make here. In the current day and age, it is already way too easy to exploit a mobile phone. Readers of this forum are here because they already feel the need for privacy. If we start recommending stuff, that will simply not work, I don’t see the point of that.
We have to acknowledge that privacy is neither free nor cheap. This is not a nice message, but it is reality. If you can’t afford a secure and privacy-friendly device, the only recommendation to make is to limit your usage and dependence on it.
Also, because of lacking features, it is quite impossible to make a straightforward recommendation. GrapheneOS is the golden standard because it supports all expected functionality and does not limit the user in any way. This can’t be said about other options, so inherently this will become a much more personal decision.
Don’t conflate /data (the user data) and data as a whole. Those are different things, system and other stuff aren’t encrypted, user data is (unless you did some TWRP fuckery and flashed disable-dm-verity-forceencrypt (this force disables encryption, not force decrypts. And you usually need to wipe after you flash this)
I find it hilarious that I recommended using zero interested financing for those who can’t afford to drop €200-€300 on a phone at once and people’s response was:
“Just because it’s split up doesn’t make it less expensive” or that every dollar matters in some places of the world, etc.
But then they’re fine with recommending devices with awful hardware, privacy and security that will be obsolete in 2 years which is €6.25 per month and will probably have delayed updates, etc
OVER
recommending spending €50 more for good hardware that can run the best OS for privacy, security, and freedom while also having top-notch software support (Pixel 6a has a MINIMUM of 3.5 years of software support which is €4.76 per month) and this is not even counting the fact that GrapheneOS provides extended support after device goes EOL and even after that you can go with DivestOS.
