Archive link incase of paywall: https://archive.is/pzfZX
Amnesty also says it, along with researchers at Google, discovered a vulnerability in a wide spread of Android phones which Cellebrite was exploiting. Qualcomm, the impacted chip manufacturer, has since fixed that vulnerability. And Amnesty says Google has remotely wiped the spyware from other infected devices.
Plant malware in people’s phone for reporting crime, thats what proper dictators do.
Maybe put your phone to BFU state before you interact with cops / government official would be a good idea.
By the way, another score for Xiaomi and Samsung. 
they managed to unlock it even though it was BFU , interesting …
one more reason to get a pixel with GOS
They just bruteforced the password or more likely that was a PIN.
From Google Project Zero
It took less than 3 months of research to discover 6 separate bugs in the adsprpc driver, two of which (CVE-2024-49848 and CVE-2024-21455) were not fixed by Qualcomm under the industry standard 90-day deadline. Furthermore, at the time of writing, CVE-2024-49848 remains unfixed 145 days after it was reported. Past research has shown that chipset drivers for Android are a promising target for attackers, and this ITW exploit represents a meaningful real-world example of the negative ramifications that the current third-party vendor driver security posture poses to end-users. A system’s cybersecurity is only as strong as its weakest link, and chipset/GPU drivers represent one of the weakest links for privilege separation on Android in 2024. Improving both the consistency and quality of code and the efficiency of the third-party vendor driver patch dissemination process are crucial next steps in order to increase the difficulty of privilege escalation on Android devices.
That’s really not how that works. Vulnerabilities being found in Qualcomm SOCs says little, if anything, about the security of their competitors.
I think the lesson here is - if your phone is ever confiscated by the authorities and leaves your sight for even minutes - its time to get a new phone.
I wish there was a phone that works like Tails. It only stores what you do between restarts and shutdowns.
This is so wrong, a factory reset is enough.
Exceptions include the hardware having been tampered with, or the bootloader being compromised.
One should use Auditor too, just to be sure.
Unfortunately that isn’t an option for most device models, but you are of course right.
It’s a question of time. Initial generic device support by quh4gko8 · Pull Request #236 · GrapheneOS/Auditor · GitHub
We’ll never get that with Android, so we’ll have to hope for a Linux-based phone. I know that a few honorable attempts at a Linux phone have not made any progress, but we can still hope.
Or that - I didn’t think of this. Hah!