I’m looking at either buying a pixel watch or fitbit in order to get Google Pay, reply to messages on the go, track steps, etc but my threat model involves forensics when my adversary physically has my devices
I was wondering if anyone knew if notifications sent to either/both watches ever gets written to disk or if its RAM only, my threat model means its okayish for the short window between device seized and the pixel auto rebooting but if my entire conversation history can be pulled from the watch that’s an issue
I think wearos is open source but I don’t know how to read code, I would really appreciate if someone checks for me or if they happen to already know
1 Like
Some more information about your threat model might help solicit better advice
Who are the adversaries? What threat vector(s) are available to an adversary that has your device & the capability to forensically exploit it, that aren’t already exposed through online services, such as the linked Google account?
1 Like
Unfortunately Wear OS developed by Google is closed- source, so you cannot easily audit the code even if you wanted to.
I moved away from Fitbit but I think the Fitbit trackers still available for sale (not Google Pixel Watches that have the Fitbit fitness features inside it) may not be on Wear OS.
The watches are smart devices but trackers are much more limited and might be on their own OS.
1 Like