I haven’t been able to confirm whether supervised device restrictions can be bypassed or not. I always assume Cellebrite/Graykey has something up their sleeve for this.
Not challenging any of your assertions, thank you for all of your expertise provided here. I just want to confirm that you are referring to this section in the original post:
Create a MDM profile with the following payloads
There seems to be evidence to support this being effective that has been provided in the discussion here. Did something change?
Yes. Elcomsoft blog details a lot about how these extractions work. Although cellebrite and graykey don’t often talk about their weaknesses publicly, elcomsoft does and there’s no reason to believe the methods between these companies are much different on iOS.
All FFS extractions on A12+ require sideloading an agent (app) to to the device. This applies to all forensic vendors and can be easily verified by reading here. That app cannot be installed if you follow this tutorial.
Interesting old CVE I found. The extra mdm payloads I listed would still defeat this though like allowAppInstallation. Lockdown mode also blocks configuration profiles from being configured too. Keep your device up-to-date (model and iOS).