Consider using developer betas instead of regular updates. Graykey support matrix indicates recent betas present a challenge or aren’t dedicated enough time to add support in the tool. You also get new security features quicker. The new inactivity reboot was available for developer beta first.
It’s not. Biometrics + 2FA PIN is a proper solution.
Turn off every option in Settings > Screen Time
Unnecessary data collection.
Settings > Apps > Safari > Close Tabs
Configure this for one day. Make it a habit to do it manually though.
Private Browsing data in Safari can and will be obtained regardless of biometric/passcode lock if you do not CLOSE THAT TAB!
Re-consider blocking people. You may just be creating a list of people to interview lol. Also remember your contacts list can be very valuable. Use a separate e-SIM unrelated to work/family for friends/strangers that you can quickly change.
Any updates?)
My recommendations based on my updated knolwedge of cellebrite
-
factory reset phone every 2 weeks to clear up biome/knowledgec.db
-
do not utilize icloud backups. if you factory reset your device then restore from a old backup, you are transferring sensitive hidden data right back to your device. you don’t need to restore from a backup. If you pay close attention to settings, the things you need are synced via a separate feature called “Saved to iCloud”. Having advanced data protection on top of this is sufficient protection since you shouldn’t retaining be old imessages, using the built in notes app, built in passwords app, icloud mail, icloud drive, and of course storing sensitive contacts in the native contacts app.
-
update to latest iOS dev beta
-
do not use ig, fb, whatsapp, X, discord, or telegram for sensitive communications. only use them for news and regular connections.
-
do not keep your primary email or password manager installed on your iPhone at all times. put it on second phone (preferably grapheneOS)
-
siri suggestions = no
-
under no circumstances use a numeric only password
-
lets siri learn from apps = hell no
-
phone not being used? put in BFU
-
my original post and tips still protects against regular cellebrite ufed/other mainstream forensic tools besides graykey.
-
do not retain data you don’t need. 9/10 you don’t need your iMessages from a week ago. just delete them. using signal? turn on self destruct. need to save a photo from a message? sync it to proton drive, delete it from photos and recently deleted. while you don’t have to use proton drive it is important to use something with online only access to defeat device extraction.
yep u were right. cellebrite premium is literally a “hey buddy you see this filesystem? yea it’s mines now!” machine
I feel like the only way to keep Apple devices usable while having important data off-device is to simply use them as a gate for private info.
What do you think of using something like a travel router that has a Tailscale directly to a VPS and all the telemetry filtered? In case of an emergency, just click the reset button on the router and all the connections are gone. I’m not sure how private RD apps are and how much data they store locally though.
I just set up a Glinet router and it draws around 11W in wireless connection mode with VPN and apple DNS blocking, meaning 9 hours with my power bank and YouTube in background.
Edit: turned off 2.4 band and now get around 6 watts on average, I can turn down TX power (and probably should to avoid snooping) as well as lights altogether. That would mean around 12 hours of constant connection.
I wonder if there is MDM setting that would allow some side loaded app to reboot/erase the device after WiFi disconnection.
- Killswitch - Shortcut cool lil button to quickly put your device in BFU
Is there any way for a shortcut to restart the phone without any action from the user? This shortcut makes it really easy, but still requires a swipe.
This is a hilarious thread. Apple consistently hands over your entire set of user data with a warrant. There is nothing “secure” about iPhones.
1 Like
They legally have to. They offer E2EE cloud services, so the police won’t be able to get any of the protected categories of data if you have ADP turned on. You can also just turn off things you don’t use so it’s not synced at all.
They’re some of the most secure devices available. You can just look at the price of exploits for them. Obviously there’s still lots of room for improvement, I think projects like GrapheneOS are driving security improvements in the whole industry, especially Android. We should be highlighting where Android and iOS fall short and pushing for improvements instead of making blanket statements like “x is insecure,” I just don’t think that’s very productive.
7 Likes
Black and White binaries like this are rarely constructive or accurate.
4 Likes
I bet something like this could be accomplished on Android. iOS prob not.
Not as of today.
1 Like
Unless you have some interesting metadata or using things that aren’t protected by ADP they aren’t getting anything useful. You also speak as if any legitimate company can refuse to hand over data they have access to.
Google hands over your data WITHOUT a warrant yet they produce the most secure phone hardware that Graphene devs love.
1 Like
I thought that lockdown mode prevents installing any profiles… Does it allow MDM while in lockdown?
3 Likes
You can install a profile prior to activating Lockdown mode and it will remain in effect. For instance I use a NextDNS profile in my iPhone I installed with lockdown off but it stays on the phone and working after re-enabling Lockdown mode.
Really awesome if they’re actually patching exploits from these scummy companies.
3 Likes
