Yikes. For a moment I was impressed with Samsung offering this, and now I see it comes with a poison pill.
I’m always tempted by Samsung’s beautiful and capable hardware but their approach to software always puts me off.
They’re like the anti-Pixel lol.
It disables sideloading too.
This is only true for regions they likely consider non critical. Samsung devices sold in the US, which is the Pixel’s main market, come with Snapdragon chips. This is why you can find threads of people seeking to import US Samsung devices from other regions.
Only the expensive devices comes with snapdragon… The cheaper devices comes with exynos… Also in the US
I forgot those exist but it makes sense. Cheap gets cheap even within a critical region.
May I ask if recent Samsung phones are less secure (more vulnerable) than recent iPhones even in BFU states? If the only possible option is to brute force, I would consider it secure enough (since I use very long passwords)
Of course, using trusted App Stores like F-Droid (or Epic Store I guess) is considered side-loading.
For a sec perspective, Samsung could easily have a list of trusted app stores, but ofc the real aim here is money.
They do. They only have the Play Store and the Galaxy Store whitelisted with no way for developers to ask Samsung to whitelist their own app stores. Epic Games is suing Samsung because of this.
Unfortunately, to my knowledge, there is not enough publicly available information to answer that question with high levels of confidence.
If I speculate I think there are two possible ways Samsung is not as secure from physical exploitation as iPhone (in lockdown mode) or Pixel
The first is that with Samsungs additional layers of software there could be additional zero-days possible to bypass the Lock Screen. We won’t know unless someone publishes data on this.
The second possibility is that there is a zero-day that allows the Samsung data to be downloaded even in its encrypted state and then vulnerable to offline attacks. If this is the case, a long complex password would mitigate this attack but not eliminate it.
I was curious about whether forensic softwares like Cellebrite premium were capable of extracting and decrypting data from cold samsung phones. I searched the discord chat logs whoami6 provided, but failed to find any meaningful answers.
Since Samsung modified original android, there is a high possibility for additional vulnerabilities to exist. But since all new androud phones use FBE, and in BFU state the decryption key resides nowhere inside the phone, I believe there shouldn’t be any way of decrypting the data other than brute forcing. As I mentioned, extracting the data itself isn’t a big concern, unless they could BF like 10^20 passwords per second or so, which is extremely unlikely even with unsecure hash functions and high computing powers
Thank you for doing that search and reporting back what you found.
The offline attack is mainly a concern for people using a standard PIN code or simple password. Which is most people. What has made Pixel and iPhone so resilient, to my understanding, is that the Secure Enclave/titan security chip have prevented offline attacks meaning a BF attack cannot even be attempted.
But like you point out, a BF attack is only as successful as the password is weak. If you have a 30 character pass phrase then your data is very safe. If you have a six digit pin…not so much.
I appreciate your reply!
It just seems SO INCREDIBLY risky to me to have the same company that created your hardware AND software. Buying from a different hardware company seems to reduce the risk of security/privacy problems.
I trust Google with much of my data but it just really seems too trusting to use the same hardware AND software manufacturer.
Sorry, but this makes absolutely zero sense.
I think from a software engineering standpoint, having expertise on both entire stacks allows for a faster and better implementation of a product. You do have to trust Google though to do this right and they do seem to see the value of doing responsible disclosure through their Project Zero.
That increases your parties of trust. And Samsung is not a good example here because Samsung does actually change a lot of the standard Android components to be non-standard (such as the bootloader), which is used by only them, not other Androids.
Also, having the hardware and software made by the same company can be advisable if you want quick updates. Macbooks, Surface laptops, Pixels, iPhones/iPads etc all receive extremely quick updates.
Thumbs are dead after few weeks.
It only holds true if adversary cannot bypass rate limiting measures, or the adversary couldn’t extract the key from memory.
Your second point is completely valid. However, with a 30 character pass phrase required for decryption you don’t need rate limiting. The entropy on that would be high enough to protect your data.
I don’t if this has been mentioned but android fastboot tools don’t work on samsung.
And there is knox too.
I think the general point of Samsung being the best choice for those on a tight budget still holds up in some cases, as discussed here. I don’t know where to find the best deals on used phones, but here’s a quick example. In Canada (prices also in CAD) you can get a new Samsung Galaxy A15 costing around $270 and I believe they provide security updates till December 2028. The next closest Pixel offering I could easily find was a (2 generations old) used Pixel 6a costing around $244 and is only set to provide security updates till July 2027. The used 6a is technically around $26 cheaper in upfront cost, but when you take into account the fact the new A15 will last an extra ~1.5 years in security updates and comes with official warranty, the new A15 is probably a better deal for most people.
If we make a fairer price comparison by purchasing a used Galaxy A15 at around $213, it’s even cheaper than the Pixel 6a. You might argue that these price differences are small, but for people who are financially struggling, having your device last an extra 1.5 years while costing even less than the competition might make a noticeable difference to their bank account. (I myself know people in situations where they can’t even afford that.) I probably didn’t find the best price for a used 6a, but I’d be surprised if you could find a 6a that is so cheap that it would beat out a used A15 when accounting for their security update support periods. Moreover, SecondCell supposedly offers 1-year warranty for their used devices, something you probably won’t get by finding a cheaper 6a someone is selling themselves.
It’s also worth mentioning that the new Samsung A16 that is just beginning to roll out may be far more appealing if Android Authority is to be trusted. According to their article, it should cost around the same as the A15 (or maybe a little more at the start) and will provide users with 6 years of security updates, lasting them till 2030.
To summarize: Older Pixel a-series devices could be a decent option for those who don’t have a lot of money. But at the same time, it’ll require that they purchase new phones more often as they may run out of security updates quicker, and that is probably not viable long-term unless they expect their financial situation to improve before then. In cases where people cannot afford to frequently purchase old Pixel a-series devices, getting the cheapest Galaxy A series device is probably their next best option. Everyone will have their own unique financial situation and threat model, and unless there actually is an abundance of much better deals on used Pixels that I failed to find, we should acknowledge the Galaxy A series as a non-ideal option.