GrapheneOS https://discuss.grapheneos.org/d/20401-grapheneos-improvements-to-protection-against-data-extraction-since-2024 is a thread about recent improvements to the defenses.

https://discuss.grapheneos.org/d/20402-cellebrite-exploits-used-to-target-serbian-student-activist

You are very convincing in your arguments! Today, the Pixel 9 order). I have a question - I used the Honor MAGIC 6 Pro (Quallcom Snapdragon 8 Gen 3, MagicOS 9.0 Android 15, with descret security chip S1, MagicOS-8.0-Security-White-Paper.pdf ) and use processes automation - "Macrodroid" on the phone. I provided this application with all possible access. I write triggers under my phone model:

  • turning off the phone in 15 seconds when turning off the mobile network (Faraday box);
  • blocking the phone when stealing a phone from my hands;
  • Turning off the phone within 10 seconds when connecting the USB cable;
  • the second factor in the authorization of PIN when unlocking with a finger;
  • turning off the phone if not unlocked within 1 hour,
  • turning off the phone after 2sec clicking the volume button up and other safety macros.

This is a good set of security addons functions. Therefore, is it possible to use a macrodroid on your OS for extra experiment for me?
My profession is an activist ... And every day it can be dangerous for my work. All information in my phone.

      Alllus I asked Macrodroid to format the phone without unlocking it for a certain period of time, but they didn't agree.

          troika no any problems. Example trigger actions - Run "settings" applet, Enter search "factory reset", click confirm button...

          P. S. Its very simple example.. You can make it more complex. For example, add a screen sensor lock, multiple retries, etc.

            GrapheneOS are you saying, that a pixel 7a with grapheme is less secure than a newer Pixel device? If so, which is the safest device for graphene?

            • de0u replied to this.

                If I bought a Pixel 9. I install GraphenOS, install all Google programs (google translate, Play Market, Chrome, Google Drive, Google Photos and others), completely disable the USB port, set an 18-character password and a fingerprint (for convenience), set the device reboot time to 1 hour. I am not interested in anonymizing the phone. What is important to me is counteraction to hardware complexes UFED, GRAYKEY, etc. Will this be enough? Will this be a protection mode similar to the iPhone downlock mode?

                GrapheneOS Does Windows protect better than Linux? Microsoft has more resources to implement security technology

                    Finik Depends on what you mean by Linux. It's not nearly as secure as ChromeOS or Android. It's easily more secure than Debian. Some traditional desktop Linux distributions are doing a lot better than Debian. The topic of the thread is forensic data extraction and essentially no traditional desktop OS other than macOS and ChromeOS have any serious defenses against it but ChromeOS is generally on hardware without serious defenses against it. If you're talking about security from data extraction on a laptop, there isn't much more choice than a Mac with macOS as long as you had some kind of locked device auto-reboot set up. Anything else is not able to defend seriously against it while powered up and locked.

                      4 days later

                      Here's the Cellebrite Premium 7.73.1 Pixel Support Matrix from February 2025.

                      Pixel 6-9 with GrapheneOS - the best! No any access to BFU/AFU state