Whats the worst case scenario (Unattended root?)

Xyveh

If someone were to shoulder surf my pin and temporarily gain access to my phone what is the worst case scenario. I'm imagining someone rooted it and installed some sort of surveillance app or something reset it and restored it via seed vault. Not sure if that exactly would be a valid attack method but something along those lines. Anything disastrous and anything that could survive a factory reset? My apologies if this is a dumb question.

Rizzler

Xyveh To root it, they would need to unlock the bootloader which would wipe your data.
The worst case scenario is that they stole all your files, messages, etc. by offloading it to a pendrive or something.

de0u

Rizzler To root it, they would need to unlock the bootloader which would wipe your data.

That assumes the attacker is not in possession of a zero-day local privilege escalation. But the OP asked about worst-case scenarios.

Rizzler

de0u It would be ridiculous to assume otherwise.

Carlos-Anso

The easy route to getting a lot of oversight is installing some advanced stalkerware that is granted the ability to act as an accessibility service. This gives it very elevated privileges and makes it possible for it to hide itself.

Can check for Accessibility Services using Auditor.

It wouldnt resist a factory reset.

[deleted]

Carlos-Anso would this be detectable in the list of running processes (or cached)?

Carlos-Anso

[deleted]
Apps granted the ability to act as an accessibility service can see what you are doing and alter what you see.
Thats why Auditor detects if any apps have this granted.

Roger

Worst case I'd say would be the attacker downloading CP onto your phone and alerting the authorities or the local vigilantes. EDIT: Or blackmailing you with that. Or framing you for some other crime with the phone.

[deleted]

Carlos-Anso thank you, you have, albeit indirectly answered my question.