• Off Topic
  • Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock

GrapheneOS One of our planned features is a boot authentication toggle to request the Owner lock method in early boot. This will protect the small amount of DE data such as installed packages and saved Wi-Fi networks from firmware/hardware exploits. However, it's not sensitive user data.

Actually, what apps and games you have installed can be sensitive data. If they suspect you are a specific user on a rare messaging platform (eg SimpleX), and they see you use that messaging app, that strongly increases the suspicion that you are indeed that user. And both apps and games can be outlawed in a region, without there being any justifiable legal basis for such a thing. If they see you possess that app or game, you could end up in legal trouble from that alone.

And number of files per folder and exact file sizes are far far more sensitive data, as they can with almost certainty prove you possess specific leaked documents or other files that might strongly implicate you. Exact file sizes, especially in combination, almost always uniquely identify the files. That metadata could very well serve as evidence alone, yet isn't credential encrypted today either.

But I am glad to hear you are considering adding owner CE credentials to protect DE encrypted data too. That would bring GrapheneOS' disk encryption up to a comparable level of LUKS2 and VeraCrypt.