How to detect if Pixel device was compromised when going through customs?

When I travelled to Europe this year I installed Auditor with the Remote Attestation option -- see https://attestation.app/tutorial -- on my GOS Pixel, but I would think the same could be done in principle for a standard AOS phone, so long as Auditor can be installed onto it. Clearly, do this before any travel, so that the attestation is set up before any likely compromise.

I set it to test every 24 hours, with a 72-hour limit for delays before alerts are emailed (which I think is the default anyway). Obviously, a masked email and a nonsense username are recommended. The message each day from Auditor saying that remote verification succeeded is a welcome thing ;-)

K8y I think just flashing the device again will do.

K8y they wouldnt need to install extra beacons beyond whatever the device already offers up freely to anyone with knowledge for how the BLE api seems to work.

Tangentially: apparently when visiting in some countries there's a mandatory app to install. Is the regular Android sandbox sufficient, is setting a custom user container necessary, or is it game over as soon as the app is there ?

This ^^^.

EU citizen. I don't like carrying electronics through customs, especially US, UK and AU customs. Phones and laptops have been searched by all three listed. It is not that the content is illegal. 34 white woman... I don't fit the demographics for child porn or terrorism. The content is simply private and proprietary and not for random dissemination. Loosing control of my devices they may as well be bricked so I prefer to leave electronics at home and pick up replacements at my destination.

DeletedUser88 Verified boot prevents modifying the firmware or OS images without a sophisticated exploit to bypass verified boot for either the firmware or OS. It also prevents downgrading the firmware past a rollback version upgrade or downgrading the OS past a security patch level upgrade since that's used as the rollback version for the OS and gets incremented every month with each stock OS release in practice, other than a rare case they might do a YYYY-MM-05 security patch level release prior to a quarterly/yearly update with the same patch level later in the month. The hardware keystore rollback protection takes OS version into account though.

An sophisticated exploit of verified boot of the OS could allow surviving factory reset from recovery but not flashing from fastboot mode. Surviving flashing the firmware/OS would require replacing fastboot mode with their own, implying having a lower-level verified boot exploit not only an exploit for OS verified boot performed by the firmware for the core OS and by the OS itself for the rest of the OS.

This is theoretically possible but not something that is particularly likely to have even been developed to work against the stock Pixel OS in practice. How often do regular users even factory reset, let alone reflashing the OS from fastboot mode? It's an incredibly niche purpose for an exploit and it's much harder to develop than a local privilege escalation exploit for the OS. It's also probably harder to develop than a remote code execution exploit in most cases. They would need to find vulnerabilities in a far smaller amount of code which can be triggered while the device boots and verifies the early firmware and later OS images. It's even quite feasible that there are not vulnerabilities to exploit without physical tampering, unlike the massive attack surface of browsers and the OS. Most of the vulnerabilities in this niche would be a failure to implement the basics of verified boot properly rather than a typical memory corruption bug since there's so little attack surface. It's quite possible there are vulnerabilities but it's such a small amount of attack surface exposed by persistent state to the early firmware and OS while verifying.

We've removed the completely unsubstantiated claims of a device running the stock Pixel OS being compromised in an incredibly deep way which bypassed verified boot through exploiting the early firmware verification process. No evidence of it has been provided or even an explanation of why the person believes their device is compromised. If they're being targeted with such sophisticated exploits, why are they aware of the device being compromised in the first place? How do they know it's happening? Many people come to us claiming their device was compromised and it turns out they lack any reason to think that and simply have a strong believe nearly any device they use is compromised based on running into things like minor UI bugs or higher battery drain than they expect. There are people actually being targeted with exploits but they would not typically be aware of it unless features caught the exploit happening or found signs of a payload reused to target many people with flaws allowing it to be detected.

DeletedUser88
Bluntly, if that level of exploit is used against you or a reasonable threat given your threat model then you are a direct national security target of a major nation.

In which case, no one can realistically make any real promises and you likely have the resources to just burn that phone and get another.

As a practical matter, a factory reset will take care of anything you actually have to worry about.

JollyRancher As a practical matter, a factory reset will take care of anything you actually have to worry about.

What about the installing of hardware beacons that a former whistleblower warned certain countries do:

https://www.businessinsider.com/nsa-tao-intercepting-packages-2014-5

Journalists, diplomats and high profile individuals sometimes need to hand over their phones for a length of time when covering sensitive topics. This might be a silly question, but I don't suppose there's an app that scans if a beacon or some fishy non-Pixel hardware chip has been installed?

K8y
No software solution will detect that. Power draw is basically always variable enough, and those devices low power enough, that you aren't going to detect the tampering without a physical examination.

GrapheneOS why is the factory reset more extensive on the boot menu compared to the factory reset through the OS?

dasaint100
An exploited OS can feign a factory reset that is initiated from within the OS