- Edited
This blog post explores the current unlocking capabilities, as described in the February 2025 documentation distributed to customers: A deep dive into Cellebrite: Android support as of February 2025
GrapheneOS still not vulnerable to Cellebrite device exploitation as of Feb 2025
that guy sounds familiar
mehehe, at least they have the last column, "unlocked" to have at least some yes in the table.. Very good job!
- Edited
lovely news, iOS tables would be interesting also
With regards to pixel standard, the "yes" for BFU, does this mean they are able to bypass the titan m2?
L8437 No, it means they're able to get some specific information while the device is in BFU state, such as installed apps etc. What you're thinking of is "BF" (bruteforce)
matchboxbananasynergy crazy, why is that information even available before first unlock
abdullah Some information has to be available so that direct boot can work. It's the reason you can reboot and have your alarm still ring, as an example.
matchboxbananasynergy is it possible to turn this off? So nobody van see which apps.are installed?
Fartimoji Doing so still requires an exploit, which according to Cellebrite documentation, is not currently possible on GrapheneOS.
We might eventually make it so you can use a pre-boot password, but that would be a complex feature to ship.
- Edited
matchboxbananasynergy yes, it looks like it's a very complicate thing to implement but I hope that the device encryption space protected with the owner profile pin/password will be on the highest priority for the GrapheneOS devs. I want MSAB, Cellebrite, Magnet, Oxygen, MD-Next and others forensics companies to be like "we can't extract anything at all" when they will find a pixel with USB-C port off, random complex password for the owner profile and device in BFU state.