Is my device corrupt?

GOSuser999

I am on Pixel 7 and completed a system update today (checked GOS website that latest release should be 2025050700). Rebooted my device after installation of the update, and the device started to show the following alert in all reboot attempts ever since:

(topped with a red triangular symbol)
Your device is corrupt. It can't be trusted and may not work properly.
Visit this link on another device:
g.co/ABH (note: in red)

The alert page allowed "press power button to continue", so I pressed the power button and the usual display showed up:

(topped with a yellow triangular symbol)
Your device is loading a different operating system.
Visit this link on another device:
g.co/ABH (note: in yellow)
ID: 3efe5392be3ac38afb894d13de639e521675e62571a8a9b3ef9fc8c44fd17fa1 (note: ID remains same as usual)

I visited the link g.co/ABH and was directed to a Google's page on understanding warning about operating system safety, and did not seem to find further clue as to why I started to see the newly shown corrupt alert described above.

I have been a targeted hacking victim for a while. A few non-GOS devices have displayed different strange behaviour and obvious signs of compromise, and activities on my GOS device were also somehow leaked since at least a few months ago (even before the display of corrupt alert which popped up only since today).

So I really appreciate if you may have some information to my questions:

Do you normally see the red corrupt alert described above?
Are there any ways that I can better ascertain the security status of my GOS device?
Is there any trustworthy organisation that can help put an end to the targeted hacking I am facing? Local police refused to establish a case unless I can come up with concrete evidence about the hacking.

ryrona

GOSuser999 Do you normally see the red corrupt alert described above?

No, your installation has indeed been corrupted. Backup any files and data you want to keep from your phone now, and then reflash and factory reset it completely. Hopefully that restores your device to a non-corrupted state, but it is also possible that the flash storage has been damaged through wear, and that you need to return your device on warranty or get it replaced.

GOSuser999 Are there any ways that I can better ascertain the security status of my GOS device?

If you get the red triangle, your installation is corrupt. You should only be getting the yellow one, with a correct boot hash as listed on GrapheneOS page.

GOSuser999 Is there any trustworthy organisation that can help put an end to the targeted hacking I am facing?

Reflash and factory reset your device. Ensure device is clean, ie, freshly factory reset and correct boot hash. Then, from this clean device, go through each of your online accounts and change your password to a completely new one. A unique password for each online account, use a password manager if you need. Then check in the settings for each online account if there is any linked devices or logged in devices, unlink or log them all out. Check in the settings for each online account if there are any API keys registered, remove them all. Now, reinstall any other device you have too.

At this point you should be safe.

To prevent being compromised again in the future, here are some suggestions:

1) Only install trusted apps, and only from trusted sources. Keep as few apps as possible. Make sure they get automatically updated.
2) Visit only trusted web sites, and do not follow links or open attachments sent to you from unknown persons.
3) Use strong passwords for all your online accounts, and only login to them from your own trusted devices.
4) Double check the URL bar so you are on the official site before logging in into your account there.
5) Make sure that no one has access to your devices, not even friends and family. If you live with other people, use disk encryption with a strong passphrase on all your devices, and turn off your devices when you leave them unattended. For your phone, use fingerprint + PIN unlock.

This should probably be enough. I am a high profile target, yet, I have never had any device hacked or any private information leaked. Basic security hygiene goes a long way, and using GrapheneOS is certainly a good first step.

If you still experience issue, it is time to think about what information it is that is leaking, from where and to whom. Eg, if a specific private WhatsApp chat has leaked, is it possible it is the other party's phone that is compromised rather than yours? Do you have any linked device in WhatsApp settings someone has added when you left your phone unattended?

GOSuser999

ryrona Thanks for your prompt reply and detailed sharing. I have done the checking multiple times already in the past, stuck to the security hygiene you shared, and even more, but my devices (including GOS) still got compromised. The leaked information was very extensive.

Now that my GOS started to show the red corrupt alert (which you suggested to be quite definitive), is there any way to image the device or export all its underlying codes and (have somebody) to examine it?

By the way, how is it possible that the ID of my device displayed during booting still matches the official verified boot key hash?

ryrona

GOSuser999 By the way, how is it possible that the ID of my device displayed during booting still matches the official verified boot key hash?

The right key might still be enrolled, just verification failed. It isn't necessarily a sign your device has been compromised, it could just be disk corruption due to wear.

GOSuser999 Now that my GOS started to show the red corrupt alert (which you suggested to be quite definitive), is there any way to image the device or export all its underlying codes and (have somebody) to examine it?

You haven't really shared any information about why you are a target, or by whom. If you are a high profile activist, some organizations do help with analysis if it is suspected authorities are behind it to shut down activism or democracy. Other than that, I don't really know.

GOSuser999 The leaked information was very extensive.

Where was the information stored prior to leak (which devices and cloud services)? Who else than you might have had access to that information (was it shared with others eg in chats, or did someone borrow your devices)? Was the data leaked verbatim (ie, chat logs, private photos) or retold? Who wanted it, and why? In what way was it leaked, and to whom? How did you learn about it? What consequences did the leak have to you (harassment through mail and phone calls, people camping outside your house, arrests, destruction of your property, physical assaults of you)?

I think this is the first things that needs to be answered, or it will be hard to help further.

Because, it is very rare a device actually gets hacked, it is far more common people get hold of information through other means. And if it doesn't help with securing your device a lot, which you seem to have done, for one by running GrapheneOS, that suggests to me the issue might be elsewhere, so I think we need to find where.