Cellebrite and Signal's disappearing messages

facile

Hey,

this is more kind of a Singal question, but in my experience I don't get an answere on their discussion forum...

Let's say:

the cops seize my phone today
the cops analyze the phone in two months (with Cellebrite)
I've enabled Signal's disappearing messages feature (4 weeks)

1) If the device stays on for the two months, the messages should disappear, right? Let's assume it's decrypted the whole time. But even if the app is not started explicitly the messages should be deleted, right...?

2) What if (and I think that's a very common case):

Cops take the phone
The phone runs out of battery
Two months later, they try to analze it
Let's say: the device is encrypted, but they can analyze it with Cellebrite by brute forcing/exploiting it.

Do messages disappear? As far as I know (and that's where I'm not sure about):

Cellebrite is a pure USB plug-and-play solution (no hardware hacks, no chip-off (extract storage chip from mainboard))
There are two steps: Unlocking the phone (and enabling adb?) and extracting all the information
So when they unlocked the phone and try to extract data - at this time messages should/could disappear.

What do you think? :-D

(I also heard that because of battery optimization you need to open Signal. Having the phone unlocked/unencrytped is not enough for messages to disappear)

A (climate) activist

DeletedUser499

facile

regarding "what if" (2)

presumably you installed Signal on a phone number OTHER than the number in the phone you don't have possession of, and you haven't binned the sim etc.
install signal in a third party phone using the signal sim/number you used and recover from back up when prompted.
Having got access delete everything.
No backup? Signal number on the seized Sim/phone? Poor opsec 100%

userofgos

facile Let's say:
the cops seize my phone today
the cops analyze the phone in two months (with Cellebrite)

Well first off, you'll first want to determine if your device stands a chance against Cellebrite. You can't continue on with this analysis unless you know that from the start. So I'm assuming you are using Pixel 6-9 with GOS.

You'll want to keep an eye out for if there ever is a time when your device is vulnerable, and act accordingly (update to the latest GOS release that patches any security vulnerabilities). This doesn't take into account whether Cellebrite discovered a vulnerability in the two months of seizing your phone.

I've enabled Signal's disappearing messages feature (4 weeks)

You may want to read his disappearing messages work: https://support.signal.org/hc/en-us/articles/360007320771-Set-and-manage-disappearing-messages

When does the timer start?
For a sent disappearing message, the timer starts after you've sent it. This is not a delivery receipt or read receipt.
For a received disappearing message, the timer starts after you've read it.
What happens when the disappearing message timer reaches the end?
The message is deleted from disk.

If I'm understanding this correctly, the disappearing messages will still be in your "seized" device's local database until the device is unlocked and the Signal app is opened (?). (It's not entirely clear whether the message disappears on Signal app open, or in the background when Signal receives internet connection)

Is your local Signal message database unencrypted or encrypted? Have you considered using Molly? See: https://github.com/mollyim/mollyim-android/wiki/Data-Encryption-At-Rest

facile

I think GOS has a good chance to stay safe (TPM secrets are hard to brute force, disabling USB access without unlocking the phone shrinks the attack surface drastically).

To clarify: I'm asking primarily for non-GOS smartphones which the cops can unlock most of the time. But they need weeks/months until looking at these devices (I've seen this multiple times in investigation files). So I'm wondering how many Signal messages will disappear in this time and that depends on how things are implemented - on Signal's/Cellebrite's side.

LeslieFH

facile Signal uses SQL secure-delete so when the messages are deleted they should be quite difficult to restore (it's really difficult to entirely delete data on flash drives), but until Signal deletes these messages, they will be available to anyone who can crack the storage open. If worried about access to data, use the Molly fork and set a separate strong encryption password for the messages database.

facile

LeslieFH

it's really difficult to entirely delete data on flash drives),

This is not true imo. Android uses FBE (file based encryption) nowerdays. Every file is encrypted file with a seperate key. That makes it really hard to recover deleted files.

Unfortunately, so far no one really could answer my question :(