Tips to verify device integrity after an untrusted party has access

greenpuffin96

Let's imagine a scenario where you know some untrusted party has the password to your owner profile. The details of how that happened are irrelevant. Your owner profile has no personal information in it. All personal information is in secondary profiles. The untrusted party doesn't have the password to any other profile than the owner.

Once you receive your phone back, what steps should you go through to verify that nothing malicious has been done to the phone, such as some type of ADB modifications, or installed software? Let's forget about factory reset for the sake of discussion.

The threat model is also not relevant for this question. It would be helpful to discuss a range of threat models, so we can decide which actions fit our own. Discussing for only one specific threat model isn't so useful for a broader population.

userofgos

greenpuffin96 what steps should you go through to verify that nothing malicious has been done to the phone, such as some type of ADB modifications, or installed software?

https://grapheneos.org/install/web#verified-boot-key-hash
https://grapheneos.org/install/web#hardware-based-attestation
https://attestation.app/tutorial
Check permissions granted to apps, especially Special app access permissions (device admin, etc)
Check Developer Options

23Sha-ger

Check that the bootloader is locked, OEM unlocking disabled, verify device boot hash.
Check for new apps and device admin permissions, accessibility permissions, USB debugging. Turn off dev opts.
Check that no new unlock methods were enrolled, reset the passwords and fingerprints.

I'm assiming we are talking about a GOS device, a random Android can be backdoored in multiple ways.

greenpuffin96

23Sha-ger I'm assiming we are talking about a GOS device, a random Android can be backdoored in multiple ways.

Yes a GOS device