List of (disabled) apps in BFU

keycap_puller

I bought a separate Pixel and installed GOS to manage crypto assets. As far as I know, it's possible to retrieve a list of apps in the BFU state. The best available protection is the USB-C charging-only setting. But what if this is not an option? Can I disable the apps for protection? Are disabled apps still visible to Cellebrite and Graykey in BFU?

littlerack

keycap_puller As far as I know, it's possible to retrieve a list of apps

Should you back it with any source?

MetropleX

The only apps that should be seen BFU are those implementing the Direct Boot API such as keyboards to enable password input to unlock the device. All other apps should remain encrypted without the ability to run BFU.

keycap_puller

MetropleX All other apps should remain encrypted without the ability to run BFU.

Yes, it's true that all apps are encrypted (their data) until the user unlocks the screen for the first time, but I am asking about the visibility of the app list in BFU, because this could pose a risk if a threat actor knows the phone is used for crypto.

A BFU extraction doesn't mean a typical extraction when the device is BFU, rather it is a special type of extraction to get a limited amount of data available by a device in BFU state. It's a weird misnomer and it could be more specific. If a forensics tool can brute force a device successfully from BFU, then they are performing an Unlocked extraction since they unlocked the device first.

With BFU you're booting into the operating system to decrypt it. A very small footprint of the OS is encrypted by the device and not by a user's own credentials.

A BFU extraction is to extract that particular data. Usually it provides very limited information about the OS and other device-encrypted data like app APKs (user/app data cannot be seen, only that the app is installed on a profile)

As described in the document they have a method of extracting that data for the stock OS, but not GrapheneOS.

https://discuss.grapheneos.org/d/12848-claims-made-by-forensics-companies-their-capabilities-and-how-grapheneos-fares/88

keycap_puller as far as this response goes to the request for sources, it is a rule here that claims be backed up with evidence, this isn't a judgement upon those posting such questions or concerns but for the benefit of less knowledgeable people on the forum and to provide a better knowledgebase within the forum for reference as I have used to respond to you.

MetropleX

@littlerack I've been sympathetic to you but please refrain from adding further non helpful antagonistic and personal responses.

Novalissoide

@"littlerack"#p223725 please lilrack, you're better than this. Tread softly.

MetropleX

andrej567 yes clock does, but the question was asked if the limited data is available BFU on a GoS device it isn't regardless of Direct Boot API use by an app. Also don't really need an extraction to tell you that, it's a basic assumption and common knowledge anyway.

Novalissoide

MetropleX I have a small question, Heliboard is among the third party keyboard apps that can be used BFU for doing unlocking. This keyboard also has a handy clipboard that survives between reboots. Do you think this clipboard is exposed to any risk of compromise before unlocking?

de0u

Novalissoide Maybe. It would be necessary to review the code.

de0u

Novalissoide If no use is made of Device-Encrypted Storage, it's probably OK?

https://developer.android.com/privacy-and-security/direct-boot

Novalissoide

de0u yes, thanks. All I've found from their faq was like:
https://imgur.com/a/BwW8APV

but I will ask them directly tomorrow.

Novalissoide

de0u now I asked in their Github discussions. I also started keeping sensitivies flushed from the clipboard, as well as turned clipboard history off, since I'm not sure.
https://github.com/HeliBorg/HeliBoard/discussions/2431

Novalissoide

de0u
Got an answer
https://imgur.com/a/vHCJPx7

de0u

Novalissoide The provided answer sounds right (in part because that would be easier to code), but a very careful person might want to check.