Yeah I wanted to mention the auto reboot but forgot.

Your curiosity exceeds my knowledge now so I can't help you any more.

My last comment is that GOS+pixel is likely the most secure smartphone setup in the world and if your threat model demand more, I think your better off with a dumbphone.

treequell I've read everything on the websites, is there any graphene os guys on these forums or is it all only just users

Got a question about "Auto reboot" : I suppose if the phone reboots, you loose mobile connection until you enter the sim code again ?

    Messi2023 my pixel 3 xl was seized by german authorities and worked on by LKA, BKA and Cellebrite in Munich. No data was extracted. I have a strong alphanumeric password. If you use a strong password and the phone is in BFU state. It's impossible to extract any data. Encryption at rest is no magic. If it is implemented in the right way, which is on pixel and newer android and you use a strong passphrase you're good.

      Nuttso yes I heard in BFU its super strong, but when a phone has been taken off someone, I wonder how strong it is with a strong password in a AFU state.

      trilogy6202 I read somewhere in here that the owner profile is newer at rest and encrypted while the phone is off

      I think this is slightly misleading - ANY profile is not at rest AFU. The difference between owner and other profiles is that other profiles can be put into BFU state by ending their session while owner profile can only be put into BFU by reboot.
      Since owner profile must be unlocked almost immediately after reboot to use the phone, I agree with @trilogy6202 that owner's profile is pretty much never at rest just not because of profile defect but because of how it used.

        f13a-6c3a so how resistant do you think the phone is after AFU, saying the phone has been took from you in a secondary user profile

          Messi2023 hardly unlikely that they would have the time to do anything to the phone. The auto reboot feature is based on a monotonic counter. Never heard of a case that forensic showed up while doing the arrest or the raid. You should be more concerned about hacking the device and having a direct look at it while you are using it than they extracting anything. Nobody could answer that question you are asking. AFU is vulnerable BFU isn't. Change how u use your phone if you're that concerned. I know a lot of people in the German infosec community and some members of the chaos computer club. Even them they didn't raid and arrest with forensic team at the same time. All newer androids and phones use file base encryption instead of FDE. The reason for this is to reduce possible AFU attacks. Imo it's impossible for them to do anything to your phone before it reboots. They need to have a working exploit for titan

            Nuttso
            Somewhere I read that some jurisdictions will immediately place phones into Faraday bags so as to block remote tampering/wiping.
            And indeed, hacking and spyware (application or google spyware) are my concerns.
            Someone up to no good would use a laptop anyway.

              Can you give us a hint of what your concern is?

              Nuttso the phone was already in AFU and the auto reboot function was not set up on the phone, I've only.just learned about the auto reboot function, but the phone was immediately placed into a Faraday bag, so I'm trying to see how vulnerable the phone is as it was in AFU, the only thing I noticed is sometimes the phone would switch back user when it was in my pocket, so I hope it has randomly rebooted

                Messi2023 nothing will happen with your phone. They don't have a working exploit for pixel with AFU currently no matter who your adversary is.

                • [deleted]

                what about ios? Just curious!

                  • [deleted]

                  Nuttso brand spanking new 14 pro or 14 pro max?

                    @Messi2023 if you need further info pass me a signal number

                    [deleted] not that I know of any forensic lab that can access them. Not even grayshift

                      I have to revise a statement of mine. I just asked my lawyer if IT forensics companies are present during arrests or searches in Germany and he confirmed it. Only recently at a tax investigation. Does not mean anything, because it is primarily about pc.