Messi2023 my pixel 3 xl was seized by german authorities and worked on by LKA, BKA and Cellebrite in Munich. No data was extracted. I have a strong alphanumeric password. If you use a strong password and the phone is in BFU state. It's impossible to extract any data. Encryption at rest is no magic. If it is implemented in the right way, which is on pixel and newer android and you use a strong passphrase you're good.

      Nuttso yes I heard in BFU its super strong, but when a phone has been taken off someone, I wonder how strong it is with a strong password in a AFU state.

        trilogy6202 I read somewhere in here that the owner profile is newer at rest and encrypted while the phone is off

        I think this is slightly misleading - ANY profile is not at rest AFU. The difference between owner and other profiles is that other profiles can be put into BFU state by ending their session while owner profile can only be put into BFU by reboot.
        Since owner profile must be unlocked almost immediately after reboot to use the phone, I agree with @trilogy6202 that owner's profile is pretty much never at rest just not because of profile defect but because of how it used.

            f13a-6c3a so how resistant do you think the phone is after AFU, saying the phone has been took from you in a secondary user profile

                Messi2023 hardly unlikely that they would have the time to do anything to the phone. The auto reboot feature is based on a monotonic counter. Never heard of a case that forensic showed up while doing the arrest or the raid. You should be more concerned about hacking the device and having a direct look at it while you are using it than they extracting anything. Nobody could answer that question you are asking. AFU is vulnerable BFU isn't. Change how u use your phone if you're that concerned. I know a lot of people in the German infosec community and some members of the chaos computer club. Even them they didn't raid and arrest with forensic team at the same time. All newer androids and phones use file base encryption instead of FDE. The reason for this is to reduce possible AFU attacks. Imo it's impossible for them to do anything to your phone before it reboots. They need to have a working exploit for titan

                    Nuttso
                    Somewhere I read that some jurisdictions will immediately place phones into Faraday bags so as to block remote tampering/wiping.
                    And indeed, hacking and spyware (application or google spyware) are my concerns.
                    Someone up to no good would use a laptop anyway.

                        Can you give us a hint of what your concern is?

                        Nuttso the phone was already in AFU and the auto reboot function was not set up on the phone, I've only.just learned about the auto reboot function, but the phone was immediately placed into a Faraday bag, so I'm trying to see how vulnerable the phone is as it was in AFU, the only thing I noticed is sometimes the phone would switch back user when it was in my pocket, so I hope it has randomly rebooted

                            Messi2023 nothing will happen with your phone. They don't have a working exploit for pixel with AFU currently no matter who your adversary is.

                              • [deleted]

                              • Post #23

                              what about ios? Just curious!

                                • [deleted]

                                • Post #25

                                Nuttso brand spanking new 14 pro or 14 pro max?

                                    @Messi2023 if you need further info pass me a signal number

                                    [deleted] not that I know of any forensic lab that can access them. Not even grayshift

                                        I have to revise a statement of mine. I just asked my lawyer if IT forensics companies are present during arrests or searches in Germany and he confirmed it. Only recently at a tax investigation. Does not mean anything, because it is primarily about pc.

                                          Nuttso if your phone is in AFU mode, and a forensic team has your phone, what can they do?
                                          I'm just a simple user so I don't know many technical terms

                                              L8437 afaik at the moment not much. The only thing that is definitely true is that BFU is impossible with a strong 128 bit entropy random pass and AFU is cat and mouse game

                                                  Nuttso ok great thanks

                                                  Does anyone know how vulnerable is the phone in BFU mode with or without simlock for an Esim?

                                                      Cellebrite has announced bruteforce support for Google Pixel phones (including GrapheneOS) up to gen 5 in one of their private chat groups on discord, this means that they have the ability to bypass the secure element (titan M). Also Dutch NFI (law enforcement) have made it possible to inject malicious code into pixel phones during the fastboot mode in which they are able to extract encrypted keys which can be bruteforced. Again this means they have find a way to bypass the secure element of the pixel phone. The only way to get around this is by:

                                                      1. Buy a 6th gen Pixel phone or higher and update it always when updates are available.
                                                      2. Make sure your phone has auto-reboot and turns your phone in BFU state every now and then. (though BFU wont wont help protecting from injecting malicious code during fastboot mode)
                                                      3. Make sure to use a long, strong and complex alphanumeric password.

                                                      This is what I can think about for now.