Personal anecdote, come to your own conclusions.

V1king Then he just hands the phone over to me. So I guess their tools couldnt get anything out of the pixel.

I saw it was not possible to get into a modern and up-to-date Pixel with tools like Cellebrite without wilful surrender of the unlock method used. I tried it. If the device was not surrendered with a method of unlock then police can't really do anything with it. You'd likely need a novel, unknown exploit to try something, which is quite difficult. As for GrayKey, they are iPhone-centric. While they also support Android devices they don't support modern Pixels officially, only via 'broad consent' (their shitty marketing way of saying a basic extraction - that's probably not as good as Cellebrite's standard settings...)

In addition, law enforcement digital forensics products such as Cellebrite UFED / UFED Touch typically also avoid supporting novel and harsh exploits to extract data unless they are public and after a while of time has passed. They only really get used as features if forensic integrity can be maintained like the ones GrayKey use for iPhones. Attempting something special has a massive risk of compromising forensic integrity of the device's evidence, which would make it invalid in to submit in court.

I have no knowledge of Cellebrite Premium and Advanced Services being able to do the better, but obviously if there is enough time, budget and focus, you can exploit anything.

V1king "What kind of phone is that?"

Depending on the country, I'd like to believe he lied and knows it's GrapheneOS.

        final Actually a lot of cops don't know about GrapheneOS, it's just this year that they start to become aware of GrapheneOS because a lot of high end criminals use GrapheneOS as the OS of choice (which makes sense). Also Cellebrite is really shady when it comes to support for google pixel phones, they mostly keep this information 'classified'. I know for sure that Premium will roll with support for pixel phones (BF support for BFU and AFU pixels), they probably already offer this service to cops (this is from what I read in their chat channels).

            Hathaway_Noa Actually a lot of cops don't know about GrapheneOS, it's just this year that they start to become aware of GrapheneOS because a lot of high end criminals use GrapheneOS as the OS of choice (which makes sense).

            I imagine in a worldwide space this is the case, like I said this is just a personal anecdote, some I have known have been aware for 2-3 years but I am in a very tech-focused nation.

            Hathaway_Noa Also Cellebrite is really shady when it comes to support for google pixel phones, they mostly keep this information 'classified'.

            Cellebrite don't like discussing devices where they have harder efforts with at all, new iPhones also get similar treatment

            I mentioned in a comment elsewhere a while ago, but from base UFED they support logical extraction for all Pixels, Filesystem and Physical if rooted.

            Hathaway_Noa I know for sure that Premium will roll with support for pixel phones (BF support for BFU and AFU pixels), they probably already offer this service to cops (this is from what I read in their chat channels).

            DISCLAIMER (for anyone except Hathaway_Noa ) This is just speculation. I don't want to be the bringer of false hope, so do please take with a grain of salt.

            From my own slight educated guess, I would say they could have AFU support in stock... and if they had ever had a BFU it would likely violate forensic integrity and be a extreme last resort. I had an LEO tell me that GrapheneOS was 'a total pain in the ass' at a conference. I mainly make these judgements since I have a UFED myself and I am Cellebrite certified, but I have no access to the other services hence why I said I have no knowledge of their capabilities (I am not a cop).

            I don't completely invalidate any theory that it could be worse than what I think though. Pray the 0day lottery is in your favour

                      Y'all can correct me if I'm wrong here, but assuming the phone is in BFU state when the advesary gets a hold of it, and assuming that you use a password that distrusts the secure element (90+ entropy password/passphrase), I fail to see how they can get anything from it, seeing as everything is at rest and cannot be bruteforced.

                        matchboxbananasynergy

                        I came across an article of elcomosoft and BFU extraction some time ago link

                        They could extract 45gb out oft 150gb in BFU mode in an IPhone. I assume that those files where not encrypted but idk since the article has no information about that.

                        Edit: the partial data recovery is possible by a bootrom exploit
                        "The more interesting option is available for select Apple devices that have a bootrom vulnerability exploited by the developers of the checkra1n jailbreak. "

                          V1king are they not allowed to ask you to unlock the phone for them? Why do they have to do it behind the curtain with the hacking tools?

                              I'm working with bunch of lawyers in Germany hand in hand on the encro and sky ecc cases. This is our work here:

                              https://www.fairtrials.org/articles/legal-analysis/german-courts-refer-the-legality-of-encrochat-evidence-to-the-cjeu/

                              We went through bunch of stuff related to extracting data and hacking devices. In Germany it is impossible to grab any data or hack a device without telling all the details to the court. Encro and sky are exceptions. They ship around providing the raw data because the law in France is different. If there ever would be a case breaking the BFU of a pixel in Germany by law enforcement i will get access to the whole technical data.

                                matchboxbananasynergy Y'all can correct me if I'm wrong here, but assuming the phone is in BFU state when the advesary gets a hold of it, and assuming that you use a password that distrusts the secure element (90+ entropy password/passphrase), I fail to see how they can get anything from it, seeing as everything is at rest and cannot be bruteforced.

                                I imagine from a forensics perspective it's already extremely difficult to succeed without this type of setup, so this would make it so much more. I'd still never say never and assume anything can be exploited with enough time. GrapheneOS already does a lot to make certain extraction methods not possible in comparison to Stock.

                                Nuttso you're one of the very few people that seem to understand what kind of importance data integrity has Infront of a court.

                                Thanks. While I focus on information security now I used to do Mobile forensics, hence how I am qualified for using UFED (A Ruggedized UFED Touch2 to be exact). Luckily never been to court but know many people who have.

                                I read the thread and the conclusions you make are about the same as mine, although I think Cellebrite are less capable than both what they describe and what people think they might have, mainly because when things get as sophisticated as this, they simply aren't for Cellebrite to deal with. I also made a post a while ago about how GrapheneOS features make Cellebrite unintuitive and why they would likely avoid using them entirely here:

                                https://discuss.grapheneos.org/d/4727-graykey-countermeasures/30

                                Oftentimes I find the overhype being just people grouping Cellebrite with intelligence-agency level threats which isn't comparable or realistic. These tools quite literally exist so investigators can do the work with minimal knowledge, time, and effort while maintaining forensic integrity. I would not be inclined to think an intelligence agency who will classify everything would give a shit about ANY integrity considering they would kill to get information on some people depending what state it is. Plus, sometimes knowing information on a target could be so good for their operations it doesn't matter if the evidence is invalid to them or not.

                                Nuttso I'm working with bunch of lawyers in Germany hand in hand on the encro and sky ecc cases. This is our work here:

                                I can't say a lot about these since my knowledge basically boils down to hyped news articles. From what I've seen these devices have always been total garbage, and the fact they could get away with making a phone that essentially relies on trusting a centralised, targeted and at-risk source to function is really bad... not to mention their insecure hardware.

                                I don't remember where this was said but I remember hearing that GrapheneOS gets targeted by companies who sell that crap because the existence of a real, open and secure mobile OS like this one puts these criminal markets out of business. Big reason why I donate and support this project.

                                        final I'd still never say never and assume anything can be exploited with enough time

                                        Even AES? I mean with enough time. But who cares that happens after trillion years passed.

                                            Nuttso When quantum computing reaches maturity it will crack AES, RSA, etc. Also, NIST has begun planning the transition to quantum-resistant encryption algorithms.

                                            Intelligence agencies have been hoarding data to be decrypted once their quantum capabilities are sufficient. Crazy times.

                                                Kryptos That is not true. AES isn't really in any danger. Quantum just reduces the time needed to crack it by half. Symmetric encryption is quantum safe. Asymmetric encryption not. This is why we try really hard to get funding for molly to implement a quantum safe algorithm.

                                                    Kryptos Nuttso
                                                    For further reading, I found this paper to be really valuable:
                                                    Post-quantum cryptography - dealing with the fallout of physics success (Bernstein and Lange)

                                                    From table 1 on page 3:

                                                    Name: AES-256
                                                    Function: block cipher
                                                    Pre-quantum security level: 256
                                                    Post-quantum security level: 128 (Grover)

                                                    Name: RSA-3072
                                                    Function: encryption
                                                    Pre-quantum security level: 128
                                                    Post-quantum security level: broken (Shor)

                                                    Name: RSA-3072
                                                    Function: signature
                                                    Pre-quantum security level: 128
                                                    Post-quantum security level: broken (Shor)

                                                    Keep in mind that the definition of "post-quantum" is fuzzy and uncertain. There are many players in the academic-industrial-military complex overhyping its imminence in the pursuit of investment / grant money.

                                                    As far as I am aware, there are no reputable expert quantum physicists in the field that expect this to happen sooner than 10 years from now, but most of them expect it to happen within the 21st century.

                                                          Nuttso

                                                          Not sure if I should answer this but,

                                                          Sweden.

                                                          The iPhone 12 Pro was in lockdown mode, latest OS at the time.

                                                          But I noticed that some apps I opened after starting it up, asked for new permissons about notifcations after booting it up. Weird.

                                                          Both phones had long passcodes.

                                                          I assume they couldnt extract anything from any phone since I would 100℅ be in jail by now if they gained acess to neither of them.

                                                          I Think Pixel was in lockdown mode only.

                                                            thetraveller1

                                                            They are now allowed to use violence here for FaceId and fingerprint unlock. Which is why I always make sure I use lookdown mode before putting my phone away.

                                                            . They never asked for my passcode because they probably knew my answer would be "I dont remember my password".

                                                                Nuttso Symmetric encryption is quantum safe. Asymmetric encryption not. This is why we try really hard to get funding for molly to implement a quantum safe algorithm.

                                                                Thought I sent a reply about last replies, guess it didn't.. I don't think AES with a good enough key size is weak by any means, I just think:

                                                                • Science can be very unpredictable sometimes
                                                                • Most people wont go out of their way to target the encryption, but the systems that make the encryption possible. While I think this is completely miniscule of a risk for a securely designed system like Pixels, all about time, budget and interest.

                                                                I would love to see Kyber or other NIST PQ algorithms get tried out in messaging applications soon. I'm not much into the quantum/science stuff though so I can't comment.

                                                                zzz There are many players in the academic-industrial-military complex overhyping its imminence in the pursuit of investment / grant money.

                                                                As someone in there this is true. Too much obsession with commercial trends, and creating useless solutions from a lot of junk put together (eg. Blockchain technologies + something like Childcare).

                                                                V1king They are now allowed to use violence here for FaceId and fingerprint unlock.

                                                                Personally if I was at risk of violence I'd only use GrapheneOS + everything on a profile so I can delete that profile during a tough time, although I'm not at risk of either so maybe I can't think of any better plan.

                                                                        V1king I reinstalled the OS and verified that nothing was tampered with and all is good.

                                                                        For the Pixel the auditor app and the remote attestation service are supposed to warn you when the phone get tampered. You don't use them ?

                                                                        You verified that nothing was tampered after new OS install ? In case of hardware tampered, fresh GOS and attestation install not sure if the auditor and attestation service will detect this.