I'm running GrapheneOS on a pixel 6a. I have good reason to suspect that it's been compromised, however I don't have anything in the way of technical evidence.
My adversaries are highly skilled hackers with resources and money, not government level. They are very determined.
I have all stock apps, with the addition of WhatsApp. That's it. I am using my SIM in the phone on 5G network.
When I switched developer options on (for the very first time) I noticed that OEM unlocking was turned ON.
This is obviously not the default so I'm wondering a few things.
What is the adversary trying to accomplish? This seems to me to be an attempt at malware persistence.
Would they not need root access to accomplish this?
My phone is not rooted. Is remote rooting of Graphene possible?
How can I check beyond doubt that the phone has not been rooted?
I am going to reflash the graphene OS on the phone, and take out my SIM. I would like to preserve the evidence in the way of imaging the FS and comparing with the fresh install. What is the best way to go about this? Tools, OS, please get technical.