Encryption and Restarting

grap98os

I would like to categorize my partitions by Risk.

The risky partition is Partition 1, or User 1,which has lots of personal information. I want this partition to be encrypted with a long password and to restart after 15 minutes of not being used.

The less risky Partition is Partition 2, or User 2, which I use for casual browsing and games. This does not need a strong password for encryption or to be restarted if not in use, provided that someone stealing my phone while in Partition 2 does not allow access to Partition 1.

Is this possible? If I am using a long full-disk encryption password on User 1, but a short Password on User 2 like 1234, if my phone is stolen by a thief with lots of technical skill or a state-level thief, can User 1's information be obtained?

final

grap98os You can partition different use cases by user profiles, which have their own authentication methods and are encrypted with different encryption keys from each other with android's filesystem-based encryption. The profile you first sign into on boot is the owner profile, and can add/remove profiles and change certain global OS settings.

grap98os The risky partition is Partition 1, or User 1,which has lots of personal information. I want this partition to be encrypted with a long password and to restart after 15 minutes of not being used.

You can create a user profile for this with a long PIN/passphrase, however there is no feature to automatically shut down profiles when not in use currently, only reboot the entire device. There is already a similar request on GitHub.

grap98os The less risky Partition is Partition 2, or User 2, which I use for casual browsing and games. This does not need a strong password for encryption or to be restarted if not in use, provided that someone stealing my phone while in Partition 2 does not allow access to Partition 1.

You can switch between any profile from another, but if you have authentication between all profiles you will be fine. If your profile was manually turned off, not been used once in your session, or you rebooted your device then exploitation to get through the authentication will be far more harder.

grap98os Is this possible? If I am using a long full-disk encryption password on User 1, but a short Password on User 2 like 1234, if my phone is stolen by a thief with lots of technical skill or a state-level thief, can User 1's information be obtained?

This can be difficult to estimate, but you should believe it would be a lot more difficult to do in GrapheneOS in comparison to standard Android due to exploit protections. If your phone is in before-first-unlock state or your profiles are manually signed out of, it will make it additionally difficult to extract. A simple thief wouldn't be able to do anything sufficient.

You can also reduce the likeliness of exploitation by having User 1 and User 2 be their own user profiles outside of the Owner profile, that way if the phone was attacked they'd have to likely attack the Owner profile first and the additional profiles separately. Plus, if you first boot to your device, you boot to an empty Owner profile instead of User 1 or User 2.

Skyway

That's not possible as you describe it .
If your profile with important information was a secondary user profile you can logout when not in use.
Owner profile is always " active " when phone is on .
Additionally a secondary user profile is not accessible with out logging into owner profile after a reboot . owner profile should be a strong password, additional profile passwords can be weak or strong depending on your preference. There's no right or wrong way to use user profiles . Auto reboot ,reboots the entire phone not just one user .

grap98os

So it's less risky to have the information in Owner be simple browsing and other things and have User 2 be more private data, such as contacts, financial information, etc?

It sounds like you think a sophisticated adversary could get into all the data if the phone is unlocked at all, possibly.

final

grap98os So it's less risky to have the information in Owner be simple browsing and other things and have User 2 be more private data, such as contacts, financial information, etc?

grap98os Owner is fine to have less risky things in, in fact for beginner users they suggest using just Owner. For paranoid setups you could have owner have nothing and two separate profiles, that way you can delete the profile at any time + benefits I've mentioned earlier.

grap98os It sounds like you think a sophisticated adversary could get into all the data if the phone is unlocked at all, possibly.

I'm not informed to speculate on what a high-budget/high-capability threat could do to a up to date Pixel with or without GOS installed.

If someone has constant physical access to your device and the budget and skills to keep attempting attacks with it then they will get access eventually. If your phone is taken by someone and there is no possibility of getting it back, your phone might be left as an inaccessible brick for a very long time. But with time passing where the device is not being able to get updates and eventually becoming unsupported, then the risk of successful attack or exploit will obviously increase. Budget and capability are a factor in how sooner this can happen, but the actual length of time cannot be speculated.

Luck could be a factor: It could be any moment someone publically discovers a random exploit like the Android SIM card lock-screen bypass from last November that could work on this OS, or maybe something more sophisticated like an attack on the hardware itself. All would be possible while a phone is seized and unable to patch itself.

If your concern is thieves, then they would more likely be inclined to reset the device to the stock OS and sell off rather than to try and extract what's inside it. As for serious threats assume things are more possible as time passes without your device.