• General

  • GrapheneOS and Aiports (And other forced unlock scenarios)

Consider this article: Returning travelers made to hand over phones and passcodes to Australian Border Force

An official asked them to write their phone passcodes on a piece of paper, before taking their phones into another room.

How would you best protect your information in a situation like this?

Some options include:

  • Refusing to write your password down and being refused entry into the country (you would lose the value of your flight, hotel, etc.) or having your phone confiscated
  • Bringing a burner phone on your trip with little/no personal information on it and handing it to them (the downside of this is that if your main phone is back home, you won't have all your information/apps with you and if you want to take pictures on your trip, you'll be using whatever camera is on your burner phone. Also, trying to hide your main phone in checked/carry-on baggage won't work either because they will X-ray it again if you're getting pulled aside in the first place.)
  • Using a burner phone as mentioned above and mailing your main phone to your destination in advance.
  • You could install an app that disables the USB port on your phone (hoping they don't find and disable the app) which would prevent them from connecting it to a computer in the back room but they still go through everything else manually

Would love to hear your thoughts.

    tezeron another suggestion is to use different profiles and unlock a prepared, but harmless user profile for them (but they could figure it out and ask for owner profile access).

    You could also backup your data, put that on a cloud you control, do a factory reset and only have a barebone smartphone when crossing the border. At the destination you could download and restore your files and voilà, you're back to normal. It's more inconvenient but that's how security and privacy usually are if you have a more serious threat model.

    Michael Bazzell usually takes a burner phone and does the cloud backup strategy for his laptop, in case that is something you could relate to (I'm personally more fond of using GOS for everything it can do because of the much higher security model compared to laptop hardware and software).

    Edit: Typo

        • [deleted]

        • Post #3

        I have a Nokia dumb phone for this purpose. My Pixel stays at home if I travel abroad. Simple.

        • [deleted]

        • Post #4

        N1b Assuming of course that you get your phone back.. Who's to say?

        • N1b replied to this.

            [deleted] true but if not you could buy a new Pixel 6a (if available in the country), put GOS on there and restore the backup. Or yeah just find another solution like buy a cheap phone and use it only for necessary stuff and without logging into accounts. In the end it's all about preparing properly according to your threat model.

              • [deleted]

              • Post #6

              I lived in Australia for many years and traveled frequently. The border control issues started taking off around 2017 and got progressively worse.

                N1b

                Along these same lines, you could have all your stuff in a work profile. When asked to unlock your work profile, you could tell them your company has a policy whereby they lock you out of your work profile when you travel and they can contact your IT department with a request to unlock it. This will likely get your phone confiscated but could work.

                • N1b likes this.

                  [deleted]

                  I visited Australia in the last 3 years and they searched all my stuff thoroughly in addition to asking me silly and nonsensical questions about my trip. Felt like the ultimate power trip from the border agents.

                    tezeron Best advice is the travel phone, theres no way around it. If picture quality is a concern then a dedicated camera would be what you really want but that may be expensive and depending where you're visiting may even make you a target for thieves. I suggest getting a used, eol pixel since it will be cheap enough to not worry about (in case you never see it again) but just add the bare minimum of info/apps needed, for example offline maps, temp communication apps like simplex, prepaid sim from the country you're visiting, etc... If you're really paranoid you can keep it on airplane mode or just turn off the device when you dont need it. This is the only use case imo for using an end of life device since you get a pretty decent camera and a temp device for a low price. When you get home, backup the pictures and other data you would like off the travel phone, factory reset it if you like, and keep it somewhere safe until your next trip.

                    • N1b likes this.

                      I travel with my phone anywhere just fine without any issues, best way to ensure you're all good is to just backup whatever you need on your phone encrypted to your own cloud server or storage box and factory reset your GrapheneOS phone and then flash it back to Google Pixel stock before going to the airport and then after you're already in the country you flash it to GrapheneOS and recover your data and enjoy your trip.

                      Flashing back to Google is my recommendation because if someone who knows phones might know about GrapheneOS and find it suspicious, so just go ahead and eliminate that worry by flashing it back to Google Pixel software and then use GrapheneOS once you already passed through fine.

                      This is the best way and it doesn't really take much time to do it if you're really worried about staying safe.

                        • [deleted]

                        • Post #12

                        GrapheneLover I disagree. Border Control still has the power to take your phone, and they will do, given enough suspicion.

                            [deleted] What is there to disagree about? What I wrote above your phone is very unlikely to get confiscated if you follow the directions I stated. That's why you would flash it to Google stock first so there is no suspicions. I'm willing to hear why you disagree though.

                                [deleted] What is there to disagree about? What I wrote above your phone is very unlikely to get confiscated if you follow the directions I stated. That's why you would flash it to Google stock first so there is no suspicions. I'm willing to hear why you disagree though.

                                  • [deleted]

                                  • Post #15

                                  GrapheneLover It's got nothing to do with the phone. Leave the phone out of it. It's got everything to do with you and your behavior passing through Customs. I've seen Australian Customs first hand. I suspect you haven't.

                                      [deleted] Yes you're right it depends on your physical behavior and also can be your looks and as well as you can have red flags on your profile. I have seen Australia first hand and have been to dozens of countries throughout Asia, Africa, and Europe where there are tight security measures. I have had zero issues regarding the phone situation as I have followed my methods, as long as you comply with them and give the password to your "fresh" phone and let them do whatever they want with it they have always returned it to me, and then I flash it back to whatever ROM there was back in the day or to GrapheneOS nowadays.

                                        Let's not discuss about what border control personnel would or would not do. The OP suggests you get pulled and asked to hand over your phone and access to it. How do you protect your data in case this happens?

                                        tezeron
                                        In the end it all comes down to not having any data that you want to protect with you while crossing the border. It's the only way to be sure it can't be confiscated, copied or cracked down the road. Whether you solve this through burner phones, wiped phones, online backups, no phone at all etc. is for you to decide. Maybe your threat model allows for most of the data to be confiscated, which would add convenience. Maybe your threat model is to not give any data while perfectly blending in, in which case you would probably invent a whole new identity on your border phone.

                                          I think I would just carry a dumb flip phone, but I have the luxury of sitting around and playing in my head, without much need to face reality.

                                          Whatever deficiencies some may see in GrapheneOS, because it lacks some pet “feature”, it seems to be the best we have today to protect those who truly need it.

                                          Good luck to each and every one of the folks who face such circumstances.

                                          2 years later

                                          Travel with 2 devices

                                          • one dumb phone with almost fake contacts (do not reuse an used dumb phone because deleted data can be recovered with physical extraction and it's not easy to properly overwrite data on them) you don't want to be associated with a drug dealer if the phone is from second hand market.

                                          • one empty google pixel with stock OS (GrapheneOS will rise suspicion)

                                          All important data will be in the cloud. Do not trust cloud providers zero knowledge encryption and encrypt your data locally before to upload.

                                          Password to encrypt your data on your computer or phone must be different from the one you will use to access that data in the cloud.

                                          Once safe at home, install GrapheneOS and set your pixel again. Not convenient but it's the best thing to do.

                                          Don't send your phone with data through post, it's risky. Package can be lost, stolen or confiscated.

                                          tldr

                                          these questions are so often I dont get it, don't people know about cloud storages?
                                          whats holdingb them from backing up the data, wipe the phone and cross the border and if you wish so agree to the requirement of the LE and give them a brand new empty phone?

                                          is this so difficult in 2025 to use a cloud storage???