If you ever think your phone is about to be stolen or seized you want to power it off for this exact reason
That’s the thing, you don’t… my friend’s phone got snatched while he was recording, he had good enough reflex to press the lock button, but I don’t know if that’s enough
He uses GrapheneOS, and the attacker wasn’t a cop…
An advanced attacker that has access to forensic imaging tools can pull data off of your phone as long as it has been unlocked the first time after boot.
There are some models and some OSs (like Graphene on the newest Pixels) that are safe, for the time being, in AFU mode. You still want to power the phone off if you have the chance.
In your friend’s situation, his phone can be powered, isolated from RF to prevent remote wiping and kept in a lock state in order to preserve the keys in memory until an exploit is found for that model. If the OS automatically reboots after 3 days, it prevents this kind of attack.
Oh now I get the use case for such feature, I was thinking: why would the attacker wait for 3 days to Unlock the device or even give you time to reboot it (that’s why I mentioned this story)
That’s the thing, you don’t… my friend’s phone got snatched while he was recording, he had good enough reflex to press the lock button, but I don’t know if that’s enough
He uses GrapheneOS, and the attacker wasn’t a cop…
It is not enough to lock the phone.
An advanced attacker that has access to forensic imaging tools can pull data off of your phone as long as it has been unlocked the first time after boot.
There are some models and some OSs (like Graphene on the newest Pixels) that are safe, for the time being, in AFU mode. You still want to power the phone off if you have the chance.
In your friend’s situation, his phone can be powered, isolated from RF to prevent remote wiping and kept in a lock state in order to preserve the keys in memory until an exploit is found for that model. If the OS automatically reboots after 3 days, it prevents this kind of attack.
Oh now I get the use case for such feature, I was thinking: why would the attacker wait for 3 days to Unlock the device or even give you time to reboot it (that’s why I mentioned this story)
It makes sense for a number of reasons. You could be being detained or your device could be sitting in lost and found.