Oddbean

Most devices require a password or passcode upon first startup so that would be fine. But it would be an issue if you had already logged in once, which they could force fingerprint or facial recognition authentication.

Yup. Well said. And another reason I love #GrapheneOS. Auto-reboot function puts the phone back into BUL (before unlock) mode so if your device is taken, it's only a matter of time before it reboots into BUL mode. And there's lockdown mode if you think your phone might soon be taken. Just longpress on the power button and choose lockdown and the phone will go into BUL state. Afaiu there are also some other things like a duress feature where you enter a different unlock pin that will erase the contents of the phone. I also highly recommend setting up PIN scrambling to mitigate against "over the shoulder" pin extraction :)

Lockdown only locks the device and disables fingerprint as an unlock method for the next lock. Data is still not at rest and remains in AFU. If you're using a user profile then the End Session button (GrapheneOS feature) purges keys and puts that specific user profile back at rest / in a BFU state! It's just a frill to prevent someone unlocking your phone with your finger while you sleep or something, it doesn't prevent much, may be possible to rename or remove this upstream feature to avoid misleading people. Chain of custody and device seizure processes typically instruct the device needs to be contained in a faraday bag as soon as possible and sent to a lab handled by a professional. Keeping a phone in the open exposed to any networks is very bad for them as it means someone could erase the device remotely. Labs can come in different degrees of capability and they can be moved to better labs if the current lab fails to extract evidence. Good example is a local PD to an FBI lab. Some may be instructed to go directly to higher levels. I'm aware the FBI has a few national labs called Regional Computer Forensics Laboratory (RCFL) who get involved with serious crime seizures or more advanced/risky seizure targets. They do some pretty weird stuff! By that time the phone moves to a lab the auto-reboot should have triggered unless you're so high priority they make the move to a lab and ask for that fingerprint on the same day. If they are aware of the nature of the device, they could try getting to work immediately in a portable lab as well which changes the circumstances... but they would need to know you're using GrapheneOS. FBI do a lot of surveillance work so they'd watch you to make sure they can figure out your PIN. Using a fingerprint protects this from happening. The duress PIN / password is in the works, and also work towards a second-factor PIN for fingerprint unlocks have been quite steady and is heading towards the late stage. It's likely to combine these features too. While they are good benefits, it also means that they will treat the device differently if they know this feature is present on your phone before they get it. They won't make you touch the device at all, but with auto-reboot that could also be a blessing.

@final [GrapheneOS] 📱👁️‍🗨️ Thank you for the clarification. I agree, it would likely be good to rename it or just have it actually perform an end session lockdown, and yes 💯 a Faraday bag is a must. Looking forward to the duress feature :)

*note: surveiling a target to know their PIN isn't really something they usually do because they usually expect the device they seize to be exploited and brute forced open... Think a Ross Ulbricht degree of suspect, you'd need to be known as high-profile, high-risk. How you act on that depends on threat model. They know about GrapheneOS so if I was in their shoes this would be my go-to for a GrapheneOS user every time... but it's not.

Also, USB-C port controls to disable the port or it's data transfer lines. Possibly the biggest feature against a physical threat except autoreboot. You could write about almost every feature/enhancement we have and an example on how it protects against a forensics threat. 🤔 Well, I could anyway.

Disabling entirely is an extreme move of course... but the option is there for the extreme people 🤔. Charging still works when off or in bootloader modes like Fastboot. I find myself using Charging-only the most. Future Pixels are *alleged* to have Qi2 wireless charging with magents, if it's true then then someone could charge with that and never use the port at all, and since it's magnetic you shouldn't need to stop using the device to charge it.

30 April 2024 - so why does #grapheneOS not go into 'before first unlock' ( #BFU ) when it shutdowns because of low battery and then charges from 0%-100%? It goes back to the state it was in before shutdown. My issue is that -- i'm assuming -- my threat model is state malware in flash memory not installed permanently on the actual phone and i've been running the battery down to O% for that reason. But now with the new change the phone doesn't come out of BFU once charged but is still in AFU! nostr:nevent1qqsvrwlfzxcl86n77v6nfpnh32duscgth6qpp4pdj67g53pyd7qd4ngpr9mhxue69uhkymr0washgetj9ehx7um5wgcjucm0d5pzps26tfjesmn6ksf5mm36hpf9fkjut49sfeutfutvs2phrykn25v9qvzqqqqqqy74d3jw