In this case, a pixel 5a5g with GrapheneOS. I use my phone as an additional backup location for all the various files on my laptop. I have yet to set the fingerprint sensor, because I don’t trust them, but I always make sure to set an eight digit pin screen lock before leaving the house. Now say I went out with my phone in this state and lost it. Anyone who found it, I realize, with evil intentions would probably just want to wipe it and sell it. But even so, how hard would it be for them to access the private data on my phone in a situation like this?

  • edent@lemmy.one
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    The question is always going to be “who are you defending against?”

    If the CIA/FBI/MI5/KGB etc want in to your data, they’ll probably find a way. If it is just stolen, then the phone’s built in protection is going to stop anyone from brute forcing it.

    But your biggest weakness is yourself. Do you really want to type in a 8 digit pin every time? No. So you’ll leave it unlocked for longer - which gives a theif more time to fiddle with it.

  • Confetti@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    You’ll be relying on the phone’s hardware secure element (think the 5a has the titan m) to throttle attempts of bruteforcing so its pretty damn secure unless someone makes you input or if the attacker records you inputting your passcode here’s a link to grapheneos’ faq that explains significantly more on its encryption security. Besides that enable auto reboot and pin scrambling for added protection if you haven’t already.

  • bbbhltz@beehaw.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    GrapheneOS or vanilla Android/AOSP is likely the same — they all have telemetry, but that’s out of the scope of your question.

    I’m just a regular user and have asked myself the same question.

    It might be possible to access the data. If a bad actor really wanted to or the phone fell into a professionally phone scam network… your phone would be unlocked immediatly

    See https://www.hivesystems.io/blog/are-your-passwords-in-the-green

    So any extra friction you can provide will help you: passwords for different apps, 2FA, log out of apps especially banking, make sure no notifications appear on the lock screen, turn off USB file transfer, etc.

    Security is:

    1. something you know (password)
    2. something you have (phone)
    3. something you are (fingerprint)

    The most paranoid among us should refrain from using phones in public, especially when crossing streets. Also keeping belongs close when travelling. The rest of us could do to change our passwords often. Fingerprint scanners are a good idea but perhaps not the index. Use a different finger and don’t let people see which finger you use.