this post was submitted on 04 Sep 2023
16 points (94.4% liked)

Ask Android

2867 readers
1 users here now

A place to ask your questions and seek help related to your Android device and the Android ecosystem.

Whether you're looking for app recommendations, phone buying advice, or want to explore rooting and tutorials, this is the place for you!

Rules
  1. Be descriptive: Help us help you by providing as many details as you can.
  2. Be patient: You're getting free help from Internet strangers, so you may have to wait for an answer.
  3. Be helpful: If someone asks you for more information, tell us what you can. If someone asks you for a screenshot, please provide one!
  4. Be nice: Treat others with respect, even if you don't agree with their advice. Accordingly, you should expect others to be nice to you as well. Report intentionally rude answers.
  5. No piracy: Sharing or discussing pirated content is strictly prohibited. Do not ask others for a paid app or about how to acquire one.
  6. No affiliate/marketing links: Posting affiliate links is not allowed.
  7. No URL shorteners: These can hide the true location of the page and lead people to malicious places.
  8. No lockscreen bypasses: Please do not comment, link, or assist with bypassing lock screens or factory reset protection.
  9. No cross-posting: Please take the time to make a proper post instead of cross-posting.
Other Communities

founded 2 years ago
MODERATORS
ijeff
ladfrombrad
16
How to strengthen Unlocked bootloader against physical attacks like evil maid? (lemmy.zip)
submitted 2 years ago by possiblylinux127@lemmy.zip to c/askandroid
3 comments fedilink hide all child comments
 

So I have a device running lineage os and I am a little concerned about the potential data breach if my device is stolen.

My first precaution was to setup SMS findmydevice so that I could remotely control my device in case it got lost or stolen. I'm not sure how secure this is but I wanted to have a way to remotely get its location and to wipe it remotely.

The second thing I setup was locker. F-droid says that the upstream code is no longer available which is concerning but I am using it none the less. This should prevent basic attacks on the lock screen.

Is there anything else I need to do?

all 4 comments
sorted by: hot top controversial new old
[–] jet@hackertalks.com 2 points 2 years ago (2 children)

Lock the bootloader again. You can relock it on most phones, especially Pixel phones.

That way if anybody messes with the bootloader your data gets wiped.

I don't know if lineage has this option but some Android ROMs do,. Periodic reboots. Force your phone back into its secure off state. Couple that with a boot password which is longer than your unlock password and you're in a pretty good position. Graphene OS does this. But I'm sure it's available in other operating systems

You might consider setting up a work profile, using shelter. Have your work profile unlock with a different factor. Either fingerprint, or if you use fingerprint for your main unlock, then use a code. Then you'll need two factors to run apps in your work profile.

[–] possiblylinux127@lemmy.zip 1 points 2 years ago* (last edited 2 years ago) (1 children)

I use lineage os on Motorola phones so I can't lock the bootloader. (Lineage os doesn't support it anyway)

I never considered rebooting though. That's not a bad idea. The only problem is that it resets the system uptime. (Uptime can be a tamper indicator)

[–] jet@hackertalks.com 2 points 2 years ago

There's different threat scenarios you need to consider. Somebody taking your phone, somebody tampering with your phone but leaving it with you, somebody remotely accessing your phone.

I thought we were just talking about the somebody taking your phone scenario. You could set up a task on your phone to check for a Bluetooth device say every 5 to 10 minutes. If it doesn't see it turn off. Hopefully you're comfortable with your phones powered off state being secure.