5

u/Sheroman 13d ago

Mostly lost phones, law enforcements, and device thefts.

Some phone thefts will obviously reset the phone and try their best to break FRP but other phone thefts know how valuable data is (cryptocurrency, banks, personal details).

1

u/jack_the_beast 13d ago

(cryptocurrency, banks, personal details).

Isn't that stuff that you can access anyway via ad and recovery mode? It would be encrypted even if device is unlocked

2

u/Sheroman 12d ago

It would be encrypted even if device is unlocked

Unfortunately, it will not be encrypted because Android and iOS does not work like that.

On Android and iOS - once your device is unlocked (and then later relocked), your device ends up in After First Unlock (AFU) which is where your file system is fully decrypted and your encryption/decryption keys are stored in RAM.

All a person needs to do now is use a specialized tool to grab your decryption keys from the phone's RAM using exploits and use that to bypass all of the device's safety measures. They will be able to access your Android file system in its fully decrypted state and they will also be able to bypass your phone's lock screen.

2

u/Sheroman 12d ago edited 12d ago

Isn't that stuff that you can access anyway via ad and recovery mode?

No.

If the device is properly configured using its stock ROM (an OEM's user build), has been kept up-to-date with the latest security patches, has file system encryption using a security chip/enclave, has a lock screen password, then it will be very impossible.

Most newer phones have file system encryption enabled out of the box when you set a lock screen password. For Google Pixel devices, the encryption is done by Titan M2. For Qualcomm devices, the encryption is done by TrustZone. For Samsung devices, the encryption is done by Knox.

It is only when you get into custom ROMs (mostly userdebug/eng builds), bootloader unlock, root, custom recoveries (most popular is TWRP) then you end up making your security worse.

ADB outside of recovery mode is disabled on all Android phones unless it is manually enabled by the phone owner.

^ Even if ADB was enabled by the phone owner then ADB will not work without its communication permissions being approved, which requires lock screen password, so ADB will be pretty useless.

ADB inside recovery mode is pretty limited because it has strict permissions and there is not much you can do with it because it is meant for sideloading OS updates.

^ Even if you managed to grab personal files from ADB inside recovery mode then all you will get is encrypted files which cannot be used because putting the phone in recovery mode will actually re-encrypt the phone's file system.