How protect phone data when bootloader unlocked?

Search This thread

bartito

Inactive Recognized Developer
Dec 1, 2005
3,952
1,793
Hello,

I doesn't know if this is a real problem in newer Android versions.
I apologize if this problem is already solved; i'm out of Android development since a while...

From me the problem is to protect MY data if I loss the phone...

If my phone is password protected (and bootloader locked), a person that found the device can't use it directly.
It can unlock the bootloader (more or less easily) but the phone data is removed by the unlock process.
My data is sure!

But if the bootloader is unlocked the person that has found my phone can acess to the custom recovery (or load a custom recovery if I'm on stock recovery) then force a wipe of the device.
Due to that, all my security (fingerprint and lock code) was erased and the user can access to my phone and also to all the data stored in /sdcard.
My data isn't sure!

It exists any mode to use a custom ROM but maintaining my data sure?

(I'm not confidence with the Google remote device access)

Thanks in advance!
 

zelendel

Senior Member
Aug 11, 2008
23,371
20,605
OnePlus 6T
OnePlus 9
I'll be honest and I mean no offense but your data is worthless. If someone steals your device the first things done are Sim removed and devices reset or powered off. Data thieves don't get the data from stolen devices. They get it from the places we give it freely. Like shopping stores and on line accounts.
 

jhs39

Senior Member
Oct 8, 2015
2,485
716
Chicago
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
 

bartito

Inactive Recognized Developer
Dec 1, 2005
3,952
1,793
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.

The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
 
Hello,

I doesn't know if this is a real problem in newer Android versions.
I apologize if this problem is already solved; i'm out of Android development since a while...
...........................................

Well, IMO your concern is right to some extent.

With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.

For educational purposes, the commands are:

Code:
adb shell rm /data/system/*.key
adb reboot

Now, for that matter, having a locked bootloader either doesn't ensure that your data is safe. For example, for HTC phones, you don't even need to unlock the bootloader for flashing a custom recovery or kernel. You can turn the phone to S-Off state using some proprietary tools (without losing data) and then flash custom images over a locked bootloader.

In case of Samsung, only FRP lock prevents you from flashing custom images (that too on newer phones) but in that case also, you can turn FRP off using some paid services and then flash any custom images and run the above mentioned commands.

In case of LG, it is even easier. Professional tools exist for communication over download mode protocol and turning off the screen lock doesn't even require a custom image in LG's case. However, most newer models are not supported by those tools yet.

In case of Apple, professional tools existed that used to read screen lock over a time span of 1-4 hours in an older version of iOS. I've heard that a tool is being made available for the current versions also in the coming weeks.

So, if you are conscious about your data, it is safe as far as the you have the phone in your possession. Once you lose it, you can't be sure about what is happening with it.

But then, as said in above posts, why would the thief want to crack open the data of a common man. If you are not a common man, you should worry. Otherwise I personally really don't care.
 
  • Like
Reactions: automatisms

bartito

Inactive Recognized Developer
Dec 1, 2005
3,952
1,793
Hello,

Absolutelly appreciate your anwer.

I'm a common man, but I'm a bit worried due to 2 points:

1) I'm using LastPass and I doesn't would to my passwords to fall into someone's hands if I loss the device,

2) I'm using the app from my bank to pay using NFC and I doesn't would that anyone can use it

EDIT: 3) Of course, I'm using my Google account to store my contacts data. It would be a mess if someone erase my contacts :(

Thanks!

Well, IMO your concern is right to some extent.

With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.

For educational purposes, the commands are:

Code:
adb shell rm /data/system/*.key
adb reboot

Now, for that matter, having a locked bootloader either doesn't ensure that your data is safe. For example, for HTC phones, you don't even need to unlock the bootloader for flashing a custom recovery or kernel. You can turn the phone to S-Off state using some proprietary tools (without losing data) and then flash custom images over a locked bootloader.

In case of Samsung, only FRP lock prevents you from flashing custom images (that too on newer phones) but in that case also, you can turn FRP off using some paid services and then flash any custom images and run the above mentioned commands.

In case of LG, it is even easier. Professional tools exist for communication over download mode protocol and turning off the screen lock doesn't even require a custom image in LG's case. However, most newer models are not supported by those tools yet.

In case of Apple, professional tools existed that used to read screen lock over a time span of 1-4 hours in an older version of iOS. I've heard that a tool is being made available for the current versions also in the coming weeks.

So, if you are conscious about your data, it is safe as far as the you have the phone in your possession. Once you lose it, you can't be sure about what is happening with it.

But then, as said in above posts, why would the thief want to crack open the data of a common man. If you are not a common man, you should worry. Otherwise I personally really don't care.
 
Last edited:

zelendel

Senior Member
Aug 11, 2008
23,371
20,605
OnePlus 6T
OnePlus 9
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
Black listing the imei doesn't work everywhere. Plus while banned on xda so I can't say how. But the imei is not that hard to change.
 
Hello,

Absolutelly appreciate your anwer.

I'm a common man, but I'm a bit worried due to 2 points:

1) I'm using LastPass and I doesn't would to my passwords to fall into someone's hands if I loss the device,

2) I'm using the app from my bank to pay using NFC and I doesn't would that anyone can use it

EDIT: 3) Of course, I'm using my Google account to store my contacts data. It would be a mess if someone erase my contacts :(

Thanks!

Maybe some experts can give their opinion on how to protect your data using some third party apps or by using some other options that I am not aware of. But in my opinion, a phone with an unlocked bootloader is always more vulnerable than a phone with locked bootloader.
 

bartito

Inactive Recognized Developer
Dec 1, 2005
3,952
1,793
Of course, I agree with your affirmation at 100%
The question is: I can improve security if I keep TWRP as a recovery instead of return to the stock recovery and I lock the bootloader?
Thanks

Maybe some experts can give their opinion on how to protect your data using some third party apps or by using some other options that I am not aware of. But in my opinion, a phone with an unlocked bootloader is always more vulnerable than a phone with locked bootloader.
 
Of course, I agree with your affirmation at 100%
The question is: I can improve security if I keep TWRP as a recovery instead of return to the stock recovery and I lock the bootloader?
Thanks

I don't think you will be able to boot TWRP after relocking the bootloader. You need to test it yourself. Chances are very few because locked bootloaders prevent from booting un-signed images.

If you do manage to boot TWRP after relocking, make sure your data is encrypted. If it is not, then it doesn't matter if the bootloader is locked or not.

Also, you will need to turn off "oem unlock" option from developer options.
 
  • Like
Reactions: bartito

bartito

Inactive Recognized Developer
Dec 1, 2005
3,952
1,793
I don't think you will be able to boot TWRP after relocking the bootloader. You need to test it yourself. Chances are very few because locked bootloaders prevent from booting un-signed images.

If you do manage to boot TWRP after relocking, make sure your data is encrypted. If it is not, then it doesn't matter if the bootloader is locked or not.

Also, you will need to turn off "oem unlock" option from developer options.


I think in the end I will stay as I am: bootloader unlocked and TWRP instead of the original recovery.
After all... I've never lost a phone... :LOL:
 

Fif_

Senior Member
Jun 5, 2013
1,230
1,357
Google Nexus 10
Google Nexus 4
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks

I haven't checked, but I believe it should.

Yep, like any other android, the oneplus 5 has full disk encryption enabled by default:

http://www.androidpolice.com/2015/1...ll-disk-encryption-by-default-on-new-devices/

Uh no, OP5 with OOS 4.5.x Nougat uses File-Based Encryption (FBE), not FDE.
I know because I wrote the utility to get back to FDE, which works if you change the/fstab* file:
https://forum.xda-developers.com/showthread.php?t=3672477

Well, IMO your concern is right to some extent.

With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.

Do you have a source for the first part of that information? The part where if userdata is formatted with TWRP, it is vulnerable?
I don't see how that can happen unless you run decrypted. TWRP is never involved in the encryption process. When you format userdata, it just runs mkfs. Android upon booting sees the forceencrypt flag in the fstab and then promptly encrypt the device with a default passphrase. When you later set up security, the passphrase is changed to whatever you input.
How can TWRP decrypt the files at this point without your passphrase?
Note that if you are running FBE, and run adb shell on a device that's booted into TWRP while waiting for the password, you will be able to see the file structure under /data, but most of its contents will be garbage (=encrypted).
If you're running FDE, and run adb shell on a device that's booted into TWRP, /data will be completely inaccessible.

For educational purposes, the commands are:

Code:
adb shell rm /data/system/*.key
adb reboot

This will remove the PIN/password phrase to get into Android, but won't give access to any encrypted files.
That may mess your phone royally as well.
 

bartito

Inactive Recognized Developer
Dec 1, 2005
3,952
1,793
Hello,

Thanks for your anwer. I appreciate the time that have you spend on my question :)

I need to go to the FDE thread to learn a bit more about the process and results.

Now, I have 2 more questions...

1) If the phone is encrypted with FBE a user can remove user passwords using "adb shell rm /data/system/*.key
&& adb reboot" commands, like @sikander3786 has explained but, due to the device is encripted, it can't access to my data
and the device will require for the decrypt password when booting in normal mode or recovery. I'm correct?

2) If the device is encrypted with FBE a user can access to /sdcard even without the decrypt password in recovery (TWRP) mode but not if encrypted with FDE?

Thanks again!

I haven't checked, but I believe it should.



Uh no, OP5 with OOS 4.5.x Nougat uses File-Based Encryption (FBE), not FDE.
I know because I wrote the utility to get back to FDE, which works if you change the/fstab* file:
https://forum.xda-developers.com/showthread.php?t=3672477



Do you have a source for the first part of that information? The part where if userdata is formatted with TWRP, it is vulnerable?
I don't see how that can happen unless you run decrypted. TWRP is never involved in the encryption process. When you format userdata, it just runs mkfs. Android upon booting sees the forceencrypt flag in the fstab and then promptly encrypt the device with a default passphrase. When you later set up security, the passphrase is changed to whatever you input.
How can TWRP decrypt the files at this point without your passphrase?
Note that if you are running FBE, and run adb shell on a device that's booted into TWRP while waiting for the password, you will be able to see the file structure under /data, but most of its contents will be garbage (=encrypted).
If you're running FDE, and run adb shell on a device that's booted into TWRP, /data will be completely inaccessible.



This will remove the PIN/password phrase to get into Android, but won't give access to any encrypted files.
That may mess your phone royally as well.
 

anuragm13

Senior Member
Sep 2, 2018
72
13
I think you'll be fine, as the data on your internal memory should be encypted, which is enabled by default!

Suppose i encrypt my device, i.e., it asks for password everytime before booting...
Q1. Will booting into fastboot or recovery require the password?

Q2. If no, how can i prevent access to fastboot and recovery on an unlocked bootloader?
 

bartito

Inactive Recognized Developer
Dec 1, 2005
3,952
1,793
Suppose i encrypt my device, i.e., it asks for password everytime before booting...
Q1. Will booting into fastboot or recovery require the password?

Q2. If no, how can i prevent access to fastboot and recovery on an unlocked bootloader?

You can't, but your data isn't accessible without the password
 
  • Like
Reactions: anuragm13

bartito

Inactive Recognized Developer
Dec 1, 2005
3,952
1,793
But one can flash custom recovery from fastboot and subsequently use it to flash custom roms.
Am i right?

Yes, you can flash any recovery and any rom, but phone data can't be accessible if you don't have the password.
To use the device you need to know the password or do a data format
 
  • Like
Reactions: anuragm13

Zocker1304

Senior Member
Feb 15, 2016
806
288
OnePlus 7 Pro
Isn't your phone technically always safe as long as you keep it encrypt it?
Only thing a thief could do would be a reset in both cases, isn't it?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    I'll be honest and I mean no offense but your data is worthless. If someone steals your device the first things done are Sim removed and devices reset or powered off. Data thieves don't get the data from stolen devices. They get it from the places we give it freely. Like shopping stores and on line accounts.
    2
    Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
    2
    Can fastboot be used to factory reset or something that wipes everything (including device settings, accounts and passwords) like it was just unboxed?

    OnePlus devices can be unlocked without any password from fastboot.
    Fastboot unlock wipes entire device data, including /sdcard contents.
    Even if locked, you can boot into recovery (official) and wipe the device, if that's your question.

    EDIT: A little ugly all the questions you're asking and I do not see any "thank you" in my answers...
    2
    As far as I know, unlocking the bootloader offers more advantages than inconveniences, as long as your data remains encrypted
    I'll be honest. Encrypting the data means nothing stolen phones are almost never stolen for the info. If they want your info then it's the government. If it's the government then there is nothing you can do to stop it. The nsa broke all encryption standards over a decade ago. So if they want your info bad Enough they will decrypt the decide without and get the info. But most don't have to worry about that as they are just jot that important really. I spent alot of time dealing with stolen phones and I'll tell you that with in the first 30 sec the Sim is removed and it is withe empowered down or reset on the spot.
    1
    I think you'll be fine, as the data on your internal memory should be encypted, which is enabled by default!