I am concern about access to user data (pictures, videos, emails, app data, etc.) on my unlocked bootloader phone if phone is lost or stolen,. As I understand it, with the bootloader unlocked, one can install custom rom and thus bypass screen lock. Does this mean that with the new OS it can access the user data? Does phone being encrypted make a difference?
unlocked bootloader / user data
- Thread starter robchow
- Start date
there is Android Device Manager to control phone remotely then you can erase it and keep your personal data safe.
:good:
They would need to know your password to get into TWRP to decrypt the storage(assuming you're encrypted) They don't need to flash a custom rom to see your stuff, they can view it by connecting the phone to their computer and enable mtp mode in TWRP. If you are that concerned, you probably should lock your bootloader after making sure you are 100% stock.
I really dont see any reason for concern.
Say your phone has a password, but your bootloader is unlocked, here are the only things you can really do.....
A: Use fastboot to flash twrp. however, once they get into twrp, they will still need to know your password. And twrp will not allow
mtp or adb access until it is has decrypted.
B: Use fastboot to Flash a factory image. But once they boot the phone, it will ask for the email and password
of the original account that was on the phone, and all data will be gone.
C: Use fastboot to flash a factory image without the -w paramter. All data will still be there, and they really have gained nothing.
i dont see any real risk.
Say your phone has a password, but your bootloader is unlocked, here are the only things you can really do.....
A: Use fastboot to flash twrp. however, once they get into twrp, they will still need to know your password. And twrp will not allow
mtp or adb access until it is has decrypted.
B: Use fastboot to Flash a factory image. But once they boot the phone, it will ask for the email and password
of the original account that was on the phone, and all data will be gone.
C: Use fastboot to flash a factory image without the -w paramter. All data will still be there, and they really have gained nothing.
i dont see any real risk.
No matter the path, if your data is intact they still need your pattern.
Thank you all for your input and knowledge dissemination on how a unlocked bootloader affect user data.
Not using the -w parameter will keep the user data intact; understood, thank you. If that is the case, will the theft be able to access user data if user data partition is encrypted?
By removing -w even your lock screen will still be there, so no. No security concerns.
If you want it to be secure then lock your bootloader, otherwise it will be insecure. It's a trivial matter to someone knowledgeable to get into your files.
Sent from my Pixel XL using Tapatalk
Sent from my Pixel XL using Tapatalk
I guess the question is how if they cannot decrypt the file system?
If the right person stole you're phone and wanted to waste the resources needed to decrypt the info, they could. Since it's possible, it's considered a security risk. Although let's be real. It's highly unlikely that it would ever happen. Unless you're some vip or something crazy like that.
Yes it would. You can't access anything unless you factory reset. Then it's all gone, decrypting won't do a thing. Reset is a total wipe. Brand new device.
Sent from my Pixel using XDA-Developers Legacy app
I think you are missing the context of my statement. No information system is 100% impenetrable, so even with a bootloader if someone really really wanted in a system and had the means they can crack it. That's just general rule of security.
The other side of the discussion is how safe is the data. Well if you factory reset the data is plenty safe because it's wiped.
Seem what your statement is talking about is basically can someone use the phone they aquired, in that instance yes but that's also why we have insurance.
Well multiple things going on now. If data can be extracted from a locked bootloader device I'd like to see proof of concept. I'm not saying it can't be done.
By the time a person wiped the device you'd probably have the IMEI blacklisted so the device will be useless.
Sent from my Pixel using XDA-Developers Legacy app
Data extracted from a bootloader locked device, data decrypted from an encrypted device, same argument when it comes to proof of concept.
Not to mention you realize bootloaders have been defeated before, its the whole reason bootloader bounties exist. Frankly given some of the exploits that have gotten around bootloaders, it seems in some cases defeating a boot loader would be easier than decrypting.
Every google bootloader probably has the same signed key (in relation to BL version)
Is it really the same thing or proof of concept? How do you extract data from a locked bootloader device even pre-decryption? Whereas if you have encrypted data then decrypting is a matter being able to hack that encryption algorithm. I see that as two distinct operations.
If you mean defeating bootloaders so you can unlock, I'm not arguing that point at all although if you recall the Samsung S4 could not be unlocked after the first firmware update no matter how much they tried. I think they were able to get around it by some other method but the bootloader was never unlocked again. (btw I have the original S4 still unlocked and never updated the firmware) The Verizon bootloader is not unlockable either on their OEM device. I'm not sure if it's possible but no one is even working on it afaik. But I digress. Even if you manage to unlock the Pixel VZW bootloader or any locked bootloader for that matter, the device is wiped clean on the unlock. So there is no data to decrypt thus making accessing it moot as far as compromising your data.
That is why I keep the bootloader locked and the oem switch off. (On my 5x since my VZW oem switch is grayed out) With a start-up pin and ADM at the ready in case it's lost I feel pretty safe storing my data on the device. Pretty safe, not perfectly safe.
You don't simply "hack an encryption algorithm", you can hypothetically "hack" or exploit a BL. That's not how it works when are you using randomly generated keys tied to the unlock method. Essentially you would need their unlock method and how it translates into the keys generated on the device.
You ask for a proof of concept, the concept of bootloader broken has been proven time and time again.
I'm still looking for am instance where a BL unlocked device has been stripped of it information and decrypted so it can be read by another device.
You could also lock your device away in a safe and it would be safer than any device created but you lose certain experiences.
Essentially your implication as I read it is this guy wide open for his data to be stolen if his bootloader is unlocked and encryption provides no protection.
Last edited:
No that's not what I was saying or asking. I know a bootloader can be broken and unlocked, I've seen that. The concept I was referring to was unlocking a bootloader with OEM unlock turned off and then, after unlocking it, accessing the data that was there before the unlock. That to me is the security of a locked bootloader.
That would be interesting to me as well.
Be great on battery life too.
Well not really. If the bootloader is unlocked then the security is compromised as far as I'm concerned. You can flash a new rom without wiping data and I'd say that would be an easy target. You'd still need to decrypt but the challenge would be multiples of easier.
But one thing I'm not entirely clear on since I'm not unlocked or rooted. Someone mentioned that you couldn't log into the phone if you don't have the proper account credentials. How exactly does that work? On my 5x I can wipe the system but keep the data intact and have full access. What am I missing?
Hello,
Do you have OEM unlock enabled?
I have an unlocked bootloader and i usually leave OEM unlock enabled. This way, when i wipe clean and want to test some features or modifications, i simply reinstall and can skip the setup part.
If OEM unlock is disabled, you'll have to add the same account used before the phone has been wiped.
Is that what you were referring to?
Cheers...
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone