This blog is reserved for more serious things, and ordinarily I wouldn’t spend time on questions like the above. But much as I’d like to spend my time writing about exciting topics, som…
Law enforcement would require a warrant, and criminals would need to break into my device first (highly unlikely without it being a targeted attack, and that’s not in my threat model at all).
And if they can break the encryption on my devices, they can likely break the encryption of the data at rest. Most people would probably use the same key for both anyway (biometrics or a PIN). If I need it to be more secure, I can create a special encrypted container for that service to store its data in.
So whether or not the messages can be retrieved by criminals or law enforcement is not a metric. Got it!
Law enforcement would require a warrant, and criminals would need to break into my device first (highly unlikely without it being a targeted attack, and that’s not in my threat model at all).
And if they can break the encryption on my devices, they can likely break the encryption of the data at rest. Most people would probably use the same key for both anyway (biometrics or a PIN). If I need it to be more secure, I can create a special encrypted container for that service to store its data in.