In this case, a pixel 5a5g with GrapheneOS. I use my phone as an additional backup location for all the various files on my laptop. I have yet to set the fingerprint sensor, because I don’t trust them, but I always make sure to set an eight digit pin screen lock before leaving the house. Now say I went out with my phone in this state and lost it. Anyone who found it, I realize, with evil intentions would probably just want to wipe it and sell it. But even so, how hard would it be for them to access the private data on my phone in a situation like this?
The question is always going to be “who are you defending against?”
If the CIA/FBI/MI5/KGB etc want in to your data, they’ll probably find a way. If it is just stolen, then the phone’s built in protection is going to stop anyone from brute forcing it.
But your biggest weakness is yourself. Do you really want to type in a 8 digit pin every time? No. So you’ll leave it unlocked for longer - which gives a theif more time to fiddle with it.
Do you really want to type in a 8 digit pin every time? No
Speak for yourself. I literally do.
deleted by creator
GrapheneOS or vanilla Android/AOSP is likely the same — they all have telemetry, but that’s out of the scope of your question.
I’m just a regular user and have asked myself the same question.
It might be possible to access the data. If a bad actor really wanted to or the phone fell into a professionally phone scam network… your phone would be unlocked immediatly
See https://www.hivesystems.io/blog/are-your-passwords-in-the-green
So any extra friction you can provide will help you: passwords for different apps, 2FA, log out of apps especially banking, make sure no notifications appear on the lock screen, turn off USB file transfer, etc.
Security is:
- something you know (password)
- something you have (phone)
- something you are (fingerprint)
The most paranoid among us should refrain from using phones in public, especially when crossing streets. Also keeping belongs close when travelling. The rest of us could do to change our passwords often. Fingerprint scanners are a good idea but perhaps not the index. Use a different finger and don’t let people see which finger you use.
From what I’ve read on various Graphene posts, if the phone has just been rebooted and you haven’t unlocked it yet, it’s considered at an at rest state which means everything is fully encrypted until you unlock your phone. If you have the feature turned on where the phone auto restarts after a certain amount of time of idle use this would help somewhat mitigate the situation you’ve described.