This is a very entertaining and educational article, giving insights into the methods used by thiefs to try and get access to your phone data.
I don’t like Apple but it’s great that their security is so good when it comes to this.
This is a very entertaining and educational article, giving insights into the methods used by thiefs to try and get access to your phone data.
I don’t like Apple but it’s great that their security is so good when it comes to this.
As much as I love my android phone, I have to admit Apple takes privacy and security much more seriously.
How so? A Samsung or pixel with default settings would also behave that way, possibly even more securely because it wouldn’t show the thieves your number.
I guess just anecdotally. I have a pixel 7, I’m pretty confident I could factory reset the device without 3rd party authentication. Also, from the tech channels I follow, I think I could recover my data if I forgot the password. Android has always felt more "free"and customizable, and I love it for that. But I also think that freedom allows for more exploits. It’s a trade off that’s worth it to me, personally. But if I had illegal shit to hide on my phone, I’d probably do it on an apple device.
Edit: just checked. I can completely bypass all my locked down Google Pixel settings to factory reset my phone pretty easily if I press the right keys in the right order. It would be pretty easy to steal and resell my phone.
If you do it the manual way - not unlocking the phone and doing it through settings - you can wipe it sure, but when you try to set it up it requires the prior Google account credentials to proceed. No creds, no passing go, just a shiny brick. It’s been like that for years.
Also might I recommend you take a gander at GrapheneOS for more intense security capabilities than stock.
Not sure about the latest Android version, but I managed to unlock and bypass a phone which had factory reset protection, and as far as I know a lot of vendors like Samsung have their own exploit available.
Using this you can manage to get to the settings app (while still locked, waiting for the previous owners google account) and remove the account, add your own or disable the security.
Done!
You can factory reset it easily. You can’t use it without the previous Google account credentials afterwards. You can’t reuse a stolen Pixel which has Google account logged into it.
Ding ding ding, I can confirm this. I thought it was for all devices, but I guess not.
Mind to share what “Keys in the right order” are? I mean a link, of course, because in my experience you just can’t do that with a locked bootloader.
Enter recovery mode and choose factory reset. The specific key combination for your device may vary.
You think we’re still in 2010? It’s been a while since you need to unlock the bootloader first. And no, you can’t do it with the device locked.
This don’t work anymore, now they have frp protection which requires google authentication to the previous account after reset
For what it’s worth, they’re trying to fix that with Android 15. Not sure if this is one of the features they’ll also be back porting to older phones too like this article briefly touches on, but either way it sounds like if you factory reset the phone, it can’t be set up again unless they know your login: https://www.wired.com/story/android-15-theft-detection-lock/
Doesn’t that already exist as the Factory Reset Protection (FRP) partition?
Yeah, I’ve had to wipe pixel devices the dirty way and it prompts (requires) your credentials to continue. Maybe it’s a pixel exclusive, and others are getting it via a15?
No, its not exclusive. But FRP can be bypassed if you know the right tools.
Honestly not too familiar with that. I imagine if they’re touting this as a new thing, FRP either does something different or was lacking compared to this in some way.
Though it is Google, they could have just killed FRP in favor of this and added messaging features like they do with everything else
AFAIK you can’t wipe the IMEI and if you report it stolen to providers they will block it from using their networks. (It will only be able to use wifi.)
The encryption on Android devices is pretty strong, as long as you use a good screen lock you should be fine. Yes they can reset you phone, but accessing your data is a whole other level.
If I had illegal shit on my phone, I wouldn’t send it to apple servers by using an iPhone. They are the first who would comply with a surpena. I’d use GrapheneOS on a Pixel and use an obvious duress pin like 1234. If entered it wipes your encryption keys and avoids restoring your data.
And if it gets stolen, it is gone and I’d get a new one. This is the cost of having proper opsec.
Edit:
This is a common misconception called security through obscurity
Does it have to be a specific version Pixel? Just any Pixel?
Any of them still receiving security updates would be fine.
Im pretty sure u cant fuck with a device that has a locked bootloader without unlocking said bootloader which requires u know the password. And u definatly cant recover data without passcode unless u can extract the hash from whatever chip holds it (shouldn’t be possible if u have a tpm) and bruteforce it. Ur data should be encrypted and u shouldn’t be able to tamper with os without unlocking bootloader which once unlocked will wipe all device data. Might be possible if u do some dodgy power injection directly into some of the chips but thats pretty advanced stuff.
Same for Samsung afaik. Pop into the bootloader and just wipe everything.
AFAIK you can’t wipe the IMEI and if you report it stolen to providers they will block it from using their networks. (It will only be able to use wifi.)
If recently upgraded an old Samsung tablet (Tab A6 from 2016) to Lineage OS and not only do you have to remove the Google Account before flashing just the TWRP to be able to just start replacing the actual OS, but there is a configuration flag that can only be changed in the stock OS logged in to that Google Account and with Dev Mode enabled to, after you replace the OS, allow the custom OS to actually work (if you don’t do it the device with the custom OS will go into a boot fail loop as soon as you restart it).
It was actually a PITA to do that upgrade of my own device because of that (I had to reinstall the old OS and log in to the old account just to toggle the “Allow OEM install” option after which I could install Lineage OS … again … without the device going into a boot fail loop on the first restart)
This is on a Samsung device that’s almost 8 years old so it would be a bit strange if they went back on it since, especially as it’s in the best interest of Samsung to make it hard for people to upgrade their devices away from the enshittified Samsung software.
iPhones don’t do that on their own.
She said she activated lost mode, so it’s possible/likely she made her contact info available. Asking Siri who the phone belongs to will also give up contact info, but you can change that remotely from the find my phone app.
I think - being a writer - she sort of set herself up for the interaction so she would have material. No judgment, though. It was an interesting read.
As far as I know factory resetting an android phone is relatively easy without having access to the device. But it’s been a while since I’ve looked I hti that.
You can fairly easily factory reset phones from both. While you can report your phone as stolen and the IMEI will be blacklisted on US carriers, it would probably work fine abroad.
For iPhones, if you have Find My turned on, you can’t activate the device without the iCloud password, unless the owner removes the device from their iCloud account. Which is what the scammers are trying to get her to do here.
Sorry. When I said “both,” I meant Google and Samsung. Apple definitely has better security, ocassionally to an annoying extent.
Security yes, but privacy not so much…
If you’re talking about a stock Android OS on anything other than a Pixel, iOS wins in both regards. Stock on a Pixel, I don’t know that Apple is more secure, but if you’re installing apps via Google Play that use Google Play Services, iOS is certainly more private. Vs GrapheneOS on a Pixel, iOS is less private by far.
Better than bad is not good.
Better than bad is still “better.”
It is if it’s LOG!
False, anti-libre software bans us from proving it’s claims.
You think that Google Play Services is FOSS? Or that the version of Android on Samsung phones (as well as of most other Android phone manufacturers), including all baked in software, is FOSS?
Where did I say that?
And when you’re comparing two closed source options, there are techniques available to evaluate them. Based off the results of people who have published their results from using these techniques, Apple is not as private as they claim. This is most egregious when it comes to first party apps, which is concerning. However, when it comes to using any non-Apple app, they’re much better than Google is when using any non-Google app.
There’s enough overlap in skillset that pretty much anyone performing those evaluations will likely find it trivial to configure Android to be privacy-respecting - i.e., by using GrapheneOS on a Pixel or some other custom ROM - but most users are not going to do that.
And if someone is not going to do that, Android is worse for their privacy.
It doesn’t make sense to say “iPhones are worse at respecting user privacy than Android phones” when by default and in practice for most people, the opposite is true. What we should be saying is “iPhones are better at respecting privacy by default, but if privacy is important to you, the best option is to put in a bit of extra work and install GrapheneOS on a Pixel.”
Compared to any android phone the privacy is substantially better. Apple is in the business of selling overpriced phones. Google is in the data collection business.
The issue here is that while baseline apple is more secure than baseline android, a user with knowledge or a guide can improve the android security by a lot, whereas the apple baseline is also the ceiling. There’s stuff you can do with iPhones but if you don’t trust apple, you are kind of fucked.
Android people that mention security won’t be using a stock phone from the store, they will have disabled stuff, enables alternative stuff, or even installed a completely new android based OS, and this can’t be done with iPhone or iOS.
True. But for 99% of people baseline is what they use. Windows can be made very secure by experts but the fact is 99% of people just use windows as is.
100% agree, just take into account that most people you encounter on lemmy, specially on posts about security, are in that 1% that tweak stuff and if you throw blanked statements they will think you are talking to them specifically.
Fair. And I see it lol. My inbox is full of people who want to argue with me.
Not true. iPhone can be locked down much more than it is out of the box, and it’s as simple as changing one setting. Lockdown mode, it significantly tightens down security of iOS at the cost of some convenience. It is not recommended for the average user, only if you expect to be targeted by highly sophisticated attackers.
That is always the case. If you don’t trust the company that made the hardware, there is nothing you can do. Unless you’ve got your own chip fab, there is always a level of trust involved.
It’s not really about the hardware, is it? The option you mentioned won’t enable an alternative app store, it won’t enable access to android app emulators (which would be a huge boom in the open source app offering). The level of trust iPhone users give to appeal is wildly higher that what android users that tweak their phones give the manufacturers. It is what it is, but don’t delude yourself in thinking that it’s about what they do in the kernel level, it’s about the fact that they store tons of sensitive data in their american servers and that they have an obligation to share that data with the country, and as someone from Europe that doesn’t sit well with me.
It’s about everything, that’s the point
I don’t see how that would help in any way to secure the device if you don’t trust Apple.
You either trust a company or you don’t. There is no grey area. If you don’t control the whole thing, you don’t control anything at all. A custom ROM on your Android device is not going to do anything to prevent a firmware or hardware level backdoor. Your custom ROM doesn’t improve security, on the contrary. If you unlock the bootloader you break the chain of trust and all bets are off.
If you aren’t using the iOS lockdown mode, it’s not really that much more private. Most stuff is still not encrypted in iCloud without that on, and apps can still track much of what you do, and Apple has their own ad networks.
Edit: has any of the downvoters actually read Apple’s (public!) security architecture documents?
Anti-libre software, iOS, bans us from proving its claims. Stop paying Apple to pre-infect our devices and spy on us too.
My devices need libre software, not a business.
You are preaching to the choir.
When it comes to privacy: GrapheneOS > iOS > android with Google.
Android itself is good. It’s just android with Google that’s the problem. (Aka 99.999% of all android phones sold outside of China)
They ban us from proving this. Both malware, anti-libre software, ban us from proving it’s claims.
Why do you keep posting the same thing over and over?
Their posts won’t change much, so obviously our replies don’t either.
The fuck are you talking about? I feel like I’m interacting with the borg or something.
Anti-libre software, iOS, bans us from removing malicous source code. Don’t let this malware infect you.
What are you talking about, it’s literally the same thing on Android. Also why the shilling out of nowhere?
they love bricked phones because it means one less for a secondhand market
Lol you’re basically gaslighting yourself
Apple has the benefit of making everything themselves, down to the secure enclave processors and, as of some time also, the processor as a whole. They get to design their hardware, OS, software, ecosystem, all around security and it all plays together nicely.
If you control everything, you can do whatever you want with it. Android phones being more of a mixed bag of different vendors making different parts of the phone, including the software components, makes this interplay much more difficult. It usually takes android quite some time before they catch up on the latest security concepts.
Android exploits are considered more valuable and expensive because they’re harder to find. I don’t know where you are getting this information other than thinking it sounds correct in your head.
Don’t think Apple security is much better. I’ve read news before about insiders that will unlock stolen phones. They work closely with the criminals and it’s a more “professional” operation. Probably it’s not as easy as doing it for an android but having an iPhone and thinking that if someone steals yours it will just become a paperweight is wrong. Sadly