I own a Samsung S10+ with iodé (bought from iodé). It works fine but lately I started to think about switching to a Google Pixel and install xxx (you know what but I don’t want to mention it on your site). The reason for this is that iodé (like it’s “father” lineageos) has an unlocked bootloader. This is a big security risk. Therefore I feel more and more uncomfortable with my phone. For minimizing the attack surface, I am looking for a device that is non-rooted and has a custom ROM with a locked bootloader.
… is relative depending on how you look at it, and presents itself to me in theory and practice very differentiated.
In 99.9% of custom ROMs, the bootloader remains unlocked and thus offers an increased attack surface. But how big is the real chance that these gaps are exploited by malicious software and criminal elements?
I know of three Android device families (“I don’t want to mention it on your site)”) where the bootloader is relocked after installing a custom ROM . Fairphone is one of them.
Hello Fidèles and Iodysseus, can you specify for novices these problems of unlocked boot loader flaws?
Bonjour Fidèles et Iodysseus, pouvez-vous préciser pour les novices ces problèmes de failles du chargeur de démarrage déverrouillé ? (j’ai un problème avec mon traducteur)
@Patrice, this matter is complex and controversial. Don’t let an unspecified statement drive you crazy and sit back and relax. iodéOS is ‘a thousand times’ more privacy friendly than any googled Stock Android.
Ce sujet est complexe et controversé. Ne vous laissez pas déconcerter par une déclaration non spécifiée et détendez-vous. iodéOS est mille fois plus respectueux de la vie privée que n’importe quel stock Android googlé.
A device with an unlocked bootloader can only be compromised by a physical access to it: pluging it to a computer and changing the recovery, the system, … The data cannot be directly accessed though, as decrypting it requires the user pin code or schema (which can unfortunately be bypassed with some manipulations - changing the recovery, deleting a system data file, which still requires a physical access to the device).
2 Likes
Merci iodysseus pour votre réponse et votre bienveillance.
So if my phone gets stolen, is it technically possible to read my data (my emails (Fairmail) for example, which are stored in the phones storage) without knowing my pin?
hardly, but yes
data partition is encrypted and will be decrypted with pin
with a unlocked bootloader it is possible to manipulate the phone and so on the data
It takes a lot of effort, but it’s doable
but why should a thieft do this effort?
in 99,9% there are interested in my phone. steal it, remove sim, reset it. as fast as possible.
so for me, i don’t have the fear that someone will steal my phone to get my data. my fear is to loose it or to get it stolen, but not that somebody get my data.
but this are just my 2 cents… 
2 Likes
So if I understood correctly, the encryption just slows down attacker to get data, but doesn’t actually protect data 100% ? If I use 16 chars long password, is the situation same? What is the worth of encryption, if it’s possible to pass it?
Is there anything else to enchance the security or the encryption, when bootloader is unlocked?
If passing the encryption was easy enough, the thief would certainly take the data for himself before resetting the phone. That’s why it’s good to discuss the matter and understand for yourself how easy or difficult it is in practice. Otherwise, you cannot understand the security of the device you are using.
I honestly don’t know what else to say or discuss here. everything relevant has already been mentioned several times and we just keep going in circles.
what do you want out
I think the discussion has been mainly on a general level.
Some practical questions:
-
So if I understood correctly, the encryption just slows down attacker to get data, but doesn’t actually protect data 100% ? If I use 16 chars long password, is the situation same? Does password strength matter or does manipulations work with strong password as well? Please correct me if I have understood something wrong.
-
What is your opinion, are these manipulations easy or hard to run? If you know the process, is it about the same to every phone model, which runs LineageOS based rom?
-
Is there anything else to enhance the security or the encryption, when bootloader is unlocked?
I have read from elsewhere (https://www.reddit.com/r/LineageOS/comments/5w5uuc/psa_keep_your_data_safe_after_unlocking_bootloader/) that strong password would enhance the encryption and makes harder (impossible in practice?) to steal data, but it is in contradiction to what vince said, that pin code (password) can be bypassed entirely with manipulations. That’s why i’m trying to understand what is true and what is not and discussing about this.
I did some more research on this.
Evil maid attack seems to be the case when attacker can steal your password via malicious code. It requires physical access to the device and installing keylogger. At least I didn’t find information suggesting that encrypted partition with strong password could be cracked without knowing the password first.
If I lose my phone, changes that the one who finds it, has this kind of skills, is very, very minimal. This is the reason why i personally don’t bother to stress too much of this.
In the long run I would still prefer a device which doesn’t give an opportunity to install any code without my password. I have invested in a phone that is more privacy oriented. So privacy is something I care about. In my PC I can disable “boot from usb” and lock bios with password. With my phone I currently cannot close the hole. I can live with that, because I’m not yet president of my country (not even prime minister). Not a potential target to be hacked.
It is possible to install software from F-droid to give you an option to wipe phone remotely, if it gets lost. Even if some one finds and returns it, wiping removes risk of evil maid attack when you start using it again and log in.
Instead of pin code i now use 12 character long password which prevents force brute attack.
Hi, try wasted, it’s available on f-droid. It gives you the possibility to lock (and wipe) your phone sending an SMS message.
Another interesting app is finder, it locates your phone remotely, once again via SMS.
1 Like
The app was last updated Aug 2022. Is it still okay to use Wasted?
In my case, my external card has more personal “data” on it than the internal drive… and that card could easily be removed from the phone and exploited by any thief that grabbed it.
So I try to be careful about what I put in my phone and external card, and except for email, I don’t store logins and passwords within apps (especially browsers), but instead keep them in an encrypted database that I can unlock with Keepass for a simple copy/paste when needed, and I don’t carry around digital copies of sensitive documents.
I’m someone who is vigilant when it comes to potential security and privacy failures, but I’m not worried about the unlocked bootloader, and in fact it’s convenient to keep it unlocked, and the custom recovery and ROM file readily available.
Plus, my phone is never out of my control, so the likelihood of theft or evil maid tampering is very remote.
2 Likes
It is possible to relock the bootloader on other devices if you don’t want to go down the Schmoogle Pixel path. Sony’s range from 2020 onwards can be relocked.
https://xdaforums.com/t/guidance-relock-bootloader-for-xperia-10-ii.4190095/
I have an XA3 iii here that I was thinking of flashing but the Kirin version isn’t supported at the moment. I did ask as to whether there was any plans to add some of these community releases to the officially supported list but no one came back on it. I think adding the XA3 as an official alternative to the pixel for a relocked iode device would be beneficial to the project. Iode 5.0 runs very well on the Sony XA2 so surely the XA3 would be a very likely candidate I would have thought.
Maybe I should point out just in case anyone decides to buy one to try this out is that the original Xperia 10 (XA3) was introduced in 2019 so we are talking Xperia 10 ii onward… (February 2020). Just another example of Sony’s ludicrous numbering system for its Xperia range of products. If you go… Settings> About Phone, you need to see a Model ID that begins with the prefix letter ‘X’. Any Xperia 10 that is prefixed with an I won’t relock. All the later models of Xperia 1 and Xperia 5 will relock AFAIA.
Another caveat! Just been on the Sony site to get an unlock code for my Xperia 10 iii and noticed that there are a couple of exceptions that weren’t sold in Europe only in the US.
Note : New devices XQ-CT62 (1Ⅳ US variant) and XQ-CQ62 (5Ⅳ US variant) do not support bootloader unlock.
I thought I had better post them if only for the record and here is the site address for anyone interested in unlocking bootloader on any X code Xperia’s. Unlock bootloader | Developer World
Not getting an answer to your questions is unfortunately the order of the day here. Even on Telegram Matrix element io, answers to questions are rather rare.
To join: Telegram: Join Group Chat or https://matrix.to/#/#iodeOS:matrix.org (they are bridged together).
Unlock codes for pretty much every unlockable Sony device, not just the X ones, can be obtained from that site.
And while we’re talking about unlocking bootloaders, and any realistic security risks, this is worth a read if you’ve not seen it already
https://www.reddit.com/r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/
… as is this