Is the bootloader really that important for a lost phone? If someone finds your phone can’t they just tear it apart and read the storage with external tools? A locked bootloader sounds more like an anti-tampering measure and not for protecting your phone’s content after it’s lost.
No because the data is encrypted especially on Graphene OS and even on stock pixel phones data at rest is fully encrypted and pixel phones also have a onboard security chip as well. So unless you can unlock the user data it would be useless. That is why a locked bootloader is so important it is needed to ensure at rest encryption its a requirement for it.
It is largely an anti-tampering measure. Without it you could have things injected into the system. For example, a stalker could install a hidden tracking program as a service and then return your phone without you knowing.
Iirc it’s also a prerequisite for full-disk encryption on modern android. So, without it your user data is available to be dumped in an unencrypted state. Most phone thieves are interested in reselling the phone, so they’re provably not going to go through the effort and risk damage to the phone just to dump encrypted data from the chips directly. However, if it’s just available unencrypted from fastboot why not dump it? They could get info that could be used to blackmail or scam you or people you know. Or they could just sell the data.
Iirc it’s also a prerequisite for full-disk encryption on modern android.
How modern? It’s still working on Evolution X with Android 14 (although maybe it needs custom rom support).
It would be a bit less secure since the bootloader itself could be compromised, however (but I wouldn’t be concerned about random thieves/snooping in this case).
I did not remember correctly, kind of. From AOSP, Android 7 and later use file-based encryption (FBE) rather then full-disk encryption (FDE). FBE is dependant on verified boot, which itself requires a locked bootloader.
Custom ROMs may have back ported FDE, modified FBE, or implemented their own encryption.
Is the bootloader really that important for a lost phone? If someone finds your phone can’t they just tear it apart and read the storage with external tools? A locked bootloader sounds more like an anti-tampering measure and not for protecting your phone’s content after it’s lost.
No because the data is encrypted especially on Graphene OS and even on stock pixel phones data at rest is fully encrypted and pixel phones also have a onboard security chip as well. So unless you can unlock the user data it would be useless. That is why a locked bootloader is so important it is needed to ensure at rest encryption its a requirement for it.
that’s not the problem that BL locking solves. this is solved by storage encryption. BL locking solves 2 other problems:
It is largely an anti-tampering measure. Without it you could have things injected into the system. For example, a stalker could install a hidden tracking program as a service and then return your phone without you knowing.
Iirc it’s also a prerequisite for full-disk encryption on modern android. So, without it your user data is available to be dumped in an unencrypted state. Most phone thieves are interested in reselling the phone, so they’re provably not going to go through the effort and risk damage to the phone just to dump encrypted data from the chips directly. However, if it’s just available unencrypted from fastboot why not dump it? They could get info that could be used to blackmail or scam you or people you know. Or they could just sell the data.
How modern? It’s still working on Evolution X with Android 14 (although maybe it needs custom rom support).
It would be a bit less secure since the bootloader itself could be compromised, however (but I wouldn’t be concerned about random thieves/snooping in this case).
https://source.android.com/docs/security/features/encryption/file-based
I did not remember correctly, kind of. From AOSP, Android 7 and later use file-based encryption (FBE) rather then full-disk encryption (FDE). FBE is dependant on verified boot, which itself requires a locked bootloader.
Custom ROMs may have back ported FDE, modified FBE, or implemented their own encryption.