this post was submitted on 31 Dec 2024
398 points (98.1% liked)

Technology

60284 readers
3990 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s
[email protected]
[email protected]
L4s
enu
398
LineageOS now officially supports the Pixel 9 series (9to5google.com)
submitted 6 days ago by cm0002 to c/technology
80 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 6 days ago (3 children)

Once LinageOS is installed your bootloader is always unlocked so anyone who finds your phone if lost owns it. GrapheneOS and a few other ROMs I forget the names of allow the bootloader to be relocked keeping android security model intact allowing the device to still be secure.

[–] patatahooligan 7 points 5 days ago (3 children)

Is the bootloader really that important for a lost phone? If someone finds your phone can't they just tear it apart and read the storage with external tools? A locked bootloader sounds more like an anti-tampering measure and not for protecting your phone's content after it's lost.

[–] [email protected] 8 points 5 days ago

If someone finds your phone can't they just tear it apart and read the storage with external tools?

that's not the problem that BL locking solves. this is solved by storage encryption. BL locking solves 2 other problems:

  • helps keeping stolen phone from being wiped, though maybe it's not 100%
  • makes it much harder to plant malware on your phone while it's not with you
[–] CrazyLikeGollum 5 points 5 days ago (1 children)

It is largely an anti-tampering measure. Without it you could have things injected into the system. For example, a stalker could install a hidden tracking program as a service and then return your phone without you knowing.

Iirc it's also a prerequisite for full-disk encryption on modern android. So, without it your user data is available to be dumped in an unencrypted state. Most phone thieves are interested in reselling the phone, so they're provably not going to go through the effort and risk damage to the phone just to dump encrypted data from the chips directly. However, if it's just available unencrypted from fastboot why not dump it? They could get info that could be used to blackmail or scam you or people you know. Or they could just sell the data.

[–] [email protected] 2 points 5 days ago* (last edited 5 days ago) (1 children)

Iirc it’s also a prerequisite for full-disk encryption on modern android.

How modern? It's still working on Evolution X with Android 14 (although maybe it needs custom rom support).

It would be a bit less secure since the bootloader itself could be compromised, however (but I wouldn't be concerned about random thieves/snooping in this case).

[–] CrazyLikeGollum 4 points 5 days ago

https://source.android.com/docs/security/features/encryption/file-based

I did not remember correctly, kind of. From AOSP, Android 7 and later use file-based encryption (FBE) rather then full-disk encryption (FDE). FBE is dependant on verified boot, which itself requires a locked bootloader.

Custom ROMs may have back ported FDE, modified FBE, or implemented their own encryption.

[–] [email protected] 2 points 5 days ago* (last edited 5 days ago)

No because the data is encrypted especially on Graphene OS and even on stock pixel phones data at rest is fully encrypted and pixel phones also have a onboard security chip as well. So unless you can unlock the user data it would be useless. That is why a locked bootloader is so important it is needed to ensure at rest encryption its a requirement for it.

[–] [email protected] 3 points 6 days ago (2 children)

That would be a security issue, not a privacy issue. Maybe that was what RelativeArea0 meant but if so I think that confused people because "privacy" implies somehow corpos/the state is spying on you through Lineage

[–] [email protected] 3 points 5 days ago (1 children)

LOS has privacy issues though, if I remember correctly. like, default DNS server is 8.8.8.8of google, assisted gps contacts a global server of I think qualcomm to speed up getting a GPS fix, and others I don't remember now

[–] [email protected] 2 points 5 days ago (1 children)

Ah, so not that significant and fixable? GOS has an assortment of calls home as well (to their own servers at least, but still a third party).

[–] [email protected] 1 points 5 days ago

well not sure if fixable

[–] [email protected] 1 points 6 days ago (1 children)

It could be included as both with a unlocked bootloader all user data could be easily retrived with physical access to device.

[–] [email protected] 2 points 5 days ago

That kind of data access is generally included under security not privacy (which is more about telemetry), but obviously with a state threat model privacy and security can become blurred, and that kind of data access is of concern if you are at risk of having devices seized by the state.