Just a note - most LineageOS installs aren’t secure unless you re-lock the bootloader, as data can be extracted with some fairly standard mobile phone forensics kits. Unfortunately, not many devices support bootloader re-lock. The Google Pixel series is a notable exception.
Ideally, you would want a security hardened Android OS like GrapheneOS. Graphene only runs on Pixels as the development team specifically disallows it running on hardware with an unlocked bootloader for security reasons.
I appreciate the info, I think that’s good information that I hadn’t fully thought through (but probably could have figured out had I thought about it). I’m not too interested in a Pixel, and the unlocked bootloader is really only useful if someone has my physical phone. My hard drive is encrypted, of course, so my thought as to a way they could gain information if they modify the bootloader and let me decrypt the phone for them. I wonder if the only next best thing is to basically have an alert, or refuse to boot, if there is a change in the bootloader detected, so I can do a clean install.
Most manufacturers don’t allow re-locking of the bootloader unless it’s official Android, so it sucks the only other option would be buy from Google.
I’m interested in what you say about the forensics kit. What could I look for to find more info?
Just a note - most LineageOS installs aren’t secure unless you re-lock the bootloader, as data can be extracted with some fairly standard mobile phone forensics kits. Unfortunately, not many devices support bootloader re-lock. The Google Pixel series is a notable exception.
Ideally, you would want a security hardened Android OS like GrapheneOS. Graphene only runs on Pixels as the development team specifically disallows it running on hardware with an unlocked bootloader for security reasons.
I appreciate the info, I think that’s good information that I hadn’t fully thought through (but probably could have figured out had I thought about it). I’m not too interested in a Pixel, and the unlocked bootloader is really only useful if someone has my physical phone. My hard drive is encrypted, of course, so my thought as to a way they could gain information if they modify the bootloader and let me decrypt the phone for them. I wonder if the only next best thing is to basically have an alert, or refuse to boot, if there is a change in the bootloader detected, so I can do a clean install.
Most manufacturers don’t allow re-locking of the bootloader unless it’s official Android, so it sucks the only other option would be buy from Google.
I’m interested in what you say about the forensics kit. What could I look for to find more info?