3d ago

Feds in Catalonia, Spain think everyone using a Google Pixel must be a drug dealer

www.androidauthority.com Cops in this country think everyone using a Google Pixel must be a drug dealer (Updated)

Pixel phones are criminals' top pick in Spain's Catalonia for their strong security and mod-friendly design.

TLDR: Drug dealers in Catalonia have started to adopt GrapheneOS en masse leading to Catalan police suspecting anyone with a Google Pixel is a drug dealer

You're viewing a single thread.

198 comments

They're mad they can't use cellbrite to snoop on properly configured GOS phones and that they actually have to do real police work to catch drug dealers
- Yes. They (cellebrite) don't mention GrapheneOS support very loudly because it's poor. They can't decrypt one that's BFU (Before First Unlock), not even by brute force if it's a 6 digit passcode apparently. Don't know if they can get data from an AFU GOS pixel. A year ago when their internal docs leaked, they also had no support for latest iOS at the time, but had brute force support for older versions as long as phone itself wasn't too new and had AFU access without brute force for even older versions.
  Moral of the story: if there's a chance police might take your phone to investigate for a crime you hopefully didn't even commit, shut down your phone completely - the 5x power button trick on iOS disables biometric unlock, but the device itself stays decrypted and thus more vulnerable. Also keep your OS up to date.
  If you've got a phone that's neither iOS nor GrapheneOS, it's probably pretty much Swiss cheese anyway. IOS isn't as good as GrapheneOS either, but it offers some protection against Cellebrite if up to date and BFU. But if they keep your phone for long enough (months, years), they'll get it unlocked because you can't install updates that would patch any newly discovered vulnerabilities and one day they'll find a BFU unlock for it, probably.
  
  Grapheneos also has options to just disable data over the USB port when its locked. Or disable it outright.
  
  Yep, disabling it entirely allows for charging when the device is off, but otherwise, it is functionally useless and is disabled at the hardware level.
  
  Ooh nice.
  
  LineageOS also has this feature.
  
  Graphene OS in particular comes with a default feature enabled called Auto Reboot to protect against this. I think it's set to 18 hours by default because that's what mine is, but you can go as low as 4 hours.
  If you have it set to four hours, I'd wager your phone would reset way before the pigs had enough time to try and get their way in.
  
  Yeah, I have mine at 4 hours and it's pretty good. It triggers while I'm at work sometimes, but other than that, it's mostly just when I sleep.
  
  iOS started doing this a year or 2 ago, but unfortunately it's 3 days and not configurable
  
  Does a full shutdown encrypt all contents on iOS? This is something that everyone entering the USA as I have to do annually needs to think about.
  
  It's all encrypted in storage. The decryption key is in the secure element / TPM chip, additionally protected by your PIN / password. Shutting it down unloads all encryption keys from memory.
  Beware that US customs / immigration / border control can seize your phone and refuse entry.
  
  What happens if I turn it back on but don't unlock it? Are the encryption keys in memory?
  
  They're not in memory until the first unlock, that's why there's the AFU vs BFU distinction for cellebrite unlocking devices incl iPhones.
  But as the other person said, they can seize your phone and refuse entry. If you need to travel to the USA annually and you don't want them to see your shit, you may want to have a decoy phone that's not logged into your real accounts or have many photos on it. Just enough to make it believable it's your real phone, but not enough to help them forge anything on you.
  
  I am a non-resident US citizen so I believe it would be more difficult for them to search and hold me without trial or legal representation. But these days anything is possible.
  
  By luck of birth I'm pale as a ghost, so as long as they don't unlock my phone and find out what I really think, I should be good. Then I can get back out of the shithole of a country Trump has created as soon as I'm done there.
  
  Yes, but customs can still compel you to unlock your phone as we have recently seen with the Norweigan tourist who was denied entry due to having a JD Vance meme on his phone.
  I would recommend having a separate phone with non-important data on it to take with you to the US, or have a self hosted cloud service that you can backup your data to before wiping your device.
  You essentially don't have rights at the border (or in general with the current US government).
  
  How can they compel me?
  
  You either unlock it or we send you back.
  
  Can they really deport a US citizen?
  
  Other countries can. But technically, the US government cannot deny a US citizen access.
  
  Are they allowed to? Absolutely not. But... who is stopping them?
  
  can != will
  ...the current regime will continue doing whatever the fck they want as long as nobody stops them...
  
  Threatening to detain you indefinitely (your rights aren't the same at the border/customs as they are after entering the country), or just outright deny you entry.
  
  I heard they can't actually hold you more than a couple days if you are a citizen./?
  
  That's after you go through customs. AFAIK, that doesn't apply to people coming into the country.
  Although this administration holds people more than 48 hours regardless.

198 comments