So I have a debate in my head right now about how I should handle devices stored unattended in vehicles. The criteria:
- Devices have new versions of Android
- Pass phrases or many-digit pins are used
- Biometric login is set up (but can’t be used in Lockdown Mode)
- Have Bitwarden installed with biometric auth for the vault
- Has SSH keys on the device
I’m not worried about nation state attacks, but am considering the vector of a tech savy thief, and want to keep SSH keys and other device data secure. Assume they cannot be stored in a vault.
Is storing the phones on but in Lockdown mode enough, or should I turn them off completely? Off would be super annoying to wait for boot every time, but I’m not totally sure how KEK works for an encrypted device with biometrics set up but in Lockdown Mode where they are disabled.
I’m not an expert in tech, but I’m pretty sure no non-state actors would be able to bypass the security on most modern up-to-date smartphones. Most thiefs (even tech-savy ones) wouldn’t have those advanced cellebrite devices, that are not only very expensive, they only sell it to verified law enforcement organizations.
So why are you leaving devices unattended? 🤔
Also, not sure if you know this, or if this is even gonna be useful to you, but there is an app that you can use to wipe the phone if it hasn’t been unlocked for X amount of time, the X time which you can set, also has decoy quick menu setting that shows as an “airplane mode” that is a fake that would trigger a wipe if a thief tried to turn on airplane mode (in order to avoid a remote wipe or getting tracked). Also has option to trigger a wipe if any data transfer device or cable is plugged in (power charging without data transfers dont apply). So I guess you can set it up so if a thief connect it to a computer, the wipe gets triggered.
Its called Wasted available on F-Droid and fully open source (as with all F-Droid apps). It doesn’t even require root or a computer to set up, since it uses Device Administrator API which all android phones have.