The US & some other jurisdictions are making a practice of opening or copying smartphones when people travel inbound - not for all passengers but it’s becoming increasingly common. They can’t force you to give up your password but CAN force use of a fingerprint scanner to open a phone & decrypt it. On phones that can’t be opened immediately they can copy the contents so the NSA can decrypt later if that appears warranted.
I have no reason politically to worry, but could have sensitive client HR data onboard & need to exercise best efforts under privacy laws to ensure sensitive data isn’t breached. This to minimize my legal exposure, to respect others’ data privacy rights, and because knowledge my contacts - executives of publicly-traded firms - are talking to a headhunter, could constitute info material to a firms’ stock price, meaning there’s theoretically SEC exposure. It’s all a bit theoretical & esoteric, but negligence under privacy laws is still untested & nebulous & I’d rather not ever be a test case.
I confess writing this I feel a tad paranoid. But others traveling to places like China would have greater concerns, esp. if journalists.
I gather Apple’s iPhones can be hardened with mirroring disabled so a desktop system can’t be used to reinitialize (if that’s the hack). I gather iPhones are especially secure against decryption at present. I believe Android phones are considerably less secure.
A warrant trumps any hardening measures of course: if the authorities have reasonable cause & obtain a warrant they can & should have access to the phone’s contents. We’re really just trying to limit causeless fishing trips.
Can a BraX3 phone be turned off & hardened against access & decryption while traveling through customs as well or better than a current iPhone? A Samsung Android phone?
I would disagree that iPhones are more secure from the threat you are describing than Android devices. Your best bet to guard against unwanted intrusions into your device is to use long PIN codes or alphanumeric passwords and also to turn the device off prior to entry and reentry into your destination country.
The reason turning your device off is so important is because of the way in which Forensic tools extract data from mobile phones. There are 2 kinds of device extractions, Before First Unlock (BFU) and After First Unlock (AFU). The difference between BFU and AFU extractions is the amount of data that can be extracted.
A device in BFU mode has the majority of the user data stored in an encrypted state. Forensic tools can only extract a small amount of information from a BFU device, and often the BFU extraction contains minimal or no communications like text messages.
After you power on your device and enter the PIN the first time, your device will be in AFU mode. The user data will be decrypted at this point which makes devices in AFU mode subject to a full forensic extraction, which will include user data like messages.
Your specific phone model will determine whether or not your device is supported for a full forensic extraction. In reality, because of the popularity of iPhones, those devices are more likely to be supported by forensic tools. The same is true of popular Android devices like Samsung Galaxy phones. More obscure devices like cheap, burner Androids, are often not supported by forensic tools due to the lack of development by companies like Cellebrite.
I would argue that the BraX3 phone is going to be very secure from forensic tools because of its obscurity and relative rarity among smartphones. So long as you set up a long PIN code (at least 8 digits) and keep your device off during border crossings, your BraX3 phone will most likely be safe.
I’m glad you mentioned this. This is the reason Apple recently introduced the routine of rebooting a device if it had not been used in a couple of days.
The other consideration with this is that this data (your data) will then be kept by the government or agency concerned forever once copied - so it’s always there for future access.
If encryption is average (or passwords poor, etc) it might mean in future it’s eventually easily decrypted, even if it’s not now.
And more importantly it’s sitting somewhere outside your control that bad actors could get hold of it if they gained access to the government or agency system where it’s stored… (and IMO an alternative example is that already appears to have been happening enmasse in the U.S. recently with DOGE, where data from many government systems and departments is being accessed by or shared with non-government organisations, businesses and/or individuals).