Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
This morning I stumbled on a lost phone while on my way to the wage cage, and decided to do my good deed for the year and return it to its rightful owner. This took some head scratching since the phone was password-locked, no contacts were saved to the SIM, and he hasn't responded to Telegram DMs (suppose the phone which he lost was his only gateway) so the only thread I had was his employer eventually calling the phone at some point and agreeing to pass on the message when the phoneless man eventually clocks in.
This story is unremarkable and secondary to my actual point, which is that I am a
nosycurious person by nature and a mysterious password-locked phone is burning a fucking hole in my pocket as it waits for its owner; while I solemnly swear that I am up to some good for a change I admit I'm deathly curious if there's anything I could actually do with it if I wanted to without wiping the entire thing. USB file access is obviously disabled, ADB doesn't see it, and the stock Android screen lock seems to be fairly robust and doesn't let me so much as pull down the notification bar... except not robust enough apparently since I could tap Medical Info and pull it down from that menu just fine (which yielded me the employer's number from the missed call notification).Eventually I retraced my chain of thought and realized that it also seems prudent to protect my own phone from people like me just in case, I never lost a phone in all the years I had one (in fact I'm pretty paranoid about keeping it around at all times) but it only takes one lapse in vigilance, and I'm not sure if a stock screenlock/password would be enough. In hindsight I feel horrified at how careless I was in never setting at least a basic screenlock in all these years, god knows I have some, ahem, sensitive things saved on my phone. I'm usually not this sloppy with opsec.
TL;DR:
1)
Any known neat tricks I can make locked Android phones do to spill some parts of their contents, however miniscule? The above medical info trick really made me feel like a proper fucking h4x0r despite how meager it really was, surely there must be more funny loopholes.Alright I suppose this does kind of glow so this part omitted, I was curious about more mundane tricks, not hardcore blackbagging shit. In any case the phone was happily reunited with its owner, and my burning curiosity has passed.2) Main question - what is the easiest way to carve out a private space on the phone to store shit in? Optimally it also shouldn't be indexed by the file explorer or show up in various photo/document/file viewers unless accessed through a specific app/feature, although I'm not sure that's possible. Second Space seems like what I'm looking for but I'm not sure how robust it is and how exactly the "split" works technically, if it's simply a separate group of folders I'm not seeing the point. (I consider myself a fairly tech-savvy person but phones aren't my area of expertise)
The unfortunate man's data is none of your business to snoop in. Don't be a dick.
As I said this particular guy's data holds zero interest to me, ~90% odds this is some random local alcoholic who dropped the phone during some scuffle (a torn jacket hanging off a nearby bush did not fill me with confidence), I'm curious about the methods/tricks in general. Besides, if I didn't "snoop" the missed call notification I would've had literally zero clues towards the actual owner short of putting up posters or something, which definitely sounds like too much effort.
As far as I know, yes, there are forensic tools that could do some of what you want. You likely can't get them legally unless you're a LEO or something like that, but probably if you have access to the right darknet places you can get at least some of those (it's just code after all so anybody could use it). I have no personal experience though with this, just stuff that I read about in various places on the internet (which as we all know only contains true and verified information and can be always trusted). Most of the tools would rely on some bugs or logic holes so success of applying them to a particular phone would highly depend on the model, OS version, settings, etc.
There was a famous case where the FBI had trouble accessing San Bernadino shooter's iPhone (Apple can be better than random Android in this due to the fact that they can have unified model covering everything) but they were able to successfully break the protection anyway. The people who specialize in it likely have a lot more tricks in their bags, but those are not going to be revealed to a random dude, they a worth quite a lot of money and they won't do it for everybody. If you were an FBI officer, you probably would be able to get them to help you.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link