Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
This morning I stumbled on a lost phone while on my way to the wage cage, and decided to do my good deed for the year and return it to its rightful owner. This took some head scratching since the phone was password-locked, no contacts were saved to the SIM, and he hasn't responded to Telegram DMs (suppose the phone which he lost was his only gateway) so the only thread I had was his employer eventually calling the phone at some point and agreeing to pass on the message when the phoneless man eventually clocks in.
This story is unremarkable and secondary to my actual point, which is that I am a
nosycurious person by nature and a mysterious password-locked phone is burning a fucking hole in my pocket as it waits for its owner; while I solemnly swear that I am up to some good for a change I admit I'm deathly curious if there's anything I could actually do with it if I wanted to without wiping the entire thing. USB file access is obviously disabled, ADB doesn't see it, and the stock Android screen lock seems to be fairly robust and doesn't let me so much as pull down the notification bar... except not robust enough apparently since I could tap Medical Info and pull it down from that menu just fine (which yielded me the employer's number from the missed call notification).Eventually I retraced my chain of thought and realized that it also seems prudent to protect my own phone from people like me just in case, I never lost a phone in all the years I had one (in fact I'm pretty paranoid about keeping it around at all times) but it only takes one lapse in vigilance, and I'm not sure if a stock screenlock/password would be enough. In hindsight I feel horrified at how careless I was in never setting at least a basic screenlock in all these years, god knows I have some, ahem, sensitive things saved on my phone. I'm usually not this sloppy with opsec.
TL;DR:
1)
Any known neat tricks I can make locked Android phones do to spill some parts of their contents, however miniscule? The above medical info trick really made me feel like a proper fucking h4x0r despite how meager it really was, surely there must be more funny loopholes.Alright I suppose this does kind of glow so this part omitted, I was curious about more mundane tricks, not hardcore blackbagging shit. In any case the phone was happily reunited with its owner, and my burning curiosity has passed.2) Main question - what is the easiest way to carve out a private space on the phone to store shit in? Optimally it also shouldn't be indexed by the file explorer or show up in various photo/document/file viewers unless accessed through a specific app/feature, although I'm not sure that's possible. Second Space seems like what I'm looking for but I'm not sure how robust it is and how exactly the "split" works technically, if it's simply a separate group of folders I'm not seeing the point. (I consider myself a fairly tech-savvy person but phones aren't my area of expertise)
1 - Honestly the basic device lock of a reputable brand of phone (Apple, or one of the big non-chinese Android) is beyond the capabilities of the common of mortals; it usually takes intelligence agency level ressources to even consider it. And it's likelier that those agencies simply have a backdoor in place anyway or trust in their ability to lean on the device manufacturer to help them in. Or they'll use the 5$ wrench bypass.
Now outside of the basic lock, there's a few things to consider. Some manufacturers have online accounts that have features that, if enabled, could potentially be used to reset a device's lock. I think Apple forces you to wipe your phone, and I think Samsung does too now. But at least it used to be an option, and probably still is for some manufacturers.
The main way people get their phone hacked is not through the lock screen, but by installing things they should not, the same as on the computer. But instead of Roblox hacks, they see an ad telling them they can get free premium currency in their favorite gacha waifu skinner box by installing this one off store APK and give it permissions to everything.
2 - I don't know Second Space, but as I use Samsung I do know the Secure Folder; it's not just a separate set of folders, it's more separate than that; apps in the standard context cannot see or interact with the data and apps in the Secure Folder context. I'm not sure exactly how they do it, but theoretically that part is not a difficult thing to do.
What is more difficult, is making sure the operating system itself doesn't leak the data; as it necessarily have access to both sides of the fence. For instance, that happened very recently with Samsung: https://www.sammobile.com/news/we-found-a-security-flaw-in-one-ui-7-secure-folder/ (to be fair, it's not necessarily a security bug as the settings probably work as Samsung thought it should, but it's a UX oversight that can likely lead to unintended disclosure for the user).
Ultimately though, that is the root problem of all computer security: computers are fancy calculators, they are not conceptually inclined to protect information. They have to be tricked into protecting information, and it's easier to trick them into disclosing it.
Yeah that's how I imagine the failure mode/drawback of such things, I have a cheap-ish xiaomi phone and the Second Space feature AIUI is essentially a second "desktop"/container you can switch to at will that's running the same OS, and the two are essentially separate installs beyond the basic features. It sounds impressive (and a hassle to set up) so I wonder how it's actually done under the hood and whether the filesystems are somehow separate too without it being obvious.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link