6
What are the consequences of an unlocked bootloader on Android phones? (discuss.tchncs.de)
submitted 3 weeks ago* (last edited 3 weeks ago) by gandalf_der_12te@discuss.tchncs.de to c/asklemmy@lemmy.world
14 comments fedilink hide all child comments

Consider i have a phone, and it's bootloader is unlocked. What is the worst that could happen?

I'm interested in the security aspect of it. Consider you're detained by the police, and they want access to your phone. Can they get access if the bootloader is unlocked?

What is the role of the password? I.e., i'm using a 4-digit PIN for my phone today. Can the phone's data be secured against police force if they get physical access to the phone?

To further elaborate:

I'm well aware of the XKCD:

I'm wondering, apart from applying physical force, what are the surveillance aspects? Could somebody sneakily install spyware on my phone that can read all files on the phone's internal storage if they get a physical hold of it for (let's say) 15 minutes?

top 14 comments
sorted by: hot top controversial new old
[-] Zwuzelmaus@feddit.org 3 points 3 weeks ago

consequences of an unlocked bootloader

The Transport of London app refuses to start on your device (as well as several other apps from overly hypocritical idiots).

[-] N00b22@lemmy.ml 2 points 3 weeks ago

No banking apps

[-] 30p87@feddit.org 2 points 3 weeks ago* (last edited 3 weeks ago)

While unlocking the bootloader [...] unleashes the full potential of the bootloader, it also poses a security risk. Even with your lockscreen protected with a pattern/PIN/password, not having flashed a custom recovery, having an anti-theft app installed (maybe even converted/installed as a system app) your phone's data is easily accessible for a knowledgeable thief.

All the thief needs to do is reboot into the bootloader and boot or flash a custom recovery such as ClockWorkMod or TWRP. It's then possible to boot into recovery and use ADB commands to gain access to the phone's data on the internal memory (unless you have it encrypted) and copy/remove files at will.

Granted, the risk seems low. The thief would not only require knowledge of fastboot, he would have to turn off the phone before you have issued a wipe command using an anti-theft app. You could of course flash back the stock recovery & relock the bootloader after being done with flashing stuff, but that would require you to unlock it again if needed which will erase your userdata.

Of course, a thief can/is also the government.

But, most phones can be unlocked by the pigs regardless, with eg. Cellebrite. The best bet is probably a pixel, as it can be relocked easily, with graphene. Or no phone at all.
Also, I'd guess many Cellebrite tricks work with (weak?) pins/patterns. Use a password, and no fingerprint. And on eg. graphene, the emergency wipe after 10 wrong pws etc.

[-] gandalf_der_12te@discuss.tchncs.de 0 points 3 weeks ago

Thank you for your comment.

I assume using a password is better than using a PIN/pattern (as you said) because it has more entropy.

IIRC Android actually encrypts all userdata by default nowadays but it only encrypts userdata and not the system partition.

So if an attacker got access to the phone, they could install an update on the system partition that includes spyware and then spy on my password next time that i enter it. So once an attacker got a hold of my phone, i should assume they installed spyware on the system partition and the phone is no longer trustworthy. In that case, i'd have to flash and reformat the whole phone.

(If i re-lock the bootloader, it has the advantage that i'd be notified if an attacker wrote updates to the system partition because all userdata would be wiped.)

[-] WhyJiffie@sh.itjust.works 0 points 3 weeks ago

(If i re-lock the bootloader, it has the advantage that i'd be notified if an attacker wrote updates to the system partition because all userdata would be wiped.)

are you sure that makes the data wiped? as I know, locking itself wipes, but it is not possible to write partitions anymore with standard tools, and the bootloader will check signatures with dm-verity (a linux tool) and if it doesn't match it'll just refuse to boot

[-] gandalf_der_12te@discuss.tchncs.de 1 points 2 weeks ago* (last edited 2 weeks ago)

no, locking itself doesn't wipe. unlocking wipes. at least on most devices.

[-] hexagonwin@lemmy.sdf.org 1 points 3 weeks ago

Someone who stole it can flash their own modified OS. And dump the phone's data, probably in an encrypted state.

[-] mesamunefire@piefed.social 1 points 3 weeks ago

Yes but no. Physical access sure. Software access, probably not. Also more depends more on the os than the firmware.

[-] fuckwit_mcbumcrumble@lemmy.dbzer0.com 0 points 3 weeks ago

Someone can easily extract all of your data off the phone/install malware.

[-] CanadaPlus@lemmy.sdf.org 0 points 3 weeks ago

With prolonged physical access, and a particular definition of "easily".

[-] fuckwit_mcbumcrumble@lemmy.dbzer0.com 0 points 3 weeks ago

If the bootloader is unlocked then very easy. Just boot a custom recovery and backup the internal storage to your pc. Nobody's going to try to extract the entirety of your phones storage while you're taking a piss.

[-] WhyJiffie@sh.itjust.works 0 points 3 weeks ago* (last edited 3 weeks ago)

that's not how it works at least for half a decade now. unless a manufacturer has gone way out of their way to disable it, android phones need to support some kind of data encryption to be certified by google

[-] fuckwit_mcbumcrumble@lemmy.dbzer0.com 0 points 3 weeks ago

I never said it wouldn't be encrypted. But if they extract it and they're willing (or there's an exploit) they could de encrypt it.

Or it could be like the Android 7(?) days where you flash a quick zip and your data is unencrypted.

[-] sunzu2@thebrainbin.org 2 points 3 weeks ago

they could de encrypt it.

this would depend on a password's strength tho?

this post was submitted on 24 Jul 2025
6 points (100.0% liked)

Ask Lemmy

33994 readers
259 users here now

A Fediverse community for open-ended, thought provoking questions

Rules: (interactive)

1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online

Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija

Logo design credit goes to: tubbadu

founded 2 years ago
MODERATORS
candyman337@lemmy.world
Bluetreefrog@lemmy.world
TheSaneWriter@lemm.ee
TheSaneWriter@lemmy.thesanewriter.com
candyman337@sh.itjust.works
Asudox@lemmy.world
lemmy_bot@lemmy.world
beefbaby182@lemmy.world
ModeratorCan@lemmy.world
neidu3@sh.itjust.works
asudox@lemmy.asudox.dev