Hacker Newsnew | past | comments | ask | show | jobs | submit | styyle14's commentslogin

Well, this would require them to wipe your phone's data, so you would be alerted as soon as it happened since your phone would not have any of your old data once you logged in. If a malicious attacker is able to take your phone without you noticing and be able to replace it, the difference of a locked or unlock bootloader won't change the fact that you are going to put in your PIN on boot. Instead of replacing your OS with a malicious OS, they could simply replace your phone with a malicious copy of your phone and get your PIN on the first bootup. They still get your PIN and you still lose your data. The benefit of LineageOS is that it is open source and can be built yourself, so anyone can check the code for backdoors/vulnerabilities. This also means you get all updates as soon as you can build them.


LineageOS is a great OS. People should continue to use it for learning, fun, and getting things done.

Please elaborate though. How is an unlocked bootloader is more secure than than EngineerMode appearing on a phone [1]? Conclusion #6:

> Encryption is insecure with an unlocked bootloader or an open-access recovery.

If you have LineageOS with TWRP and an unlocked bootloader then it appears you have an insecure device.

[1] https://forum.xda-developers.com/android/software-hacking/tw...


In a security sense, this is actually a very real concern with which even a warrant canary cannot help. Could you provide hard evidence that Signal's developers have NOT been "gagged" or "blackmailed"? I think such a proof would be infeasible at best.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: