GrapheneOS has had this feature. Unlocking after a reboot is only possible with PIN. Also the RAM is wiped. This increases security and lowers the risk of attackers gaining access. Be it physically or not.
Leaving your keys in memory is the weakness that could potentially let authorities into your phone. This could harm people. If your phone has rebooted, and you haven’t logged in yet, there are no keys in memory. That means your data is encrypted at rest.
For the sake of comparison, this was also implemented in iOS 18.
The before first unlocked state is considered more secure, file/disk encryption keys are in a hardware security module and services aren’t running so there is less surface for an attack . When a phone is taken for evidence, it gets plugged into power and goes in a faraday bag. This keeps the phone in an after first unlock state where the encryption keys are in memory and more services that can be attacked are running to gain access.
This sounds less like security
And more like a backdoor
Google can already push apps to your phone at will via their remote installation service. How does this create or open a backdoor?
GrapheneOS has had this feature. Unlocking after a reboot is only possible with PIN. Also the RAM is wiped. This increases security and lowers the risk of attackers gaining access. Be it physically or not.
Leaving your keys in memory is the weakness that could potentially let authorities into your phone. This could harm people. If your phone has rebooted, and you haven’t logged in yet, there are no keys in memory. That means your data is encrypted at rest.
For the sake of comparison, this was also implemented in iOS 18.
Thanks for the voice of sanity. There are so many people freaked out by basic security measures that it boggles the mind.
It’s more like security theater if the phone doesn’t have the latest OS and doesn’t have the necessary hardware to block cellbrite in the BFU state
The before first unlocked state is considered more secure, file/disk encryption keys are in a hardware security module and services aren’t running so there is less surface for an attack . When a phone is taken for evidence, it gets plugged into power and goes in a faraday bag. This keeps the phone in an after first unlock state where the encryption keys are in memory and more services that can be attacked are running to gain access.