So which is the bigger practical risk in 2023? A person physically taking your phone and compromising it? Or a software update making your phone unusable and possibly suffer catastrophic data loss?
Yes. Note that the person in question doesn't have to be a random mugger on the street. It could be a suspicious spouse, nosey coworker, or a voyeuristic phone technician.
What "suspicious spouse"? If someone has personal computer and can sift data off phone via something like usb connection, they are probably either state level adversary or professional black hat.
At this point you may as well give up, because those people have access to (years old) 0-day exploits, which work flawlessly regardless of "security measures" used by phone manufacturer.
One who thinks the other is cheating and wants proof by sifting through texts or whatever.
> If someone has personal computer and can sift data off phone via something like usb connection, they are probably either state level adversary or professional black hat.
If bootloader is unlocked you can just replace the operating system with a backdoored version. Since theres no signature checking, there's nothing to check for this. No password cracking required. If you want to see what it looks like, look at x86 PC land where locked bootloaders aren't the norm: https://www.greyhathacker.net/?p=50
So have the fucking owner to put a password on it or have the device generate a random passphrase on first boot. Having locked boot loaders doesn't necessitate that you lock out the owner.
