• Depends. An encrypted data volume could be theoretically uncrackable.

      Most android devices actually work this way, afaik. Before the first unlock of the device, after boot, the entire data volume is encrypted.

      Not very strongly, if you use a pin, but repair mode could be set to require a proper password.

      • The device unlock pin isn’t directly used for encryption. It only needs to be strong enough to stop people from manually guessing it from the lock screen.

      • Yeah the current problem is both systems and data usually use the same password. If they separate it out you could boot and check the system without data. Or in this case repair mode could temporarily ensure the data volume uses a different password.