In this case, a pixel 5a5g with GrapheneOS. I use my phone as an additional backup location for all the various files on my laptop. I have yet to set the fingerprint sensor, because I don’t trust them, but I always make sure to set an eight digit pin screen lock before leaving the house. Now say I went out with my phone in this state and lost it. Anyone who found it, I realize, with evil intentions would probably just want to wipe it and sell it. But even so, how hard would it be for them to access the private data on my phone in a situation like this?

  • GrapheneOS or vanilla Android/AOSP is likely the same — they all have telemetry, but that’s out of the scope of your question.

    I’m just a regular user and have asked myself the same question.

    It might be possible to access the data. If a bad actor really wanted to or the phone fell into a professionally phone scam network… your phone would be unlocked immediatly

    See https://www.hivesystems.io/blog/are-your-passwords-in-the-green

    So any extra friction you can provide will help you: passwords for different apps, 2FA, log out of apps especially banking, make sure no notifications appear on the lock screen, turn off USB file transfer, etc.

    Security is:

    1. something you know (password)
    2. something you have (phone)
    3. something you are (fingerprint)

    The most paranoid among us should refrain from using phones in public, especially when crossing streets. Also keeping belongs close when travelling. The rest of us could do to change our passwords often. Fingerprint scanners are a good idea but perhaps not the index. Use a different finger and don’t let people see which finger you use.