I’m running Graphene on a Pixel 6. I lost it and someone opened it somehow and called two of my contacts to give it back.
I’m a bit confused how this even happened. When I got the phone back, they were going through my contacts. I checked app usage stats and they went through a banking app (not missing money), maps, signal, etc.
Is there a way to figure out how they even unlocked my phone?
My guess would be that maybe it wasn’t locked in the first place or they happened to randomly try a few pin combinations & got lucky…
I think those are most likely scenarios.
Now if you’re some very important person who could be target then I wouldn’t assume what I stated previously & instead assume the worst.
My mom says I’m very important … so I’ll assume this was a state actor
But yeah, this is most likely. I changed my settings to lock faster with a longer pin
Is your pin something like 1234? Do you have emergency contacts set up? Do you have a setting to not lock the phone until very long? Or a smart unlock based on location or any other automation setting? An easy password hint pops up or something? Perhaps your parents forgot to mention you had a twin, who face unlocked it.
Regarding app usage, my guess is they tried to see whom to contact to give your phone back, or map history, the banking app could be a touch by mistake too.
Hey, how did you guess my secret pin!? That is a very difficult pin that I’ve had for every account for years! /s
I have that same combination on my luggage!
Perhaps they simply took out the sim card and inserted into another phone, giving them access to contacts (that could have been saved into the chip instead of the original phone)?
Good thinking but doesn’t explain how they accessed the apps.
That’s true. They must have gained access to the phone itself somehow.
There’s no way it’s that easy… is it??
No, it isn’t. I’ve used many Android phones over the years and none have ever defaulted to storing contacts on the SIM. SIM storage is very rudimentary, and you’d have to go out of your way to make use of it.
True , however most people do not use a pin for sim. And if you have the access a lot of info can be gain from a simcard. And even if you ain’t got access to network, any incoming traffic will go to you.
They clearly seemed to mean well. Maybe you can ask?
I imagine you may have lost your phone while it was still unlocked. It’s possible that there’s a Graphene lock screen bypass out there, but I doubt someone with such knowledge will use it to return your phone to you. Most “hacker” style lock screen bypass I imagine someone wanting to return the phone will do is checking for smudges on the PIN area of the lock screen and determining the code from that.
To combat someone unlocking your phone through smudges, you can enable PIN scrambling.
When you find out let me know
Was it perhaps unlocked when you lost it?
I know I’ve set my phone down unlocked a few times; particularly at work (in a warehouse).
Ask the graphene devs.
Do those contacts happen to be your ICE? Some phones will allow those from the emergency dialer without unlocking. Don’t know about grapheme.
If someone calls you and theres a missed call notification can they just click it to call back without unlocking the phone?
Oh i didnt notice they went through other apps. Maybe they were watching you and saw you input your pin and then stole it and checked your stuff to see if they can get something useful and then returned it?
Wouldn’t a thief just factory reset and sell it, instead of taking the additional risk of returning it?
Unless they installed some spyware to try to steal more passwords, or duplicated the 2fa auth keys, or have some rmeote viewer app running now to steal text 2fa keys, or whatever else. You could steal way more in the long term than the couple of hundred that a used phone would go for.
You need the pin/password, regardless if the phone was unlocked or you fooled the biometric scanner, to wipe it. If you factory reset it by the recovery method, it will want the Google account that was last signed in before it lets you proceed. it’s been years since I had to do this, but it is a nice attempt to reduce phone thefts. (that is (might be?) nullified on graphene as it can skip the gps package, but for the usual user it’s a nice feature)
This maybe a strange suggestion. Aside from the banking app, it seems like the maps and contacts app were used with good intentions to return the phone. The person returned the phone to your friend, so clearly had good intentions. Your friend may have the phone number of the person in their call log when they called to return, unless of course they used your phone to call. If possible, have you thought about calling that person and asking about this just out of curiosity?
Yeah. It was clearly good will. Even the banking, they probably didn’t realize the app was banking (foreign bank). Signal was Molly, so they honestly were personally confused since I run KISS Launcher.
The problem is that they used my phone to call my contacts.
they honestly were personally confused because I run KISS launcher
This is what I think would happen if someone stole my laptop. Even if they got my password, they would need to figure out how to start sway, and then launch any useful application. I know there’s no security in obscurity, but I think it would be pretty funny to see someone try
I highly recommend 𝗧𝗘𝗖𝗛𝗥𝗘𝗩𝗢𝗞𝗘 anyone who has been scammed or hacked and needs help recovering their funds https://www.instagram.com/techrevoke
If they were able to guess your pin, you should probably switch to a longer pin or a password. It seems insane at first to type a long password, but if you pick two long scientific words, its secure with only letters.
I use a password longer than the android limit (16 characters) since graphene allows longer; I use letters numbers and symbols. But I also use biometrics, because fuck typing that every time I need to open my phone. Allows for a very secure fresh (re)boot state, and with decent security when it has been unlocked at least once. I also use Locker, which (assuming it works, it’s a few years old now, luckily never had to see) lets you set a max number of unlock attempts before using admin privileges to wipe. And graphene lets you set a ‘time since last unlock’ auto-restart, to get that initial secure state back.
Probably overkill, but I have leos in the family and I have been harassed before several times over the years (often without any cause or merit), as a teenager and beyond, and I don’t trust anyone wearing a badge anymore. So ‘plan for the worst, hope for the best’ is my strategy.
Is it possible that something else was installed to the phone? If they manage to hack it open, then potential reason to return it to you is to spy on you.
theyd have to be important, unlikely. even if this is cia shit tjey wouldnt make it obvious someone got in
Why not? Most people ITT clearly don’t seem security minded enough to even think of that as a possibility.
Gonna need to know more. What method do you use to lock your phone? Is it rooted?
Also: did they return the phone to you, or to your friend? Could it be your friend who went through these apps?
Fingerprint and pin code. They left the phone at a store nearby and I went to pick it up
Unrelated. Have you considered using a work profile?
That way you can have two factor authentication when unlocking your phone. You could use a PIN code for the main unlock, and a biometric for apps in the work profile. That way you would have to have both something you are, and something you know.
How do you lock your work profile?
Settings, security, more security settings:
Under work profile and security:
Disable - use one lock for work profile and device screen
Configure - work profile lock, use a different code, only needed at boot time.
Enroll finger prints for biometric unlock.
Thanks, I use Workprofile for crap apps, but if I wouldnt need those this would be a good idea!
You could put the crap apps in the main profile, and then the important apps in the work profile. Then the important apps would have two factor
I am not really leaving my device locked haha, or if, then I would also always have the work profile locked. Also I dont trust Androids init system, apps just randomly run in the background and there still is no way to completely prevent that. So I keep them in the work profile
On Grapheneos I’ve been using the disable app option aggressively, to have installed apps that only run when I need them. I do have to enable them from the app settings, which is a little annoying but the hotel booking app doesn’t need to be running all the time.
They disappear from launchers which is very bad UX
