An acquaintance had his phone taken away at a US airport by a border guard (or whatever you call them) for inspection. The guard went through his messaging apps, read chats. I understand the necessity for occasional physical searches for contraband or what have you, but reading private conversations is beyond what I can stomach. That, together with the infamous case of some guy being forbidden entry to US because he had the wrong meme on his phone, feels like Soviet Union bullshit. Actually, now that I mention this, reading my messages is fine compared to looking through my photos. I find it insane that this is happening in a first world country. I'm not a fan of hyperboles, but, man, this is just like what I'm told Soviet Union was like. I think I'll be skipping events in US for the next decade or so.
Even a single CBP employee scrolling through your texts feels like too much to me. But when they take your phone, they're making copies of all the content in the phone and as much as possible from any apps/websites you're logged into. And that permanently lives in a database which doesn't afford you even the very thin veil of protection against misuse that a US citizen might be granted.
They plug the phone into a computer and use software to literally clone it, so everything on the phone. All logs, emails, messages, photos, contacts, deleted files if they’re recoverable, passwords, everything.
The latest iPhone model in lockdown mode would be super resistant. Lockdown mode is specifically engineered to protect against Cellebrite / Pegasus-level threats.
However, if you’re a noncitizen you might be refused entry, and if you are a citizen you might never see that phone again. The phone will be stored for years until/if Cellebrite finds a vulnerability in that iPhone model, and then it will be searched. Also the government might target your future phones for Pegasus-style remote attacks, so if you present your phone to CBP in lockdown mode, you may want to leave lockdown mode enabled forever.
Modern iPhones are very, very hard (impossible) to crack today if they’re locked down properly: strong password, biometrics disabled, and/or lockdown mode.
Slightly out of my depth, hopefully others weigh in.
Getting a very good lockdown mode requires both owning the entire stack (Apps + OS + Silicon) and being willing to sacrifice repairability (swapping chips/cameras/displays/touch controllers is a good way to help hack into a phone), and willingness to spend a lot of money on something that few people would actually pay for. Apple is the only company that's even positioned to take on this challenge.
AndroidOS has to work with a bunch of core functionality chips that Google/Samsung don't make. Having a bunch of different code paths/interfaces for a bunch of different SoC's, cellular modems, touch controllers, and cameras is not a winning recipe for security. Both Google and Samsung also use their own SoC's (Google Tensor G5, Samsung Exynos) but Samsung also uses a lot of Qualcomm Snapdragons ... and if you're using someone else's SoC there's no chance in hell of coming up with a proper "Lockdown Mode". Samsung or Google might be able to come up with a fully integrated solution someday, each have invested in parts of this. Beyond SOC's, Samsung has their custom silicon which helps them lock down security for their combo touch/display controller. Samsung has also invested a lot into customizing their Knox Secure Folder solutions (and everything else branded "Knox" as well, which is all mostly industry-leading for Android options). Google has the Pixel with their own Titan M2 security chip, and obviously they own the OS.
But it's a lot of work when so much of your engineering is dealing with changes that other companies are making. Google has to keep up with Samsung's hardware changes, because the tail wags the dog there, and Samsung spends a lot of engineering time figuring out how to deal with / customize / fork changes to AndroidOS that Google pushes (while the dog still wags the tail, too). Both have to deal with whatever Qualcomm throws at them for cellular modems, and it required a monumental effort/expense from Apple to only just recently bring up a replacement for Qualcomm's modems.
It is configurable. It can be used to charge (either way), for data transfer, or for remote control. You can set it up with a fixed behavior, or to request permission everytime you plug a data cable.
Right this was in the context of Canadians visiting - they can’t deny entry if you’re a US citizen but they can certainly make the entry uncomfortable.
They connect it to a little box that hacks into the phone and downloads everything. Search for "Cellebrite Universal Forensic Extraction Device (UFED)" or "Grayshift GrayKey". The border agent doesn't have to know anything about phones/computers, it's just "plug in, press button". With modern phones, they really only work if you unlock your phone before handing it to them, and they'll make you do that. If you don't unlock the phone and let them walk off with it for awhile, they'll refuse you entry into the USA and send you back.
US citizens are, of course, allowed in even if they refuse, but they will confiscate a citizen's phone in exchange for a custody receipt (Form 6051-D) and they are supposed to return it to the US citizen after they break into the phone / crack the encryption. If they can't crack it, they can choose to never return the phone to the US citizen. And it can be a very stressful situation in which citizens may not know what their rights are in the moment (or can't afford to replace their phone or lose access to it because how would you even get an Uber from the airport or coordinate a pickup if you don't have a phone).
You can choose to bring burner phones or make sure your phone is freshly factory reset, but if you're a non-citizen that can also be a reason to be refused entry, and if you are a citizen that can "get you on a list", leading to getting "SSSS" stamped on every boarding pass for every flight you take, in every country in the world, for the next many years. If your boarding pass gets "SSSS" written on it, you will get pulled aside by security and all your bags get individually hand-searched prior to every single flight (even transfers/connections/layovers).
Non-citizens are also sometimes asked for a list of your social media accounts and the passwords to their social media accounts. Refusing to provide your passwords can be used as a reason to refuse entry to the USA. If the USA believes you have a social media account that you failed to tell them about, that can also be a reason to refuse entry.
Also, as of recently, visitors from 38 countries have to post a ~$10,000 bond just to be allowed into the USA.
I tried entering without a phone or anything other than the clothes I was wearing so they didn't have anything to search. So instead they got a warrant for a cavity search (I'm still chased by debt collectors for this, as I was brought by prisoner van to a private hospital) , because they can't stand to not have anything to look at. They will fuck with you ruthlessly if there isn't something for them to scrutinize upon entry.
This is one of the big reasons I won't travel to the US anytime soon, even for work events. I really don't want to be put in a situation where you have to give a border guard access to your phone or risk detention or a future travel ban.
Yeah I've never travelled internationally with my regular devices. I keep my last gen phone, a cheap LTE/5G tablet and a Chromebook as travel devices with limited data that I wipe/reload before/after crossing borders.