Smartphones are not safe

Where the author is correct

1. There is no absolute smartphone invulnerability

Yes. Any mass-market device will eventually get exploits—through SoC, Secure Enclave / TEE, USB stack, baseband, DMA, etc. Cellebrite, GrayKey, and similar tools really work, especially in AFU.

This is undisputed.

2. AFU is the most vulnerable stage

Also true. Once a phone has been unlocked at least once after boot, some keys are active, services are running, and the attack surface is huge.

This is exactly why GrapheneOS cuts USB access, reduces the attack surface, introduces auto-reboot, etc.

3. File-Based Encryption is a convenience compromise

Correct, with nuances. FBE was indeed introduced to support:

• Direct Boot

• Alarms

• Phone calls

• Services running before device unlock

It is a trade-off between UX and security, not a “pure win” for security.

4. The user does not directly control the keys

Yes. You do not “enter the key” yourself. Instead:

• you enter a password

• it participates in derivation

• the Secure Element decides whether to release the CE keys

This is an accurate description of the trust model.

Where the author is mistaken or oversimplifies

1. “Your password does not participate in encryption”

This is incorrect.

On modern Android:

• password → scrypt / Weaver

• used to derive keys

• without the password, the Secure Element will not release CE keys

The password is not just a “signal”; it cryptographically participates in the process.

The claim “the key is stored and can simply be extracted” is a forum-level oversimplification.

2. “If the chip is hacked, the data is immediately accessible”

Not quite.

Even if compromised:

• rate-limit bypass is needed

• hardware delays must be bypassed

• memory access is required

• proper boot context is required

This is why:

• BFU is often not compromised

• AFU is not always compromised

The author presents the Secure Enclave as a “cardboard lock.” This is false.

3. “Double encryption = absolute protection”

This is naive thinking, very common.

Why:

• if the SoC is compromised → password input can be logged

• RAM can be attacked

• TEE can be attacked before key erasure

• attacks can occur before screen-off

• side-channel attacks are possible

Two layers ≠ magic. It only reduces risk , not guarantees invulnerability.

4. “FDE was safer than FBE”

This is partly false, partly nostalgia.

True:

• attack surface was smaller

• nothing worked before password input

But:

• old FDE had weak key management

• worse multi-user protection

• worse isolation

• worse rollback protection

FBE is cryptographically stronger but architecturally more complex, and complexity = new attack vectors.