How does Apple protect user privacy against Grayshift and Cellebrite?

This is very old news. The brute-force attacks implemented by Cellebrite and Grayshift were rendered ineffective in iOS 8, over a decade ago. Those methods required physical access to the device. USB Restricted Mode was partially implemented in iOS 11 and fully implemented in iOS 12. At present there exist no brute-force methods of extracting data from any recent iPhone model running any recent iOS version.

Allow USB and other accessories to connect to your iPhone, iPad, or iPod touch - Apple Support is one consequence of that implementation.

For more information read Introduction to Apple platform security - Apple Support. Apple's commitment to privacy and security is so zealous that one large formerly free allegedly civilized country recently compelled Apple to implement a "back door" accessible only to authorized agencies, whatever that may have been. Apple refused. This despite the fact even acknowledging the order would violate that very same law. Apple "outed" them instead.

Pull quote (with emphasis):

"The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment."

If you still want to consider alternatives I recommend the following:

So secure that no one even knows how to use them.

Hello~ Keeping your iPhone updated and using strong passcodes are your best strategies. What would you “consider” safer than an iPhone?? You could always use Lockdown Mode I suppose…

About Lockdown Mode - Apple Support

~Katana-San~

Law enforcement uses software like Grayshift or Cellebrite to break into people's phones without cause.

If the police have gone as far as confiscating your phone, then they have already determined probably cause. In most, but not all cases, a court order is required before they can use either to access a device.

I guess the real question here is; if you haven't done anything that would cause the police to confiscate your phone, why are you concerned?

You will most definitely want to review and reconsider your security, yes.

This is not the best forum for obtaining technical advice and support for device security and around resistance to forensics tooling, either.

As of a couple of years ago, Cellebrite capabilities were reportedly fairly limited:

• https://www.404media.co/leaked-docs-show-what-phones-cellebrite-can-and-cant-unlock/
• https://9to5mac.com/2022/04/29/cellebrite-iphone-cracking/
• https://9to5mac.com/2024/07/18/cellebrite-cant-unlock-many-iphones/

Based on available information, that means an iPhone with A12 processor or later, running current iOS 18.4, and with a robust device password and with two-factor authentication, lockdown, and quite probably some additional steps, will be preferable for your use.

Not any device with A11 and earlier, nor with older iOS versions.

This is all subject to change as details including available exploits and as legal access requirements can shift.

I’m less familiar with details of Android, GrapheneOS, and some other potential alternatives.

In the US, warrants are not required for confiscating and attempting device access in various circumstances, including some situations commonplace for many. US legal precedents are mixed. And similarly, countries’ and regions’ local practices and laws will all vary by jurisdiction.

If you believe yourself at risk to forensics tools accessing protected or sensitive data such as attorney-client data or healthcare data or commercial trade secrets or otherwise, you will want to take steps to not have sensitive or problematic information with you when at greatest risk, or to have that information robustly encrypted.

There are organizations which can help establish the security robustness you are (indirectly) seeking here, too. You will want to seek those out.

Related: Better Securing Your Data, and Apple Acco… - Apple Community

I’d also suggest some reading at Citizen Lab, among other available resources.

This is a user to user only forum. We aren't Apple, nor can we speak for Apple. I have no clue about either of the tools you suggest law enforcement uses. I'm not concerned about them either as I'm a law abiding person and there simply would be no reason for anyone to use such a tool on my phone. I'm also not sure if it's Apple's job to protect you from Law Enforcement if they have a legitimate reason to investigate you. But that's a subject best discussed somewhere else. Ultimately, we can't speak for Apple at all.

A final note, if you think you should reconsider owning an iPhone, by all means reconsider it. But if you honestly think Android/Google/Samsung has better security, I'd recommend rethinking that one.

cayoyay wrote:

Law enforcement uses software like Grayshift or Cellebrite to break into people's phones without cause.

No, they don't. As pointed out above, if they have your device, they already have probable cause to search it.

If you truly believe it was done "without cause", call your lawyer.

Is Apple committed to protecting users' privacy? Is there a tool we can use to prevent this privacy violation?

What is Apple doing to help prevent this problem?

I have had iPhones ever since they first came out, but if my information is at risk at any given point, maybe I should reconsider

[Re-Titled by Moderator]

If your'e really that concerned about what law enforcement would find on your iPhone, I highly suggest you destroy ALL of your electronic devices and don't replace them until you're committed to not doing things that are illegal and could be used against you.

John Galt wrote:

If you still want to consider alternatives I recommend the following:

So secure that no one even knows how to use them.

Except maybe toddlers. I believe you can still buy this version of a classic toy:

Mattel – Fisher Price Chatter Telephone, Baby And Toddler Pull Toy

Of course, If the Government has probable cause, and can get a court order, they can tap all of your phones. It wouldn't matter whether your phones were iPhones, Android phones, dumb cell phones, or rotary dial phones. The Government would get the carriers to intercept your phone calls at the network level. If you were calling a "business associate" to "dispose of" another "business associate" because an illegal drug deal had gone down wrong, and the Government was listening – well, it sucks to be you! Especially if the second "associate" learned about your plans and decided to return the "favor."

If your adversary was someone like Kim Jong Un or Vladimir Putin, someone who didn't particularly care about things like due process, even secure end to end encryption would not necessarily save you.

See: XKCD – Security

Hello~ Excellent information!! I know how to use pictured phone and in fact have one…

~Katana-San~

cayoyay wrote:

I have had iPhones ever since they first came out, but if my information is at risk at any given point, maybe I should reconsider

That is laughable. What are you even considering? AT&T still makes a cordless landline phone, but you are limited to about 100 feet. And don't forget they can still use a wiretap to listen to your conversations. Yep, you have some thinking to do.

Legally there have been court cases that have gone both ways for law enforcement to compel users to unlock their device and nothing else would then be needed. For mobile device security, you will find nothing better than an iPhone. That is true for on-device data and also iCloud data where additional options are available such as Advanced Data Protection. The most well known case is the FBI case that failed to force Apple to unlock a device or provide a backdoor into the OS. There is a reason why you have never heard of a case where the FBI was unable to unlock an Android phone.

Indeed, one very senior commentator had some choice words about that particular directive. Some of them are unsuitable for this site.