I was thinking about how my smartphone could resist if somebody would have it in its hands.
My Samsung Galaxy J5 2015 is encrypted.
Everybody can access TWRP, so everybody could secretly flash a modified version of /e/, that would send everything (password, pictures, etc) to the bad guy and spy on me, am I wrong ?
Does the encryption and the password REALLY prevent somebody to access my phone and/or read the data ? Does a modified firmware could bypass the password screen ?
If my password was part of the decryption key I would say no, but you can encrypt a phone even without setting a password, which means the decryption key is entirely on the phone and could be extract or used, am I wrong ?
Is there a way to prevent this ?