An anonymous leaker has disclosed details from a Cellebrite briefing, showing which Google Pixel phones are vulnerable to the company's data extraction tools. The information highlights differences between stock Android and the security-focused GrapheneOS. While most Pixels running stock software can be accessed in various states, updated GrapheneOS devices remain largely protected.
An individual using the handle rogueFed attended a Cellebrite briefing via Microsoft Teams and shared screenshots on the GrapheneOS forums, as spotted by 404 Media. The leaked matrix details Cellebrite's support for Google's Pixel 6, Pixel 7, Pixel 8, and Pixel 9 families, but omits the recently launched Pixel 10 series.
Cellebrite categorizes access into three states: before first unlock (BFU), where data is encrypted; after first unlock (AFU); and fully unlocked. For Pixels running stock software, Cellebrite claims it can extract data in all three states on the Pixel 6 through 9 series. However, the tool cannot brute-force passcodes for full device control, and law enforcement remains unable to copy eSIMs from Pixel devices. The Pixel 10 series is shifting away from physical SIM cards.
In contrast, Pixels with GrapheneOS—a custom Android OS without Google services—prove more resistant. The matrix indicates access only to versions from before late 2022, predating the Pixel 8 and 9 launches. On updated builds, BFU and AFU states are secure from Cellebrite. As of late 2024, even unlocked GrapheneOS devices prevent data copying, though inspection is possible through other means.
The leaker, who joined two calls undetected, also named the meeting organizer, likely prompting tighter screening by Cellebrite. Ars Technica has contacted Google for comment on why GrapheneOS outperforms stock Pixel OS against such tools, with updates pending.