Comment by sunshowers
1 day ago
Android backups are encrypted at rest using the lockscreen PIN or passphrase: https://developer.android.com/privacy-and-security/risks/bac...
So not hugely secure for most people if they use 4-6 decimal digits, but possible to make secure if you set a longer passphrase.
I don't know what Google's going to do about this UK business.
edit: Ah it looks like they have a Titan HSM involved as well. Have to take Google's word for it, but an HSM would let you do rate limits and lockouts. If that's in place, it seems all right to me.
I wonder how hard it would be for the US government to force Google to just get the lockscreen pin off of your device or for them to just infect your device with something to capture it themselves.