The question is always going to be “who are you defending against?”

If the CIA/FBI/MI5/KGB etc want in to your data, they’ll probably find a way. If it is just stolen, then the phone’s built in protection is going to stop anyone from brute forcing it.

But your biggest weakness is yourself. Do you really want to type in a 8 digit pin every time? No. So you’ll leave it unlocked for longer - which gives a theif more time to fiddle with it.

From what I’ve read on various Graphene posts, if the phone has just been rebooted and you haven’t unlocked it yet, it’s considered at an at rest state which means everything is fully encrypted until you unlock your phone. If you have the feature turned on where the phone auto restarts after a certain amount of time of idle use this would help somewhat mitigate the situation you’ve described.

GrapheneOS or vanilla Android/AOSP is likely the same — they all have telemetry, but that’s out of the scope of your question.

I’m just a regular user and have asked myself the same question.

It might be possible to access the data. If a bad actor really wanted to or the phone fell into a professionally phone scam network… your phone would be unlocked immediatly

See https://www.hivesystems.io/blog/are-your-passwords-in-the-green

So any extra friction you can provide will help you: passwords for different apps, 2FA, log out of apps especially banking, make sure no notifications appear on the lock screen, turn off USB file transfer, etc.

Security is:

1. something you know (password)
2. something you have (phone)
3. something you are (fingerprint)

The most paranoid among us should refrain from using phones in public, especially when crossing streets. Also keeping belongs close when travelling. The rest of us could do to change our passwords often. Fingerprint scanners are a good idea but perhaps not the index. Use a different finger and don’t let people see which finger you use.

deleted by creator