← All Guides

Using a Secure Phone While Traveling

Crossing borders, connecting to foreign networks, and operating in unfamiliar environments all increase your exposure. A secure device helps, but preparation and awareness are what keep you protected.

Border checks and device searches

Border agents in many countries have legal authority to inspect electronic devices. In the US, Canada, Australia, and the UK, agents can request that you unlock your phone and may detain you if you refuse. In some jurisdictions, refusing to provide a passcode is a criminal offence.

Prepare for this before you travel, not at the border.

• Use a clean profile. Switch to a minimal user profile before crossing. This profile should contain no sensitive data, no messaging apps, and no account credentials. On GrapheneOS, inactive profiles are encrypted and inaccessible.
• Enable auto-reboot. If your device is seized and powered off, it returns to the fully encrypted "Before First Unlock" state. Data extraction tools are significantly less effective against a device in this state.
• Consider a travel device. For high-risk border crossings, carry a separate device with only the essentials. Leave your primary device at home or ship it separately.

Device exposure risks

When traveling, your device faces risks that do not exist at home.

• Foreign networks: Connecting to local carriers exposes your IMEI and SIM identity to that network operator. Use your global eSIM rather than purchasing a local SIM tied to your passport.
• Hotel and airport Wi-Fi: These networks are frequently monitored, poorly secured, or actively hostile. Never connect without your VPN active. Assume all traffic on public Wi-Fi is visible to third parties.
• Physical theft: Phones are high-value targets for street theft in many cities. A stolen, locked GrapheneOS device with auto-reboot enabled is effectively a brick. But prevent the situation in the first place: keep your device on your person, not in a bag.
• Charging stations: Public USB charging ports can be used for data extraction ("juice jacking"). Use your own charger and power adapter. Never plug into unknown USB ports.

How to prepare

• Review your profiles before departure. Remove anything you do not need while traveling.
• Confirm your VPN is working and set to auto-connect.
• Ensure auto-reboot timer is enabled (configured by default on our devices).
• Back up critical data to encrypted storage before you leave. If the device is lost or seized, you still have access.
• Note your Threema ID and Mullvad account number separately (written down, not in the device). If you lose the device, you can restore communications on a new one.
• Set up your emergency PIN if using Phantom Protocol. Know what it triggers before you need it.

What NOT to do

• Do not carry sensitive files on the device unless absolutely necessary.
• Do not log into personal accounts on hotel business centre computers.
• Do not leave your device unattended in hotel rooms. Use the room safe or keep it with you.
• Do not connect to Bluetooth accessories you did not bring yourself.
• Do not post your location on social media in real time.
• Do not assume that "nothing will happen." Border searches, device theft, and network monitoring are routine in many countries, not exceptional.