Then, when traveling, have your friend carry a separate completely clean phone. If he's suspected and the phone is compromised, it won't be found.
When you say state actor, it implies that they're efforts are funded with and armed with the vast resources of a nation which means they could manipulate regular citizens, police forces, or potentially bring a considerable military force to bear against this problem, so the most effective approach would be to separate the person from the information entirely.
Those people are more organized than you. They are more motivated. They often have the resources to align Apple's and Google's interests with their own.
And they are more motivated than you. They are patriotic and surrounded by people who are patriotic and paid to be patriotic.
A state actor can travel to your state and get the information when just beating it out of you isn't the better option...but if you're in its state, beating the information out of you is probably the simplest thing that might work.
The revolution will not happen on your smartphone. Those days are past and the Arab Spring taught states all they needed to know.
Good luck.
Or maybe just to communicate their stance with regard to some matter so others are discouraged.
Don’t bet that they are following rules that respect your integrity.
Further, if you are in a country that manufactures key closed source components of the phone, you should assume that the government of that country can access the phone with the help of a backdoor or zero days embedded in the closed source software or hardware. iPhone is a good example.
Sandboxing in desktop is worse. Still you can better lock down a laptop if you know what you’re doing, since a computer is not linked to a phone number and you can leverage the flexibility.
The easiest way to travel state borders is to buy something like an old Dell Latitude (core2duo generation) with libreboot and a LUKS encrypted Linux on it.
Don't take your phone with you, especially if it's necessary for 2FA or can be (ab-)used for recovery of accounts.
Use a phone that's easily reflashable in case it gets compromised. Fairphone 3/3+ or Pinephone come to mind, depending on whether or not you want to deal with mobile Linux. Otherwise Xiamo Redmi Note 8/8T or devices with a MediaTek CPU. MediaTek ARM CPU has developer tools which have been leaked, and is a rootkit that can uninstall/reflash other rootkits :P
Note that there are already some rootkits in the ARM space so you also need to make sure the ARM blob hasn't changed, which is why I would not recommend a device that hasn't been integrated with the upstream kernel or hasn't got their blobs available.
Never use broadcom based wireless Hardware, because of broadpwn and bluepwn. Change the laptop's wifi card to an Atheros one.
https://www.pbs.org/wgbh/frontline/documentary/global-spywar...
Journalists, your parents, your friends... every contact can be weaponized.
You can attempt to trust apple's new features, but I don't think the world knows how effective they are yet. Going through a border with enhanced security features to defend yourself from state actors at great cost of convenience is going to make a person stand out.
Best answer from a US perspective is Michael Bazzell's work, with product specific to mobile phones having just been released: https://inteltechniques.com/book7a.html
Don't use one.
How ruthless is the foreign government? Make sure the person carrying the phone doesn't have the encryption keys.
You cant, in fact an entire industry exists namely infosec to mislead you into this line of thinking, in much the same way the diet and weightloss industry exists to make you think its possible to stay slim and sexy for the rest of your life!
