Wipe and rotate hardware-backed keys rather than data:
reddit.com/r/GrapheneOS/c
Factory reset or profile deletion is the right way to prevent future access to data. Clearing app data or uninstalling works on a per-app basis if the app encrypts data with the keystore like Signal.
Conversation
Apps can make granular use of hardware-backed keys to provide reliable expiry of data, by rotating through keys and purging the ones for expired data. Apps can also keep most data at rest when the device is locked by setting keys to require an unlocked device and splitting data.
Replying to
Unfortunately, not aware of apps bothering to do either. Signal uses the hardware-backed keystore to encrypt the database but doesn't split it into what's needed when locked vs. unlocked so it can't set the property on the key. Haven't seen apps do key rotation for expiry either.
1
1
7
