[ebeip90]

This is garbage tamper detection.

Take a Dremel to the phone to scratch it random and custom. Laser etch a QR code if you want, maybe a GPG signature.

Freeze the phone in a 5-gallon bucket.

FedEx overnight early AM international delivery.

Full LTE GPS tracker on the package with minute-by-minute updates.

Ensure customer tests melted water for co2 content (it will fizz) and nitrogen content (will probably also fizz) in case somebody was clever and dropped LNOX or dry ice to re-freeze.

Retrieve phone that was tampered at the factory ahead of time, despite best efforts.

[Brian_K_White]

None of this prevents or exposes tampering except possibly a picture of the random air bubbles in the ice, which only provides exactly the same protection as the glitter and by the same mechanism. Everything else is just a lot of silly theater.

[mgdlbp]

I think the idea is that the shipping time will be too short to allow freezing the tampered-with phone into a new block of ice of such size, and the scratches prevent it from being substituted by a pre-frozen replacement.

Might be countered by supercooled water if the crystallization can be made to look natural.

[ebeip90]

^ This

Supercooled water was something I thought of later, but I didn't think about the presence / lack of bubbles from normal freezing.

[pdpi]

That sort of all-or-nothing threat model isn't particularly useful.

You can never hope for perfect unassailable security. The best you can do is make attacks too expensive/complex for the attackers you're concerned about. From that point of view, glitter varnish produces exceedingly good results for minimal costs.

[ebeip90]

Tired: Here's the exact way to duplicate and bypass our tamper detection.

Wired: Make the tamper detection not duplicatable.

[goodpoint]

Good security is always about tradeoffs, never pie-in-the-sky solutions.

With all the effort you require it's almost easier to collect your phone personally at the OEM.