That sounds like a good idea in theory, but how does it work in practice? Asking as someone who's never tried it.

For example, most of what I do on my phone is saved to the cloud. That's why I can mostly migrate from one device to another without actually directly copying anything over. Contacts, photos (if you pay for e.g. Google One), user contents of virtually all apps, etc. Last time I did it, I actually moved over the call log, SMS history and maybe that's it? Can't remember.

So what benefit is there to using an alternate phone if you sign in to the same accounts? And if you don't sign in to the same accounts, then your alternate phone is more than just for travel. You're using it (or accounts associated with it) to plan your travel, for example. You've now got to have two parallel 'digital identities' continuously in use, which gets complicated fast.

My strategy for dealing with this is not to worry about it, but to only travel to countries where I don't have to worry about it. I'm not a journalist, a politician or an activist, so the list is quite large. The countries where I could get in trouble, I won't travel to anyway (because I don't want to be arrested for being a member of a cultural organization they deem 'extremist').

It might be a huge drop in usability but a solution might be only logging into services via browser and never logging in via apps or system accounts (not even logging in with your brower sync feature).

This way once you have purged your browsing history/cookies your device doesn't have access to your accounts (even if likely it will still remember quite a few personal informations).

>So what benefit is there to using an alternate phone if you sign in to the same accounts?

It depends on whether you need all the "same accounts" when you travel, and what specifically your threat profile for "travel" is specifically in time and geography. I suspect in many cases, the threats vary tremendously, with the most sophisticated dragnet ones existing primarily at specific times/places like airports or borders. In fact those usually explicitly have unique legal regimes associated with them, all nation-states have strong interest in their ability to filter what enters/leaves. But once someone is past that, they often have protections that are much stronger both as a legal matter and a purely practical one that it's still hard/impossible for authorities to apply the same kind of tools and scrutiny they do at chokepoints. The threat for most would shift to common criminal activity which is different to defend against.

So in my case, for the specific act of traveling the only accounts I really need are ones that frankly have zero particularly privacy vs government actors. I'll have my accounts for the specific modes of travel (airline, taxi/car rental, maybe train) all of which are covering data that is shared as a matter of course (air travel is massively regulated and involves a lot of security concerns, I'm going through government control points and checks for international travel regardless). I'll probably have some stuff that falls under the category of "financial", ie., a couple of credit cards, but the financial industry is also heavily regulated. A dedicated travel email for a few hours is easy. I might load up a few ebooks to read, but there's plenty of completely innocuous stuff I'm interested there. I can read plenty on the web without being logged in. And that's about it, and even that is "luxurious", it's still perfectly possible to travel for a few hours with no digital devices on at all.

So the most risky parts become easier to get through with "nothing to hide", and then you can pull up a secure channel back to your own systems (or cloud you trust more) on arrival from memory. From there you can restore what is needed for local use, or run purely online. In some cases one could even do an offline "ship themselves an encrypted drive" separately. No need for anything in parallel. This also has the advantage of simply less worry about having a device lost/stolen/confiscated, reducing such an event to purely a matter of money which can be insured against.

Obviously the logic has to change if someone, specifically, is a Person Of Interest to a state-actor. But generalized dragnets and just bad luck (some border guard thinks a random person is "acting suspiciously") are a bigger chance of hassle for most people and being able to react with that to reduce stress, time and cost for low effort is useful to at least consider.

Granted it could be even easier on handhelds (for regular systems there are a lot of powerful tools one can use or whip up themselves already), and I'd love to see Apple and Google explore the concept of profiles that can automatically switch what apps & data are fully encrypted/on-device or not depending on user defined criteria.

>> If you are in an environment in which someone else can physically access your device (like an airport), don't bring it with you.

Agreed.

After going to a few infosec conferences and getting flagged on way home, I started doing this now whenever I travel, no exceptions. Full disclosure: I'm a web developer. I have little if any connections to known hackers or highly public Blue Team members; so I'm still not sure why I got flagged, detained and all my electronic devices (smartphone, laptops, storage devices) seized and searched.

I now use an old windows Lumia 950. No fingerprint sensor, fake email accounts set up for the outlook app and I use a vpn with the mobile IE version on the phone to access web mail accounts. Still get texts ok, but if I need to save something, I just log into my email, copy/paste then delete the texts before I get to the airport.

If I'm stopped now, I can be totally compliant and still have somewhat peace of mind they won't have anything worthwhile.

Since Windows has long since killed off its smartphones, they are easy to get a hold of on ebay and elsewhere. The other nice thing is I'm not sure Microsoft is even tracking users data on these phones anymore so you might have a nice advantage that way too.

Not 100% the best solution, but better than most.