When I prepare for travel, I take some steps to make sure that my protected data will not be read or otherwise mishandled by customs. I then follow-up with rigorous steps to ensure that my information and devices maintain their integrity and that I can trust them with the same degree that I did before travel. (For cell phones, basically not at all.) This article covers the broad strokes, and I will write a detailed guide sometime in the near future.
Before Travel: I backup and wipe my devices, reinstall the OS, and install only the apps necessary for travel.
Backing Up: Contacts, App Data, Photos, Audio, Video
This is done by connecting the phone to my PC, and creating a VeraCrypt container of the appropriate size. I then move all of the data from my phone to the PC.
Wipe: Reinstall OS and Overwrite All Free Space with Garbage Data
You can use the “system restore” or “factory reset” feature on a lot of phones in order to roll back all of your apps, settings, and caches to the factory defaults. If you’ve installed a privacy build of Android like LineageOS, you can wipe the device with something like TWRP and reinstall the OS itself for the highest level of assurance.
You then want to overwrite all of the free space on the device with garbage data. This is to prevent files from being recovered from flash memory. When you delete data off of your Android phone, the file is deleted from the index, but the file itself still exists until it is overwritten by new data. Once you fill the phone with garbage data, it is safe to delete it all and use the free space normally.
Do be aware that some files will still remain after this process due to wear-leveling. It is extremely hard to verify that any flash-based storage is truly fully erased because of this. Expect that some phone files remain no matter what you do. This is less of a concern if you’ve enabled full-disk encryption in Android, because the data will be encrypted and the keys to that encryption will be thrown away when you reinstall the OS and set up a new instance of full disk encryption.
Restore: Enable Full-Disk Encryption, Only Restore Data and Install Apps Relevant to the Trip
The first thing I do is enable full disk encryption, this makes the device much harder to tamper with or otherwise read. I restore my contacts, install Lyft, install Signal Messenger, install Firefox Mobile, and reset two factor authentication for the relevant devices.
I then place a VeraCrypt container on the phone that contains the information needed to restore the device if it is wiped again. Things like passwords, QR codes for 2fa activation, contacts, etc. This same data is cloned to the notebook PC that I bring along. This makes it so the devices can be wiped while I am traveling.
If I lose sight of my phone for a long period or suspect tampering, this whole process is repeated when I arrive at the hotel.
Once you have a routine created for this whole process, it takes about 30 minutes to do before your trip. (plus wait times when you enable FDE or copy garbage data, actual time can be a couple of hours if you include waiting.)
This process is the best that you can do for an Android device currently. You can never fully trust cellular phones because of all of the issues with untrusted modems and hardware, but it significantly improves your defense against data theft and device tampering.