It's Not Your Photos You Should Worry About
A pre-travel audit guide. The data categories most professionals overlook — contacts, cloud caches, email databases, notes, location artifacts — and what to do about each.
When people think about sensitive content on their phones, they think about photos. Photos are obvious — they are visible, personal, sometimes intimate, and a compromised camera roll can be genuinely damaging. The instinct to think about photo exposure is not wrong.
But for most professionals, frequent travelers, and people who use their phone as a primary work device, photos are not the highest-risk content. The data that gets people into the most serious trouble — that has the potential to expose sources, violate professional privilege, compromise clients, or create professional and legal consequences — is usually quieter and less visible than a photo library.
This part of the series is an audit guide. What is actually on your phone, how exposed is it at a border crossing, and what do you need to think about before you travel?
The data categories that matter most
Communications and source identities
For journalists, lawyers, therapists, accountants, and anyone else with professional confidentiality obligations, the highest-risk content on a phone is contact information and communication history. Not necessarily the content of individual messages, but the social graph: who you communicate with, how often, through which channels.
CBP's documented practice includes copying contacts, call logs, and messages. A contact list is a map of relationships. A call log is a map of frequency and recency. Together, they can reveal sources, clients, patients, and confidential relationships that their owners have every reason to protect.
Signal, WhatsApp, and encrypted messaging apps offer better protection than SMS or iMessage in some respects — but only if the messages are not sitting in an accessible, unlocked database on the device at the crossing. An unlocked phone with Signal open is not protected by Signal's encryption at the border; the encryption protects the transmission, not the local storage against physical access.
Documents and professional files
PDFs, contracts, pitch decks, legal briefs, financial models, research data — these are often present on a device through cloud storage apps that the traveler did not consciously decide to carry. Dropbox, Google Drive, iCloud Drive, and OneDrive all offer offline access features that download selected or recently accessed files to the local device storage. If those apps are installed, logged in, and have offline sync enabled, files from those accounts may be on the device even when there is no network connection.
The practical audit question: open each cloud storage app and check what is actually stored locally on the device, not just what exists in the account.
Email and cached data
Email is a comprehensive record of your professional and personal life. Most email apps cache recent messages locally for offline access — this is a feature, and it is also a liability at a border. The size of the local cache varies by app and settings. For many users, their phone contains months or years of email stored in a locally accessible database.
Reducing your email app's local cache before travel is a concrete, meaningful step. Most major email clients allow you to limit how much mail is stored offline. Configuring this a few days before departure — not at the airport — limits what is physically on the device when you cross.
Notes
The Notes app, and similar note-taking tools, are where many people store their most sensitive material: passwords, account numbers, addresses, health information, financial figures, personal thoughts. Notes sync to iCloud by default. Depending on iCloud settings, years of notes may be locally accessible on the device.
A Notes audit before travel is worth doing. Not because every note needs to be deleted, but because most people have more sensitive content in Notes than they consciously remember putting there. (For the specific risk of storing seed phrases in Notes, see our longer post on seed phrase storage.)
App data and cached information
Banking apps, medical apps, legal research platforms, CRM tools, and HR platforms often store locally cached data that forensic tools may be able to read even when the app is closed or requires authentication to open. Forensic extraction may bypass an app's visible login screen by reading local databases directly, unless the app protects its local data with strong device-bound encryption. The app's visible login screen does not necessarily indicate that no local data is accessible to a sufficiently capable extraction tool.
The practical approach is not to audit the internal structure of every app — that is impractical for most people — but to remove apps from your device before travel that you will not need during the trip and that contain sensitive data. An app that is not installed cannot expose its cached data.
Location history
Photos with EXIF data contain GPS coordinates. Maps searches are cached. Ride-share apps may retain trip history locally. Location artifacts in iOS system logs can reconstruct movement patterns. For travelers visiting sensitive locations — meeting sources, attending sensitive events, visiting medical facilities — location data can be as revealing as the explicit content it is associated with.
Reviewing location-relevant settings before travel — particularly EXIF metadata in photos and the location history settings in maps and ride-share apps — is a step most security guides mention and most travelers skip.
The cloud sync exposure in detail
CBP's policy limits officers to reviewing data stored on the device, and instructs them to disable network connectivity before searching. This means the policy does not contemplate accessing cloud-only data through the network during a search.
But the distinction between "on the device" and "cloud-only" is significantly blurred in practice. Princeton's guidance for international travelers makes this point clearly: a phone logged into iCloud, Google, or another cloud service may have extensive locally cached content that is technically on the device even though it is conceptually "in the cloud."
The most significant cloud sync exposure at a border crossing is not that an officer will pull your files from a remote server. It is that your phone already has those files stored locally through automatic sync, and you may not know what is there.
A practical audit before travel should include:
Opening iCloud settings and reviewing what is synced and whether iCloud Photos stores the full library locally or only optimized previews. Checking Google Photos and reviewing whether offline copies are enabled. Opening cloud storage apps (Dropbox, Drive, OneDrive) and checking what is explicitly marked for offline access. Reviewing whether password manager apps store their database locally and whether that database is protected by hardware-backed encryption or only a software master password.
What forensic examination actually looks for
The CBP RFI reported by WIRED in July 2025 described the agency seeking tools capable of analyzing "text messages, pictures, videos, contacts, encrypted-app chats, hidden language in texts, specific objects in videos, and patterns in large datasets." This is not a search for contraband in the conventional sense — it is a comprehensive analytical capability.
Earlier CBP documentation confirms that basic and advanced searches have included copying contacts, call logs, messages, and photos to a searchable government database. Data retained in CBP's Automated Targeting System has a fifteen-year retention period.
The practical implication is that what an officer examines at the border may not stay at the border. A copy may be retained. It may be searchable. It may be shared with other agencies. The encounter at the checkpoint is the beginning of the data's life in government systems, not the end of it.
The pre-travel audit in practice
The audit is not about achieving perfection — a phone you can use for work and life will always have some data worth protecting. The goal is to know what is there, make deliberate choices about what to carry, and reduce unintentional exposure from cloud sync and app caches.
A useful frame: for each category of sensitive data on your phone, ask whether you need it during the trip. If you need it, consider whether it can live in a vault rather than in unprotected app storage. If you do not need it, consider whether it can be temporarily removed — by signing out, clearing the cache, or deleting and reinstalling the app — before you cross.
For content you need access to but want genuinely protected, the vault approach covered in Part 3 is worth implementing before this audit, not after. The audit tells you what needs protection. The vault provides the protection. The combination is what makes the crossing genuinely safer.
Previously: Part 4 — "Unlock your phone." What do you do?
Next: Part 6 — Don't forget the return trip. Re-entry risk, what happens when a device is seized, and how to handle a potentially compromised phone.