I have old 32 bit apps for some of my hardware cameras / other devices that attach to Android Phones, that will not be backed up with all their settings, and that worries me as even though I've extracted their APKs for preserve, each install requires reaching out to a server for first activation and one day there won't be a response when the companies that made those hardware cameras end support - and I won't be able to do that first activation which is all they need.
A Full image theoretically would make this a non-factor- but the built in Backup method for Android doesn't do this. This would be the same if had the Apple variant of these cameras.
And while things like TWRP exist which could attempt it fully- that involves unlocking the bootloader which is what one does not want when there is a chance of a casual forensic search.
Question: With this method, what would you do if , in a few months, Microsoft flags the account and asks you to verify with a text SMS? (I'm aware if one sets up TOTP hopefully they wouldn't do this, but one never knows) - can you reactivate the SIM smoothly?
I think your parent comment is saying MS flags the account as questionable and asks you to confirm your current phone number (the one you already used a burner for).
Having TOTP enabled should ward off the "suspicious login" prompts that ask for your phone number. If they still want your phone number for whatever reason, you'll have no choice but to buy another burner phone, but there's no reason they wouldn't accept a new phone number. You did remove that phone number from your account, after all (people change their phone numbers all the time).
I have for the past couple of weeks, tried making microsoft accounts , where I set up 2FA with TOTP, set up an alternate email, even pulled the account recovery code from the security section.
One was banned after a week, the other one hasn't been banned yet, but was made a little bit later than the first one's creation- so it might just be a matter of time.
Neither one has a phone number, but I did notice i was in a different location when the first one got banned, so I suspect if you play on a laptop or mobile device and the IP does not match up, you're considered gone by the system. If it's not a auto-timer as it seems to somewhat be.
This was on Windows in both instances.
The difficulty here is , if it does flag it- how would you recover it without giving them a phone number, since you couldn't access something allowing you to migrate to a different microsoft account at that stage.
Microsoft account supports TOTP. You don't need to use Microsoft's authenticator app, you can use any that supports TOTP. Google Authenticator is unlikely to send your phone number to Microsoft.
Indeed, but some of my test accounts setup using TOTP still have been hit by the phone number prompt, where this poster didn't- so they might treat their own authenticator higher. (And if they do, i have to wonder if it means it sends more data back than others do)
https://www.schneier.com/blog/archives/2025/04/cell-phone-op...
Adding context on the image thing-
I have old 32 bit apps for some of my hardware cameras / other devices that attach to Android Phones, that will not be backed up with all their settings, and that worries me as even though I've extracted their APKs for preserve, each install requires reaching out to a server for first activation and one day there won't be a response when the companies that made those hardware cameras end support - and I won't be able to do that first activation which is all they need.
A Full image theoretically would make this a non-factor- but the built in Backup method for Android doesn't do this. This would be the same if had the Apple variant of these cameras. And while things like TWRP exist which could attempt it fully- that involves unlocking the bootloader which is what one does not want when there is a chance of a casual forensic search.