Your phone is the most detailed record of your life you will ever carry. It holds where you go, who you talk to, what you read, and what you buy. So when people ask what police can find on a phone, the honest answer has two parts: what the law lets them access, and what the technology can actually pull out once they have it. Those are different questions, and confusing them leads people to make bad decisions during an encounter.

Before any of the technology matters, police generally need lawful access. Under the Fourth Amendment, the contents of a cell phone are strongly protected. In Riley v. California (2014), the Supreme Court held unanimously that police may not search the data on a phone without a warrant, even when they seize the phone during an arrest. The Court recognized that modern phones hold the "privacies of life," so the usual search incident to arrest rule does not let officers scroll through your device.

That means in most situations, one of three things has to happen before police lawfully access your data: a judge signs a search warrant based on probable cause, you give a voluntary consent search, or a recognized emergency applies under exigent circumstances (for example, a credible belief that someone's life is in immediate danger). Police can still physically seize and hold the phone with probable cause that it contains evidence, but seizing the device and searching its contents are two separate steps.

What a warrant can unlock

Once police have lawful access and your passcode or a way around it, the amount of data available is far larger than what you see tapping around the home screen. Investigators rarely browse a phone by hand. They connect it to forensic extraction tools, and those tools build a complete copy of the device. Commonly recoverable categories include:

  • Messages and call logs: texts, iMessages, call history, and often content from apps like WhatsApp, Signal, Telegram, and Messenger once the phone is unlocked. End-to-end encryption protects messages in transit, but the decrypted copy sits on the unlocked device.
  • Photos and videos: your camera roll, screenshots, and the hidden metadata attached to each file, including the date, time, and GPS coordinates where it was taken.
  • Location history: stored map searches, saved places, geotags, and the location timelines some phones and apps keep in the background.
  • App data: dating apps, banking apps, ride-share history, social media drafts, notes, browser history, and saved passwords.
  • Deleted content: deleted texts, photos, and app data are frequently recoverable, because "delete" usually just marks space as reusable rather than wiping it immediately.
  • Cloud-linked data: a logged-in phone is a doorway to your iCloud or Google account, including backups, synced photos, and email. Police often pursue the cloud account separately with its own warrant served on Apple or Google.

Cellebrite, GrayKey, and the reality of extraction

The tools you may have heard about, like Cellebrite and GrayKey, are built specifically to extract and organize all of this into a searchable report. They can recover deleted items, reconstruct timelines, and surface data buried in app databases that a normal user can never see. Their success depends heavily on the phone model, the operating system version, and how the phone is secured. A current, fully updated, powered-off iPhone with a strong passcode is genuinely hard to crack. An older phone, or one that is already unlocked, is comparatively easy. This is a fast-moving cat-and-mouse race between phone makers and forensic vendors, so capabilities change constantly.

Can they make you unlock it?

This is where the Fifth Amendment matters. Most courts hold that forcing you to reveal a memorized passcode is compelled self-incrimination, because it forces you to disclose the contents of your mind. Biometrics are murkier. Several courts have ruled that police can compel a fingerprint or face scan to unlock a phone, treating it more like a physical key than testimony, while other courts disagree. The law genuinely varies by jurisdiction and is still unsettled. As a practical matter, a passcode currently gives stronger legal protection than Face ID or a fingerprint. You can also disable biometrics quickly on most phones (on an iPhone, holding the side and a volume button forces a passcode on the next unlock).

What to actually do

If an officer asks to "take a quick look" at your phone, you can decline. You are allowed to say, calmly: "I don't consent to a search of my phone." Do not unlock it for them, do not type in your passcode, and do not delete anything once you suspect it may be evidence, since destroying evidence can itself be a crime. If they seize the phone, ask whether you are free to go and ask for a property receipt. You can power the phone off, which on most devices forces a passcode (not biometrics) at the next startup and makes extraction harder.

This article is general legal information, not legal advice. Phone-search law, especially around biometrics and cloud data, varies by state and federal circuit and is changing quickly. For your specific situation, talk to a criminal defense or civil rights attorney licensed in your state.

The bottom line

What police can find on your phone is almost everything, including deleted and cloud data, once they have it unlocked. What they can lawfully access is much narrower, normally requiring a warrant, your consent, or a true emergency. The single most important thing you control is consent. You do not have to hand over your phone or your passcode, and politely refusing is not a crime.