Apologies If I can’t list specific 3rd Android OS here. I know you can’t on some reddit privacy subs due to some beef between devs I guess. I’ll take down if needed :)
Regardless, Ive been running GOS for a while and just found out theres a feature that allows you to use biometrics while still requiring your pin on the initial lock screen. One of my concerns with biometrics is that in some jurisdictions, law enforcement can force someone to open their phone through face ID or thumb print.
I’ve been using this feature that allows you to use biometrics but when you are on the lock screen, it still requires your pin. I thought this was really cool because it allows me to use biometrics only to unlock my apps while still adding an extra layer of protection to the unlocking of the device itself. Obviously slightly Inconvenient depending on your worries/threat level, but I just wanted to share this in case anyone else was interested and didnt know about it! Very cool!
EDIT: I just re-read my screenshot and it looks like fingerprint unlock is not correlated to using fingerprint for app unlocking. If this is the case then I’m not quite sure what the actual benefits are here. Please feel free to clarify!
There’s an old app on FDroid called AdminControl that let’s you set this up on other ROMs. Basically just disables biometrics for lock screen.
Thanks for sharing, this is indeed a great feature and makes GOS even stronger! Just enabled and love it!
For the home screen, I keep the regular PIN, so I have to type instead of using fingertips. But for apps that requires authentication (after you are already logged in), it’s really convenient use fingertips instead of the pin for convenience.
Nice! One commenter did point point some important context though. I recommend reading the “EDIT” at the bottom of my post plus a comment from someone named @ashaman2007 or something like that. Just to make sure you get the full context of how this actually works! I wasn’t fully aware when first posting.
I use biometrics for unlock too. If you click “Lockdown” in the power menu or just hold down the power button until your phone restarts (it should vibrate, so you can even do this while it’s still in your pocket), it requires the PIN again in order to be able to unlock it.
Oh nice. Do you know if the lockdown option encrypts the phone?
From what I read, I believe on initial boot up, the phone is encrypted before first unlock but no longer after.
Its always encrypted, just that the keys are in RAM when it runs.
In case of graphene though you can have a distress pin that wipes the encryption keys, making the phones content irrecoverable.
I was reading somewhere Android is not encrypting the storage whit lockdown, only biometrics are disabled.
Yes, but that requires you to have it. If it’s been snatched out of your hand, it’s too late for that.
Nice! That’s pretty cool, and law enforcement is a reason I stopped using my fingerprint to unlock my phone. Having an extra layer of security, even if just a technicality in the case of being forced to use my print, is nice.
Same here. Although I have no real reason with my threat level. But I could see how it could be relevant for some people. I also liked the idea because regular people could potentially use your thumb print when sleeping or something so this stops that Initial unlock.
Can’t confirm it, but I remember reading that it also has a “duress” PIN that you can use if being forced to unlock, that erases the entire phone.
FYI, for folks currently using a normal PIN and looking to use this, it’s intended that the 2nd factor PIN at least be different than the main unlock PIN. Otherwise you can just swipe up to dismiss the fingerprint prompt and get to the main PIN prompt; if its the same as your 2nd factor, that’s pointless.
I was told on the Graphene matrix channel that the most secure configuration for this is:
Main unlock method: 6 character diceware password
Secondary unlock method: biometric + 6 character 2nd factor PIN
Be aware that if you use this config that you will be prompted for the main unlock method (long password) at reboot, and also every 48 hours.
Thanks for sharing! This also kind of clears up my confusion that I mentioned I’m the EDIT at the end of my post. I was wondering what the real benefit to this is but it seems like a password as the main with the pin and bio as the secondary seems to provide:
-
Main unlock: More. Secure with password?
-
Secondary unlock: “quicker” but also secure due to the pin with the bio.
Is this more or else the right idea?
-
Related:
Download Wasted (https://f-droid.org/en/packages/me.lucky.wasted/) - You can set your phone to auto-wipe after X amount of time without being unlocked, and also various other triggers for wipe, like creating a fake “Signal” or “Telegram” icons on your homescreen that would trigger a wipe if tapped, or a fake “Airplane mode” tile that would trigger a wipe. Very useful stuff. (Might wanna learn the laws in your jurisdiction tho, could get you in trouble.
There’s also Duress (https://f-droid.org/en/packages/me.lucky.duress/) which doesn’t work on my Samsung, but it worked on a Motorola that I once has. It sets up either a fake pin (aka: duress pin), and the duress pin can also be to just enter X characters, where X is at least 2 chracters more than your real password (example: if your pin is “2025”, all you have to say is any string of 6 characters or more like “123456” and the wipe will happen, very useful since you probably won’t remember a specific duress pin under stress)
GOS has a duress pin feature fyi.
Oh wow, I’m getting more jealous 😅
I’m still hanging on my Samsung A-series phone because of the microsd card slot (and also don’t feel like spending $500 for a phone at the moment)
If you’re worried about paying $500, I got my 6a for $200 from Best Buy (I checked beforehand to make sure it would be unlockable)
6a has like 2 years of support left
$200 / 2 Years = $100 per year
8a is $500, theres more than 6 years of support left
$500 / 6 Years = $83.33 per year
Math doesn’t work out lol. Besides, where do you even get one for $200 lol, unlocked ones are $299
It was refurbished lol
Ha, I found this the other day and thought it was neat… And turned it off after 30 minutes.
Was confused by title but this seems awesome. Wish I could run this
Sorry. Tried to make the title short and concise. Maybe wasn’t very clear. Lol
No apologies! Not complaining :)
I need to use pattern after restart. I can restart my phone pretty quickly if needed.
Even with this, biometrics could be construed as proof that it is your phone, whereas just a password or pin still has some degree of deniability
That’s only if you’re going for true “burner” levels of security
True. I didn’t really consider the connection and more of the security side. I’m sure it differs but do you know if proof of ownership make a difference if they catch you with it in possession in the first place?
IANAL, but if used as a burner phone with nothing identifiable on the device itself, you could probably claim you found it on the ground somewhere. You wont get the phone back most likely but that might be better than the alternative
Makes sense. Also wasn’t aware of “IANAL” and was hesitant to google but got it. Thanks lol
This guy anals.
