I really like the convenience of using fingerprint unlock for lockscreen and password manager. I do however don’t like the thought of being forced to unlock both physically.
I use Android with GrapheneOS.
I have set up lockdown, but it takes some time to hold the power button and then click lockdown.
Any creative solutions?
Just don’t setup the biometrics. It’s convenient for you, but also anyone wanting to get in your phone. Just stick to passwords.
Since you’re on grapheneos you could always set up the 2 factor unlock when using biometrics. You would then unlock your phone using fingerprint and a pin. This way even if you’re forced to unlock the device they’d still need your secondary pin to unlock. The pin can be much shorter than your main password so its still fast to unlock.
wow I’ve been waiting for this feature on smartphones… feels like been waiting for centuries!
thank you for bringing this up!
Its built in in GOS. And duress pin as well. Best middleground for security, you can still use fingerprint for apps.
In stock android 15 it looks like this.
If you care about privacy, don’t use biometrics.
It is sad because it is less convenient, but that’s what’s up.
Yeah just don’t use biometrics.
Odds of me getting arrested or stopped and interrogated and involuntary made to unlock my phone are near zero, but I still use a pattern to unlock. IMO pattern is most secure, because it cant easily be described verbally like a pincode, and it gets harder to do the more confused I am, so smacking me round the head or isolation and sleep deprivation would not improve my chances of accidentally describing the pattern. Note that I’m not an activist, criminal, reporter or political adversary, and I live in a very safe and democratic country so the likelihood of these things happening is very slim, but I still put a big emphasis on opsec when it comes to my technology.
A French scientist en route to a conference in Texas was detained upon his arrival at the airport, his phone unlocked and the poor bloke was sent hone without his phone and his computer because apparently he had written bad things about the current president on social media…
always lockdown your phone when going through customs. Take backups of your electronics before going to hostile countries, or consider bringing an old phone as a burner.
patterns and pins can be watched over shoulder though.
I heard somewhere that authorities can’t ask you for a PIN but can ask you for a pattern because of the way the law is written.
I’d love for someone to confirm that though.
Oh they can ask, but in certain conditions, my memory gets really bad…
Graphene can do both at the same time: fingerprint+password/pin as the second factor. This won’t stop someone from holding you at gunpoint, but at least it would stop cops (in some cases)
It does? How do you set it up?
Under Fingerprint Unlock -> Second Factor Pin
And then the fingerprint scan fails 😵
As others have said, the most secure option is to not use biometrics.
However an app like private lock might be a decent compromise
Edit: I just noticed that private lock seems to not have a new release in a few years and should probably be considered orphaned. So I might recommend ParanoidsPal-PrivacyLock instead
Requirements - Device admin permission for locking screen.
Does this mean it requires root access (which brings additional security concerns) or just that a non-restricted user needs to set it up?
It doesn’t require root. Device admin is different.
I currently run this app on android 15 without root and it runs very well. However I just noticed that it seems to not have a new release in a few years and should probably be considered orphaned. So I might recommend ParanoidsPal-PrivacyLock instead.
I use Paranoid’s Pal, a similar app. It’s great. In addition to locking in response to motion, I have it set to automatically lock the phone a few minutes after the screen turns off.
automatically lock the phone a few minutes after the screen turns off
Isn’t the default behaviour of phones to lock as soon as the screen turns off?
You can set your phone to do that, of course, but I prefer not to have to unlock mine when I’ve just used it.
Im not an android dev but I think the difference here is it’s a secure lock. Which means that encryption is engaged and requires the decryption string to unlock which means that biometrics are not asked for.
Mine doesn’t.
This also seems nice. I’ll probably test this one as well. I like the lock after x amount of time feature. The pictures have max 15 minutes, so that might be too little, but maybe it’ll work
Great app, just installed it. The default amount of movement is perfect. Now it’s really easy to prevent being physically forced to unlock, and theft
Isn’t this basically the same as Android’s theft detection lock?
I am running stock Android and have no idea what that is. But this forces your phone to use your none biometrics unlock after it senses acceleration.
Well, you could use the wrong finger. After 3 attempts, my GrapheneOS install brings up the password field, but you can go back to the lock screen and try 2 more times until it locks out of fingerprint unlock (so 5 times total). You could always hold the power button down while it’s in your pocket or bag, pretending you are searching for the phone or something, and then lock it down as soon as you lift the screen up.
Thats kinda interesting. If I use an unusual finger, and there is a limited amount of tries. I still get somewhat the convenience of biometrics, but can still massively increase the odds of too many attempts.
That’s what I did when I had a fingerprint reader— I used a non-tip part of one of my fingers. So if “forced” I’d just work my way through my fingertips and it would lock out.
This had the benefit that if someone had already watched which finger I used in the past, the print still wouldn’t match.
Just… dont use biometrics for device unlock?? You can still use it for apps separate from device unlock
Of course I can do this, but that is a major inconvenience when I unlock my phone hundreds of times per day.
Welp. A small inconvenience is the price to pay if you want privacy from the authorities.
I keep telling friends and family to switch browsers, switch text messengers, even switch social networks and they just complain that it’s all just inconveniences. But then they complain about their privacy.
C’mon.
Carry a lighter to remove your fingerprints if captured?
I don’t get this thread… if you’re captured they can ask for anything
And in many circumstances you can choose/have a right not to answer.
I would imagine you also have the right not to act
Else… they can just force you to enter the code the same way as they can force you to put your finger on the screen… or force you to look at the screen
Teeth work too…
Damn they can unlock phones with toothprints??
How long does lockdown take for you?
It takes me less than 2 seconds (i checked).
