Apologies If I can’t list specific 3rd Android OS here. I know you can’t on some reddit privacy subs due to some beef between devs I guess. I’ll take down if needed :)
Regardless, Ive been running GOS for a while and just found out theres a feature that allows you to use biometrics while still requiring your pin on the initial lock screen. One of my concerns with biometrics is that in some jurisdictions, law enforcement can force someone to open their phone through face ID or thumb print.
I’ve been using this feature that allows you to use biometrics but when you are on the lock screen, it still requires your pin. I thought this was really cool because it allows me to use biometrics only to unlock my apps while still adding an extra layer of protection to the unlocking of the device itself. Obviously slightly Inconvenient depending on your worries/threat level, but I just wanted to share this in case anyone else was interested and didnt know about it! Very cool!
EDIT: I just re-read my screenshot and it looks like fingerprint unlock is not correlated to using fingerprint for app unlocking. If this is the case then I’m not quite sure what the actual benefits are here. Please feel free to clarify!
If you’re concerned about these kind of things, you might want to know about the GrapheneOS duress password. You set a second PIN, called duress PIN/password. If you’re ever forced to type a PIN, you can type this one instead of the real one. It will lock/wipe out the phone within a few seconds. There’s a few youtube videos showcasing this self-destruct mode.
There is also an aftermarket solution, if you are not on gos, three name is duress on droid.
If you still want the comfort to open your phone via biometrics plus disable biometrics in emergencies there is private lock (fdroid). It will engage when the phone is shaken, e.g. a thief grabs it from your hand while you are typing, or you shake so nobody can force you to open it by fingerprint. The device will be locked and biometrics disabled until you unlock it again. There is also a recently updated app on fdroid with the same features, but it was not as reliable for me so I went back to using private lock.
I use biometrics for unlock too. If you click “Lockdown” in the power menu or just hold down the power button until your phone restarts (it should vibrate, so you can even do this while it’s still in your pocket), it requires the PIN again in order to be able to unlock it.
Oh nice. Do you know if the lockdown option encrypts the phone?
From what I read, I believe on initial boot up, the phone is encrypted before first unlock but no longer after.
Yes, but that requires you to have it. If it’s been snatched out of your hand, it’s too late for that.
There is an app called Private Lock that will put the phone in lockdown if the accelerometer is triggered to a certain degree. It can work even when the screen is off.
Most Android versions have this now. Became popular as soon as SCOTUS ruled that police can compel you to unlock your device via biometrics. Enable it. If you think you may be arrested, simply restart your phone and now they need a court order to unlock your phone which means they have to convince a judge with probable cause.
Also put a pin code on your sim card so they can’t clone and use the sim card if you shut your phone off.
By if you have ESIM, the wipe deletes the Sim as well…
The police cannot clone SIM cards or hijack IMEI without a court order, and if they have a court order to do that, then it’s trivial for it to include orders to compel you to unlock your phone/SIM anyways. This doesn’t really protect you.
Oops forgot it
US specific and not sure for how much longer, but the courts have generally held that you can’t be forced to give up a password to a phone. It’s covered under the 5th (and 4th) amendments. That being said, most stock phones are vulnerable to cellubrite cracks.
It is not about police hijacking IMEI, my bank only provides 2FA with phone number, and the password can be reset using the OTP they send to my phone. I know the bank is terrible but where I live all banks do same thing. So if my phone ever gets stolen they can just remove the sim and put it in another phone and get access to the Bank account. Also did I mention you can also get username from OTP to your phone so, yeah I should probably not use any bank and go live in mountains. But SIM lock helps.
It is not about police hijacking IMEI
That’s the entire point of the OPs post that I replied to. So… Yes it is.
Thanks for sharing, this is indeed a great feature and makes GOS even stronger! Just enabled and love it!
For the home screen, I keep the regular PIN, so I have to type instead of using fingertips. But for apps that requires authentication (after you are already logged in), it’s really convenient use fingertips instead of the pin for convenience.
Nice! One commenter did point point some important context though. I recommend reading the “EDIT” at the bottom of my post plus a comment from someone named @ashaman2007 or something like that. Just to make sure you get the full context of how this actually works! I wasn’t fully aware when first posting.
deleted by creator
GOS has a duress pin feature fyi.
deleted by creator
If you’re worried about paying $500, I got my 6a for $200 from Best Buy (I checked beforehand to make sure it would be unlockable)
deleted by creator
It was refurbished lol
There’s an old app on FDroid called AdminControl that let’s you set this up on other ROMs. Basically just disables biometrics for lock screen.
It doesn’t look like this has been updated for 6 years. Does it still work on Android 14/15, or is there another newer app that does this?
Can confirm it works on Android 15.
Thanks!
Been using it for a while and it’s great.
Next up: auto wipe device after x days of no authentication.
At that point use the duress password with the police
Using the duress password could potentially be charged as destruction of evidence. If you can refuse to enter a password long enough for it to auto wipe before a judge orders you to unlock it you could avoid the danger of legal consequences. No destruction of evidence and no contempt of court.
Thanks for clarifying, I hate the fact even deepseek does not reply with facts like this.
Anyway when do they start breaking your kneecaps for refusing?
Ha, I found this the other day and thought it was neat… And turned it off after 30 minutes.
FYI, for folks currently using a normal PIN and looking to use this, it’s intended that the 2nd factor PIN at least be different than the main unlock PIN. Otherwise you can just swipe up to dismiss the fingerprint prompt and get to the main PIN prompt; if its the same as your 2nd factor, that’s pointless.
I was told on the Graphene matrix channel that the most secure configuration for this is:
Main unlock method: 6 word diceware password
Secondary unlock method: biometric + 6 character 2nd factor PIN
Be aware that if you use this config that you will be prompted for the main unlock method (long password) at reboot, and also every 48 hours.
Thanks for sharing! This also kind of clears up my confusion that I mentioned I’m the EDIT at the end of my post. I was wondering what the real benefit to this is but it seems like a password as the main with the pin and bio as the secondary seems to provide:
-
Main unlock: More. Secure with password?
-
Secondary unlock: “quicker” but also secure due to the pin with the bio.
Is this more or else the right idea?
-
I need to use pattern after restart. I can restart my phone pretty quickly if needed.
I am wondering why GrapheneOS don’t implement biometric BUT only with 2FA , for example: use finger and then a Android ask for specific password/pin to unlock device, this would let people use biometric with pass and don’t worry about forcing by law enforcment or other
That’s exactly what the Second Factor PIN is. You have to use both a fingerprint plus a pin to unlock the phone. That feature only recently came out, in the past month or two.
Yooo ive been wanting this for years. They should totally bring back pattern unlock for this.
So I’m still on stock android on a pixel and there is no option for just pin? Maybe I have to remove fingerprint from the phone first but there is basically a serious backdoor built in. How many people will be able to turn there phone off under duress?
