#grapheneos help me out...
I set up a new user profile with a new PIN. I was thinking this could work better than using the duress PIN, because I'd prefer a decoy to a total wipe, and because state thugs can say you're obstructing something if you do a wipe.
The problem is, I don't see a way to simply input the alternate PIN and load into the other profile seemlessly. It wants me to end the session to go back to owner profile, at which point the only way back to the decoy is to unlock the device and re-enable it. This wouldn't even work very well if I actually had multiple users on this device. I want to have one unlock screen, which loads different profiles if I enter different PINs, with no indication that its doing anything differently.
Is there a way?
Yeah I just made a note asking for that specifically. I'll link to it here. Decoy definitely would be better than brick.
nostr:nevent1qqs0luf7up8v846f4vkyugqy2dn8t0f25x9ljsz5g0nek63qcz7nzfcpzpmhxue69uhkummnw3ezumt0d5hsygz474emv5007dgak4asvqwjxq3d33fjlxp9mvg22ue7huumuj4zrvpsgqqqqqqsl2y6jk
I wish this was possible as well, have yet to find a way
#asknostr nostr:nprofile1qqsvzkj6vkvxu745zdx7uw4c2f2d5hzafvzw0z60zmyzsdce9564rpgpzdmhxue69uhhqatjwpkx2urpvuhx2ue0mkqagk
nostr:nevent1qqs0luf7up8v846f4vkyugqy2dn8t0f25x9ljsz5g0nek63qcz7nzfcpzamhxue69uhky6t5vdhkjmn9wgh8xmmrd9skctczyp2l2uak28hlx5wm27cxq8frqgkcc5e0nqjaky99wvlt7wd7f23pkqcyqqqqqqgzjdpg3
This would be very nice, indeed.
That's an amazing idea, I use 4 profiles, and would love to make two of them invisible. I 100p make use of this.
Even if it only applied to guest profiles. You still unlock the owner profile, which could be the decoy, and have a single sub profile login page, that would not disclose how many (if any) sub profiles existed.
Did you already check out the new profilmspaces in Android 15? Not exactly what you describ. But it is like a hidden user profile with its own space. But it is accessible within the main user account.
We don't have this feature as a priority because it would be detectable with forensic analysis. People would just trust the feature too much thinking its existence would be hidden when it would only trick a bystander. GrapheneOS is well known, they'd just treat any device installed as likely to have a hidden profile.
We suggest keeping things in a separate profile and deleting it when things get heated. No data is worth keeping if you're being targeted over it. If you were someone like a whistleblower you'd ideally provide copies to others or make encrypted backups to a trusted cloud they aren't aware of should the device be taken.
Okay, makes sense. Thanks
Yes, I am aware Cellebrite specifically publishes their ability to (or lack theorof really) to access GrapheneOS devices, which is a bit of a unique honour.
A different set of security practices is required for sophisticated adverseries. For instance a duress pin that immediately restarts the device and disables the USB port or resets the secure element.
I had this more in mind as a defense against unsophisticated physical threat actors, the proverbial $5 wrench attacks, thugs, unsophisticated or informal law enforcement etc.
GrapheneOS has a duress password that erases the phone instantly and wipes secure element when triggered, the USB controls feature can disable data lines or the port entirely in hardware when booted to the OS and can be configured separately to it.
Oddbean new post about login | logout