- cross-posted to:
- [email protected]
- android
- cross-posted to:
- [email protected]
- android
In-display fingerprint sensors have become commonplace in virtually all Android smartphones, for better or for worse, and five years later…
In-display fingerprint sensors have become commonplace in virtually all Android smartphones, for better or for worse, and five years later…
Never use biometrics on devices, security/privacy risk
So is typing in your passphrase while out in public around cameras. Might as well just not use the phone.
Just familiarize yourself with your phone’s lockdown mode so it’s muscle memory.
If you don’t succeed in lockdown before seizure, or aren’t conscious, your biometrics can be used without your consent.
Taking reasonable steps to improve your security doesn’t mean all efforts are all or nothing
For my threat profile, state actors compelling biometrics from my EDC phone is pretty low on my list of concerns. That shit is intentionally sterile because I know they will just push me a compromised “security update” if they want in.
And in any case, I’d still rather be able to fight the collection in public, vs being compromised by anyone who paid the janitor $20 to plug a USB drive into my phone.
Sure, as conversation, i’ve heard of thieves face unlocking phones they just stole.
Indeed running as sterile an every day phone as possible is another great security approach by reducing risk.
Yeah I don’t really care what a thief does with my phone after they brain me. It’s the skull damage which concerns me. My google account is locked down with a hardware key so there’s only so much damage they can do before I wipe the device. Unless I’m dead, in which case I guess it doesn’t matter. Also my wife knows how to handle this situation. I would strongly suggest investing in posthumous spouse security as early as possible.
Your last sentence is great.
Regarding the prior stuff, that’s very “you specific”. There’s of course tons of caveats or gotchas to my broad statement, but it doesn’t make it untrue.
Biometrics present a less secure access path to a device…
My point is that they are separable threat profiles. If you are more concerned about your sketchy tinder date grabbing your lock screen password, biometrics are great. What I would love is a quick settings toggle for biometrics.
Now we’re talking
Jokes on them, my phones stupid fingerprint reader only works about 3% of the time. They’ll get frustrated and give up before finding anything, I know I usually do.
Phones are surprisingly hard to get into these days under normal conditions. Used to be able to ask a lost phone to call mom to find the owner. Now the voice profile doesn’t match.