There are some downsides to biometric authentication. I do think for certain situations (like a public setting) it's a better option than a PIN. Paying attention to your surroundings leaves too much up to chance, IMO. With biometric authentication, you can avoid the shoulder surfing issue. There's also security cameras that could be above you watching and depending on how crowded a place is, you likely won't be able to notice everyone. At the end of the day, it comes down to your threat model. If there's a greater chance of you being mugged and forced to use your fingerprint, then a PIN would be the ideal choice.

@@sideofburritos - All great points. I suspect my threat model differs from the norm. I never go to bars, I don't live in a big city, I'm seldom out in public at places like concerts, restaurants or sporting events. I avoid crowds in general. I'm less concerned about being mugged and forced to use my fingerprint, but I've seen too many videos of corrupt cops seizing a phone and using someone's face to unlock their phone to delete video evidence, etc. I do like PIN scrambling in GrapheneOS to prevent the eye in the sky camera or a shoulder surfer from obtaining the PIN. I've been using GrapheneOS for a couple of weeks and I'm loving it. I urge others to make a donation to support the development effort.

That is a valid point. In defense of that occurring, I did manually turn on "show taps" in developer options. So this is not standard behavior if you were to do a screen recording without altering developer settings. The built-in screen recorder used to have an option to "show taps" I don't recall whether that showed taps when entering a pin or not, I don't have a device with an older OS version. It is good to note though in case anyone does a screen recording on their main device with a personal pin showing taps.

@@sideofburritos play back your own video, but after the black screen went away for a half second it showed the pin pad you typed into

I understand what you're explaining, I was commenting that this would not happen in a standard setup screen recording. You would have briefly seen the keypad, but you wouldn't have seen the finger taps on the screen. Show taps was a developer option I enabled to help people see where I'm pressing on the screen.

Thanks! Ah, that's a great point as well, to use a different fingerprint for a separate user profile. Haha, thanks!

Try enabling settings -> Display -> 'Increase touch sensitivity', then re-add your fingerprint. It still doesn't work perfect for me, but it definitely helps with a screen protector.

"My solutions for now is using a synchronized Syncthing folder on both profiles, which works fine but maybe you know of a better solution." That was going to be my suggestion, I'm not aware of an easier/better option. You're most welcome! That's been my goal from the beginning. I've been trying to lower the "barrier to entry” to demonstrate that anyone who wants to do it, can. I'm glad to hear that it's worked out well for you!

Herzlichen Dank für Ihre Unterstützung!

Glad you like them, cheers!

I think it depends on your threat model. If you decide to just use it in a public setting and disable it after, I think that's a decent compromise. I believe there's a greater chance of someone shoulder surfing your pin code in public vs. gathering your fingerprint and faking it at a later time in that setting. But I can understand where you're coming from. For someone with a high enough threat model a password would be the best option.

Thank you!

It is!

@@sideofburritos Especially in Germany, where uniformed threat vectors are now allowed to use your on-record finger prints stored with your state id card to unlock devices.

the calls list seems to be identical. contacts, i cannot say, as i sync them via a cloud provider.

They are separate.

What @mrcvry said. Contacts are part of the profile data which is separate per user profile - grapheneos.org/features#improved-user-profiles Turning on Phone and SMS for the second user profile will share the SMS history and call history with the secondary user.

just like scrambled pins, they are a pain in the butt

That's true, but for my threat level and convenience it's overkill and a PITA.

That would be handy (pun intended). Some form of 2FA like a YubiKey with NFC would be useful since you could rotate it, but definitely not as seamless.

​@@sideofburritos I was thinking about an NFC ring with one button which wipes the previous key and generates a new key (challenge response). If you get compromised, you just press the button -- no more ring unlock. If you pressed it accidentally, you just pair the new key to the phone. It would require modifying AOSP unlock mechanism though. I cant think of an easier, more secure solution to this.

Not at the OS level as far as I'm aware. There is a permission toggle for "network" which would restrict all network access for an app. There are apps like NetGuard (netguard.me/) which can replicate the Apple iOS functionality you described. Nice! It can be a bit of a shock at first, especially coming from an Apple device, but I think it's worth the effort! edit: added part about getting a Pixel

@@sideofburritos thanks! That’s something at least, coz no calculator app, or calendar, or any number of apps should be contacting the net... I’ve been jailbreaking all my life, so my iPhone’s are pretty well locked down. You’d think it’s impossible, but there are many really powerful tweaks, like firewall ip, app firewall, Netfence etc. You get pop ups every single time an app wants to contact the net. Gets annoying at first, but if you monitor each outgoing connection, you can either block or allow... many of the attempts are like analytics, or google ads, so block those, and you never get ads on that app! Let alone waste data I never updated past iOS 13 on the majority of my devices, I don’t need any social media when I’m out and about, and Apple kept locking down their systems even more after iOS 14 👍 I’m looking forward to testing graphene out.

That's a fair point. That's where I like the user of “lockdown mode” so that they can't force you to use your fingerprint since the pin code is needed to re-enable it. It definitely comes down to the individual's threat model, since situations will vary greatly.

The launcher in the video is the default AOSP launcher, which is used in GrapheneOS.

Exactly what @1albumamonth said. I stick with the default launcher that ships with GrapheneOS.

@@1albumamonth I'm trying to use Articons, and I don't see AOSP listed under launcher. Does it go by another name? Maybe it isn't compatible. anyway, thanks for reply.

Under security, you would have to change your "Screen lock" from password to pin to use it.

@@sideofburritos thanks i found it now. i wish there was an option to use both pin and password and pin could bisabled with the lockdown feature like fingerprint. so pin could be my fast/easy access which is currently fingerprint

that way i would extend my already long password since i would only need it very rarely. also i consider pin with the scrambling feature safer than fingerprint, but ofc a long password is the safest

Thanks for the feedback, that's a fair point. I didn't intend for it to come across that way, I just don't have an iPhone or iPad to demo with. The linked article (www.karltarvas.com/2023/02/25/protecting-your-iphone-against-shoulder-surfing-password-theft.html) is the best option at this time. My family all use iPhones, and the linked article is the same suggestion I provided to them. I also don't believe in punishing people for their device of choice, as I'm writing this from a MacBook. With a channel that is primarily Android privacy/security, my family still prefers their iPhones, and I don't fault them for that. Nor do I ever try to convince them to switch, unless they come to me asking questions first. The “preachy privacy” approach never works long term. Thanks again.

@@sideofburritos That makes sense. Likewise, if I had the option, I’d find a cheap Google Pixel phone and get a second Google Fi number + SIM just to have to experiment with. I just get so sick to death when people whine and complain about Apple doing something “dumb” and praising Google or Microsoft for doing it “””””””better””””””” or sooner like LTT (sometimes) or my coworkers/friends or whoever & get brutalized from hearing that. I don’t care that people absolutely love their products; my job is to be unbiased to an extent and recommend what I know works. So thank you for addressing this like I wish others would.

@@sideofburritos Side note to the article: I would also add investing in an iPhone screen protector that doubles as a privacy filter like from Otter Box or other companies.

I actually laughed out loud when I read this because that seems like such an obvious option. Sometimes physical problems require physical solutions, not just software setting changes. I've used privacy screens in the past and have one for my laptop, but it didn't even cross my mind for this. That would have been a great suggestion in this video. I'll have to incorporate that into a future video, thank you!