Whatnoww It's available as a feature of the hardware keystore and it's up to apps to use that API for an additional layer of disk encryption. Android is going to be providing APIs for an iOS style data class available only while the device is unlocked and hopefully it's implemented better. We can harden it if it fails to hold up properly to attacks.

    2 months later

    Lukas will it be possible to set the sequence? To set password first than fingerprint or visa versa?

        GrapheneOS where can I look up how to read this matrixes? I understand bfu/afu and a few other things but is there a full guide/explanation somewhere?

            UserresU The intended purpose is adding a PIN to confirm fingerprint unlock. It is not a primary unlock method, which wouldn't be reasonable.

                UserresU There's information throughout the thread. Which part do you need more info about?

                  Quotesquestioner Are you referring to the SoC column for iPhones? That refers to their System on a Chip, i.e. the CPU, GPU, MMU, etc. It's already implied by the device model but they may have added it to help explain why there would be differences between certain generations.

                      GrapheneOS yes i mean SoC and the other stuff that is on the right to it. My english is insufissient for describing sheets. Is there mabe a video, that explains the charts in detail?

                        15 days later
                        8 days later

                        GrapheneOS
                        Is brute force possible in AFU? It seems there's no secure element throttling in AFU. I tried multiple failed password login and it still allows me to try.

                            What's the Pixel titan throttling policy? like how many times of failed tries before first cooldown period? Is there a max number of failed tries?

                              Upstate1618 follow this link and scroll down. You'll find a table with that info: https://grapheneos.org/faq#encryption

                              Upstate1618 Is brute force possible in AFU? It seems there's no secure element throttling in AFU.

                              No and there is. Maybe you tried with a short PIN? If I recall correctly, the guesses have to be over a certain length. Maybe 4 or more digits? Don't remember for sure.

                                  To try the throttling, you need to input a valid PIN (4 or more digits) and it needs to be a different PIN each time. It won't throttle if you keep inputting 1111, for example. This is a new change.

                                  The throttling thresholds seem to have also changed slightly, so we'll need to update the docs. You'll hit the first throttle after 10 failed attempted, if I recall correctly.

                                  9 days later

                                  Hi! Thanks for sharing this.
                                  Are they able to read and access the user data afu or bfu on standard Android on Google pixel with Titan M2, if they don't have the passcode? Or can they only extract the encrypted version of the user data? Can they also extract the data bfu?

                                  13 days later

                                  Guillaume Worth noting auto-reboot has no impact on what's listed in these tables but rather just whether the device stays in AFU. They never pointed out that GrapheneOS would get back to BFU in the table.

                                    According to media reports it seems that iPhone resets if it has no connection to mobile network for some time. Typically that is in a case when iPhone is stored in forensic bag.

                                    However, if that is true, there could be workaround for that. Police should just present the phones some fake network (without internet connectivity, no SMS and no calls), and iPhone will have access to network (however, there will be no further network connectivity), and will not reboot itself?

                                    We don't know if this would be a workaround, however GrapheneOS's option to autoreboot at specific time interval when screen is not unlocked, seems much better option.

                                      Matthai Last night I removed the case from my iPhone to clean it, and I turned it a little in all directions to put it back, he asked me for my password after putting it back, so I wonder if by turning my phone in all directions he must have believed that I had it stolen or something like that