PANIC Button app

Robert88

Hello, I need a "Panic Button" function. It's a standard icon on the home screen among other apps. When the user clicks on it, the app asks if they want to delete all data on the phone. If they answer YES, the phone starts wiping itself.

In regular Android, developing such an app is not a problem, but is it even possible to develop something like this on GrapheneOS?

Murcielago

Robert88

In regular Android, developing such an app is not a problem, but is it even possible to develop something like this on GrapheneOS?

Which app did you use for that purpose in Android before? It should also run under GrapheneOS.

I've never used them personally (so take it with a grain of salt) but apps frequently mentioned are Wasted and Sentry. Bear the following in mind:

Apps like Wasted perform the factory reset via recovery - they aren't the best way to perform a factory reset, nor are they useful in duress situations. More than likely performing a factory reset like this doesn't clear data the way a typical power off should do.

source: https://discuss.grapheneos.org/d/10023-exploit-of-device-after-first-unlock-to-obtain-data-that-isnt-at-rest/5

If it doesn't have to be an icon/panic button, you might want to take a look at the the GrapheneOS Duress feature:

https://grapheneos.org/features#duress

https://discuss.grapheneos.org/d/13155-grapheneos-version-2024053100-released

https://dustri.org/b/reflections-on-grapheneos-duress-feature.html

If it serves your needs, you could set it up in Settings> Security & privacy > Device unlock> Duress Password.

cdflasdkesalkjfkdfkjsdajfd

There's no difference between stock android and GrapheneOS, but really do you need? You can configure a duress password and, to activate you only need to power off screen then power on then introduce the duress password

Robert88

I've read more about it, and everywhere they say that an app can be registered as a Device Owner. This grants it higher permissions—not ROOT access, of course—but it should be enough to accomplish this.

pxlkng

Robert88

This is not a reliable or secure way to wipe at all. Wipe through device admin API can be cancelled and is not immediate or maybe does not even fully wipe everything.

Also granting an app device admin is highly invasive and should be avoided as this grants intensive access to your phone. The app can basically do anything it wants to, without your permission.

Please use the official GrapheneOS duress feature, which is far more secure and wipes instantly with no way to cancel, working from everywhere where a password or PIN is requested.

GrapheneOS

pxlkng

This is not a reliable or secure way to wipe at all. Wipe through device admin API can be cancelled and is not immediate or maybe does not even fully wipe everything.

This is no longer the case anymore since we got it fixed upstream for Android 15 / Android 14 QPR3 but most ways of triggering wipes are still insecure such as relying on doing it via the network which can be blocked.

Robert88

This is very dangerous and is not required for an app to wipe the device. An app does not need to be granted device or profile owner privileges to wipe. It only needs the device admin wipe permission.

Robert88

I'll explain our situation and why we need certain modifications.

We are a security company currently using Android mobile phones. I want to push for a transition to GrapheneOS within the company. We develop various in-house applications for our own needs, which are not available on the Google Play Store.

Example 1: Panic Button App
This is for situations where a user finds themselves in a dangerous security scenario but still has a brief moment to wipe their phone before attackers arrive.
With a quick tap on the Panic Button, the phone is erased.
One possible implementation would be to have the button directly open the wipe data menu, where the user just needs to confirm.

Example 2: Emergency Unlock App
In a scenario where a user is taken hostage and forced at gunpoint to unlock their phone, they can use a predefined secondary password.

If they enter this special password, an emergency alert is triggered in the background, notifying us that the phone has been unlocked under duress and that the user is asking for help.

The phone will unlock normally and appear as if everything is fine, but in reality, we will be informed of the situation.

Example 3: SMS-based Actions
Sometimes, we need to send special codes via SMS, as some of our team members use non-smartphones.
We need an application that can read these codes and trigger specific actions on the phone based on them.

Why I'm asking about Device Owner status
This is why I was inquiring about whether our custom-built application (which is not available anywhere else and is installed manually on devices) can be set as a Device Owner.

Additionally, we need MDM (Mobile Device Management) for device administration. I'm considering implementing our own Headwind MDM solution for this.

area51

I read this post, purely out of interest and intrigue, I was thinking a security company, right.. special software, right.. special passwords, right.. SMS special codes... no no no, excuse me if I don't believe.