brook
On the whole, I agree that such a feature would be useful for people who forget that they have to enter their pin/password every 48 hours, and whom also frequent public places or places where entering their pin or unlock credentials without being shoulder-surfed is very hard or inconvenient.
On the other hand, I am struggling to formulate a compelling rebuttal against having a feature designed to prevent pin amnesia. You may be surprised to hear this, but lots of people would go a very long time without ever unlocking their device with their primary unlock credentials. Their fingerprint reader might be highly reliable. They might reboot very infrequently, delaying updates or (although perhaps more rarely) leave the system updater disabled over a long time period. Not everyone's using the same pin for years on end. They might upgrade to a passphrase. A passphrase is going to be a lot easier to forget, even if you have used it for several months or years. Forgetting just one word or mixing up the words, will lock the user out. Some people might be disciplined in that they routinely unlock their device with their passphrase in order to prevent this situation. Other people might not be.
However, I don't think it's inconceivable for an OS to implement such a feature differently. For example, there could be a reminder text on the lock screen with a countdown showing the user the time remaining until the OS is going to force them to enter their primary unlock credentials. Furthermore, when a user enables a feature to disable the 48h forced reminder, there could be a warning text telling them that they are responsible for not forgetting their credentials and also that they will be locked out of their device if they do.
But such a countdown text could easily be missed. And making the text more visible, such as by displaying it in a pop-up, would be perceived as annoying for a lot of people. And unlocking with a fingerprint is usually a fast endeavor. I often find myself not even looking at the screen when unlocking with a fingerprint. And fingerprint readers on Pixel devices seem to improve with every generation, making the failure rate very, very low. (Unless they're using a poor screen protector or have enrolled more than one finger, making the fingerprint recognition training of the OS less precise) Moreover, simply showing a warning text is not going to prevent any kind of pin amnesia.
There could be a feature to extend the 48-hour forced pin entry.
When that is said, I do not know how time consuming it is for developers to implement one or more of the suggestions I have written about above.
lynatic Yes, users could technically plan their day so they're in a location safe from shouldersurfing every 48 hours. In reality, barely anybody will (be 100% able to) do this and most risk-unaware users will instead type their primary unlock in public, risking shoulder surfing.
Well, people have different threat models. I do rarely see this being raised as a topic in this forum, and I frequent this forum every day, probably more than what is healthy.
The challenge you raise of not having the discipline to remember to use your primary unlock credentials every morning can easily be remedied by you using a calendar app to set up a frequent reminder. I am, in honesty, surprised this has not been suggested so far.
brook OK, and how does it improve security for them or me exactly?
Availability is a core pillar in digital security. Every introductory textbook in security will explain the importance of system availability and elaborate on it in more detail. Securing digital systems is pointless if legitimate users of the system cannot access it. Increasing the chances of availability is arguably even more important for systems where legitimate users store data that is important to them, which most of those users will want to access on a daily basis. If the data suddenly becomes unavailable to them some people can restore from backups, but a restore can be time-consuming. Consider how often most people use their mobile devices, which sensitive information they store on it, and how much they value timely access to that information.
You are talking about some random employee at Google introducing a random pin amnesia prevention feature. But this assumption is misguided. A feature to reduce the chances of user lock out will conceivably also reduce user frustration with Android's strong encryption implementation. If I forget the password to my unencrypted Windows system disk, I can rescue it by inserting a Linux thumb drive and copy the files to another disk. Or pay someone to do this if I don't know how. If I forget the password to my Google Pixel device, I am screwed. Having more users dislike essential security features is very much undesirable.
Android is used by hundreds of millions of people around the world. That designing features that perhaps only 0.1% of those users are going to value is not a developer priority, is unsurprising.
On another note. The reason for the pin amnesia prevention feature has been clearly explained to you. It has been explained why GrapheneOS is hesitant in removing that feature. Yet you keep repeating your arguments as though you believe that developers will reconsider their stance if you repeat your points over and over. From my point of view, the way you are going about this does not seem constructive. Using strong adjectives to imply that people are silly is not going to increase the chances of people being understanding of your argument and situation.
(This text was written using Transcribro with minor corrections).