Robbed at gunpoint: Forced to give robber my pin

indigomadelin

I didn't test, but I may suggest using Macrodroid (or another app for device automation) and create a scenario to run clear app data for MyBank when headphones unplugged (the robber ripped the phone from your hands) or location is 2 km away from your home (the robber ran away). I didn't see an automation app that can uninstall apps or factory reset the phone.
You get the idea, you can customize the script how you want.
However, you need to grant admin permissions for the app, which could be against your threat model.

chinook

indigomadelin

I didn't see an automation app that can uninstall apps or factory reset the phone

Uninstall: maybe tasker with "ADB WiFi command" but that's an ENORMOUS security sinkhole (ie: keeping this enabled)

Factory Reset: FindMyDevice by nulide (I didn't try wiping yet, though)

schweizer

gianfisco What they usually do is order thousands of dollars on resellable stuff in all kinds of delivery apps, log into your google account in another device, use your number to receive 2FA codes, etc. And they do it QUICKLY

It is not clear to me why they would need your phone for ordering stuff on your name online. If a shop or bank uses SMS as 2FA they have a security problem and you should avoid them. You should not be logged into a google account other than an anonymous one for updating the apps, preferrably on a secondary profile.

I would not risk my life for a smartphone.

traveller

Personally I think the best solution would be to have a special pin that brings you to a special profile with profile switch functionality completely disabled (so the adversary can't even tell right away, if the phone has other profiles set up or not).
But I also understand that may be non-trivial to implement.

Meatheadmarty

traveller yes, it would be great to have but hard to code. The developers probably lack the time to do a new feature like that. Just having a duress pin is great. Makes the OS so much better.

Meatheadmarty

n3t_admin a street thug usually has the IQ of a pigeon. You think some dumb street thug would be familar with Graphene OS or fake updates or a new wiped profile? No the street thug would look at the new fake profile, be happy, and flee or would flee while the phone says it was installing important updates and will open momentarily. If the fake profile can open quickly, no thug is going to go "this seems like a dummy profile based on my forensic analysis." Many of these street dudes can barely read. That would trick alnost all of them. A duress wipe would not and could make it worse.

newbie24689

Meatheadmarty

a street thug usually has the IQ of a pigeon

True
However, the thug may be simply expected to keep the phone logged in, if possible, as he takes it to a colleague who CAN extract important information before scrubbing; loading in a virgin OS; and selling it

A duress wipe would not and could make it worse.

Sigh.....Very True

Maybe the best approach in a robbery-prone environment is to keep all important information in an encrypted database and keep that database in an encrypted cloud location (e.g. Proton Drive) using memorized passwords. Do your email - on line - via Vanadium incognito mode in an account dedicated to email (i.e. not your cloud database account.)

In general, use Vanadium incognito instead of apps whenever you can. Use and memorize short, complex passwords to access your mail and storage accounts. Keep long passwords (e.g. Banking) in the cloud vault and access them only when you are in a secure location.

If you need to access your phone continuously (e.g. walking while using a map application), use a smart watch to display the distances and turns.

NOTHING important on the phone (or watch).

Meatheadmarty

Unknown-Phallus in afu with main profile passworded if state actor got unlocked phone in profile 2 i doubt they couldn't get profile 1 access given enough time.

daunting7512

My hot take on this is to maybe don't give your phone access to your entire life savings.

Some people here are suggesting to keep identity theft sensitive apps like your email and banking apps locked away behind a separate user profile. That's certainly a good idea, and it's probably enough if you live in an area where you're at low risk of robbery. But the absolute safest thing to do if you live in an area at high risk of robbery (Chicago, Los Angeles, Rio de Janeiro, etc) is to just make sure that your phone doesn't have access to money or identity theft sensitive materials at all.

My daily driver grapheneOS phone has no banking apps on it, and I use my email provider's webmail with a memorized password and a yubikey for 2FA to read my email instead of a mail client. I also make sure that my password manager doesn't give my phone access to anything identity theft sensitive either.

randomname

You seems to live in a dangerous place, get ready to get beaten when the thief will see the phone is blocked because of duress pin..

maybe put everything in another profile and close it before being at risk, there is 99.9% chance that they will ignore other profiles

spl4tt

This sounds like a perfect moment to use that duress pin feature.

Ilgar

spl4tt lol, no, at gun point you better open almost empty profile just for outdoors, if you happen to live in such location.

Ilgar

I think I've figured good setup:

1 STRONG passphrase + fingerprint to access owner profile empty or with app stores for convenience of installation of apps (I prefer to disconnect vpn with "block connections without vpn" when not in use so it's offline) and disable apps installs and updates to secondary profiles
2 secondary profile that actually main with all apps
3 an outdoors profile for most important maps when outside like maps, camera, etc that you would give passphrase to armed robber when you are scared of lethal scenario
4 you can have 10 other profiles set randomly (maybe with 2 different paraphrases for each 5 of them, for plausible debiability of main profile, so you can say that you forgot passhrase)
and super easy durress passphrase which would be triggered first upon brute–force or you would use to unarmed robber when you are not scared of lethal damage + auto-reboot for 12/18 hours in case of lost device. this way after auto–reboot adversary must successfully brute–force BFU and then... hahaha, guess which of 12 secondary profiles is a actually a target... nice 3FA (BFU>guess of target>secondary profile BFU).

Ilgar

Ilgar I think 10 fake profile should have same passphrase for ease of remembering, or even same to outdoors user passphrase. and better to end session of main profile when going outdoors in case if attacker is smart and force you to give owner profile passphrase because of adb access.

Ilgar

Ilgar I think 10 fake profile should have same passphrase for ease of remembering, or even same to outdoors user passphrase. and better to end session of main profile when going outdoors in case if attacker is smart and force you to give owner profile passphrase because of adb access.

2 outdoors profiles, 1st with simple passphrase, same to 10 fake secondary profiles randomly configured, that you will use as actual outdoors profile with maps, camera, etc, and 2nd with good passphrase, maybe same to main profile (for ease of remembering) with all data (password managers, etc) that you will use for messenger notifications but it will be hidden behind password.

user539

You can give them the pin for main profile. But keep User profiles guarded by another pin, and store your data there. If he is just there to get your phone you are safe so. He won't be searching for user profiles for sure. But If he is there for some other reason you are scre*ed anyway.

Ilgar

user539 better to give special outdoors profile with maps, camera etc, because owner profile has access to adb and usb settings, which by default are only charging.

« Previous Page Next Page »