• General

  • A "panic button" to trigger Remote Lock for example via SMS

Graphite
Thanks, could you please confirm which app is it? I couldn't seem to find "Testify" in Fdroid?

      ve3jlg

      Oh wow that is a brilliant idea! Thanks a lot. Is there an existing app that could provide this? Are there any purpose-made devices that could be paired with? The only problem I could think of right now is if there was some bug that would permanently lock you out of the phone (I imagine there could be a few seconds timeout that would allow you to disable the app in this case).

          nsreubkvne No,sorry no specific example. It was more of a concept, which I imagined might be implemented with Tasker, or custom software. I have not explored feasibility at all, hoping someone else might chime in with specifics. lol.

              I prefer to stay away from places where this can happen.

              nsreubkvne I couldn't seem to find "Testify" in Fdroid?

              Sorry, I was saying testify as in "I do the same, I can attest".

                ve3jlg

                I have not seen Bluetooth-out-of-range auto-lock implemented on a phone before.
                I have seen it on Windows Hello for Business. It works reasonably well.

                I actually did a pen test on this.
                I tested the function of the Multifactor Unlock "trusted signal" credential provider when Bluetooth is nearby, and found serious vulnerabilities.
                For speed, Microsoft cannot wait for the full encrypted connection, but rather just uses the beacons.
                I have some Ubertooth One dongles that were able to spoof the GATT attributes of a paired Bluetooth device. Windows Hello doesn’t do a full BT authentication during each unlock, there is room to own. Then there are possible vulnerabilities of attacking during registration process. Downgrade attacks and a few others. Microsoft is good with security, but so is Google, and we know what happened to their FIDO Titan Key with Bluetooth.

                For auto-locking on an android phone, I can spoof my own signal with your device's GATT signature. So you'd have to design it for actually encrypted data. Possible, but not easy.

                    Graphite Thanks, that's definitely outside of my skillset, but I'd happily sponsor a project that could build such a tool. It sounds like a perfect solution and I think that implementing it would require a specialist.

                    I guess if someone is aware of any developer that might be interested in starting it please let me know?

                      eatinggrumble84 I think FindMyDevice relies on a third-party server? If possible I'd prefer the (encrypted) bluetooth solution due to privacy concerns.

                        ve3jlg No worries, thanks for the idea anyway. I think Tasker is a proprietary app - it may not be appropriate given that it needs permissions to lock the phone and keep connection with a bluetooth device? Are there perhaps any simpler open-source alternatives 🤔?

                          a year later

                          I think findmydevice is open source. Also to report to a server is optional, you can also opt in to only answer sms messages from a specific whitelist if i'm not mistaken.

                          About your internet connectivity, if you use a esim they cannot remove it, and if you don't use a pincode the phone would stay one after rebooting it aswell.

                          Ideally it would be even better if the phone could be remote locked / antitheft / anti reinstall rom locked, not sure if thats possible though.