Can you add Duress fingerprint?

nahakubuilder

I have seen recently many posts about people getting to phones by facerecognition or fingerprint in non-authorized way...
I wondered as there is the durress Pin/Pass, could there be duress fingerprint?
Maybe the finger print would show all the time but actually no real fingerprint would be set, it would require to swip or press the button to use PIN, or second option what I do not know would be ok as it could happen that the fingerprint reader mistakes wrong finger and wipes the phone accidently :D, but the other option would be one of the fingerprints could be the durress one

Aeon

might not be the case you think about but:

you can set GrapheneOS up to use Fingerprint plus a pin as 2nd factor.

I am not sure but I think for that pin you can set a duress pin.

Others will correct me if I am wrong.

userofgos

Aeon I am not sure but I think for that pin you can set a duress pin.

Minor correction: Setting a Duress fingerprint isn't possible. What is possible though is the ability to enter your currently set Duress pin into the 2nd Factor PIN screen when it shows up after scanning fingerprint. :)

libertarian

I am curious if it is possible to implement a duress fingerprint. If so, I would like to help to work on that.

It would be.. quite funny, if I ever get into a situation where my phone is seized, if I can offer to unlock it. However, I would turn it into a challenge. One of my fingers successfully unlocks my phone. The other 9 fingers will cause it to be wiped. The authorities could turn it into a fun game of evidence roulette.

In general it would be fun if you could attach actions to specific fingerprints. Imagine if you can set it up in such a way that it sends a specific message using a specific app upon unlocking with a specific fingerprint. Like a way to initiate an SOS message to someone simply by unlocking your phone with the "wrong" finger.

LeslieFH

Fingerprint unlock is unreliable, I really wouldn't want to play "duress roulette" with my phone on a daily basis (because it could have a false positive where it recognizes my "unlock fingerprint" as my "duress fingerprint").

libertarian

LeslieFH I like to live dangerously.

Jokes aside, I understand your point. But, even given that, it is something I'd be happy to try. Plus, you don't know if you have a good backup strategy until you've had to put it to use.

raccoondad

libertarian But, even given that, it is something I'd be happy to try.

You can make a fork then, but GOS won't make it an official feature

libertarian

raccoondad shame, but understandable. The effort to maintain such a feature is not worth it if it does not provide enhanced security to a large portion of users.

I also don't think it is realistic for me to fork GOS. I can implement a feature, sure. But maintaining a fork, with the infrastructure, communication and all of that, hell no.

Novalissoide

libertarian one big problem with 'Duress fingerprint', I believe is;
If there is even a next to null-chance of the duress feature firing by mistaking wrong finger for the right finger, if even a single test shows that this is possible, the whole thing is never going to be a reassuring part of the OS.
Whereas picking your own PIN, and mistakingly using it, this you could learn from, pick a better number next time.

userofgos

Iirc there's still stability issues with using multiple fingerprints within multiple user profiles. So you'd run into issues there as well

MetropleX

Fingerprint as duress would be an incredibly bad idea simply down to the fact that fingerprints don't operate as an exact science. They are implemented using a mathematical algorithm that alters the fingerprint into a digital template.

From AOSP documentation:

Biometrics offer a more convenient, but potentially less secure way of confirming your identity with a device. Under the tiered authentication model, primary authentication (that as, knowledge-factor based modalities such as PIN, pattern, and password) provides the highest level of security. Biometrics are in the secondary tier of authentication.

Even if the Fingerprint sensor and it's implementation meet the highest criteria for security (Class 3 (Strong)). These have an acceptance rate for False positives, Imposter Mimic, and Spoofing.

Class 3 STRONG rates are:

SAR of all PAI species: 0-7%
SAR of Level A PAI species:<=7%
SAR of Level B PAI species: <=20%
SAR of any individual PAI species <= 40% (strongly recommended <= 7%)
FAR: 1/50k
FRR: 10%

Therefore the margin of error not being nil the fingerprint reader and fingerprint duress would not be completely foolproof and secure.