Presentation and first question

bix

Hello everybody, it's my firs access, I just discovered GrapheneOS a few minutes ago.
I am very interested in it and I'd like to ask your opinion about a detail I noted in my first reading of its feature:
it has some security improvement of fingerprint unlock, but do not give users the option to completely disable it.
I think that sharing biometric data (such as fingerprints) on the net is a major security issue for users privacy,
and it seems strange to me that an os with focus on privacy issues allows users to take this risk.
Am I missing something? Thanks in advance for your replies

Skyway

bix
Curious where you read this information?
Titan_M2 is correct .

Titan_M2

Biometric data is not available to apps (even on stock Android) and biometric unlock is optional.

treequell

Hi there, and welcome to the GrapheneOS community!

It's true that biometrics like fingerprint unlock are less secure than a PIN or a password. It is perfectly possible to set up your phone without using biometrics, and to only use a PIN or password instead.

For many users the fingerprint unlock is still secure enough. After five fingerprint attempts on GrapheneOS, the user's PIN or password must be used instead to unlock: https://grapheneos.org/features#more-secure-fingerprint-unlock

A hash of your fingerprint, not the fingerprint itself, is stored on the secure element of the phone, and no apps or any web service have access to your fingerprint. To understand better the architecture for biometric unlock on an Android device, I recommend reading the AOSP documentation: https://source.android.com/docs/security/features/biometric

bix

Thank you all for the replies, in particular treequell for details (especially last one: only a hash of users fingerprint is stored on the phone).
@Titan_M2 : yes biometric unlock is optional, but many times people in tradeoffs between safety and comfort choose the latter, and I expected from such a project as GrapheneOS, a sort of protection by design on this feature. As pointed by treequell, storing a hash of fingerprint is just that layer of 'built-in' data protection I was thinking about.