• General

  • security: Need enhancement Multiple users

  1. delete you from this device #Deleting a user should require a password.
    2.Other users switching from one user to another should be asked for a password. #Known security risk, my admin user has set a PIN password, when I switch from another user to admin, I don't need to enter the password, which should be dangerous.

Why do you need
When I lend my phone to my family or friends, they may try to switch user.

off-topic
When I was arrested by the they could have simply taken my fingerprints, facial recognition, unlocked my cell phone, and they could have used psychotropic drugs to coax me into giving up my password. That's why I don't use fingerprints or facial recognition. It's really hard to be in a country that's not free, and it's even harder to immigrate without money.

    aiss I think keeping the owner profile empty is the easiest way for you to get what you want. You can set it up so the owner profile has a very hard password/PIN. You can use secondary user profiles for all other stuff.

    If you do it this way:

    aiss delete you from this device #Deleting a user should require a password.

    To delete the user, someone would have to log in to owner. Even if someone stole your phone while you're using it, you're using a secondary user profile, so they'd still need to figure out the owner password.

    aiss Other users switching from one user to another should be asked for a password. #Known security risk, my admin user has set a PIN password, when I switch from another user to admin, I don't need to enter the password, which should be dangerous.

    It makes more sense for all profiles to use strong passwords or PINs.

    aiss When I lend my phone to my family or friends, they may try to switch user.

    They can try switching users all they want, but they can't log in to profiles they don't know the password to.

            To delete the user, someone would have to log in to owner. Even if someone stole your phone while you're using it, you're using a secondary user profile, so they'd still need to figure out the owner password.

            In my test, they do not need to know the owner's password. Delete the user configuration file, and will return to Multiple Users. He is the identity of the "admin. You(Owner)"

            You should test it yourself. "admin. You(Owner)" Add user "new user" Use different passwords.

            Delete "New User" it will return to Multiple Users UI
            He is now "admin. You (owner)", and this process does not need a password.

              aiss Sorry, maybe what I meant wasn't clear... I'll try to rephrase.

              My suggestion is to not use Owner for anything. Instead, set up a secondary user profile and use it as your normal-use profile. I personally leave my Owner profile completely empty. No apps or anything and it's secured by a long and complicated password.

              If you use a secondary user profile all the time, then deleting users would be much harder if someone were to borrow or take your phone. They'd need to get the Owner password. Secondary user profiles don't have the privileges to delete other profiles.

                  other8026
                  Always use auxiliary users to configure files. When you unlock the device, someone borrows or takes your mobile phone, it will not be difficult to delete the user. The reason is that he does not need to enter a password when he deletes

                  • Grapheneos needs to implement "deleting the auxiliary user configuration file" and needs to enter the password

                      aiss

                      There is no sense in putting requests here. No dev will ever notice this request nor even consider starting work for it.

                      To request something you need to visit github and create a request there.

                          aiss Again, if you don't use the owner profile for your daily use, then it wouldn't be a problem. It's a simple solution. It checks most of your boxes, and, best of all, it doesn't require the devs to add any further features or make changes to the OS or Settings app.

                          In your OP, you mention something about police forcing people to give up their passwords. If the police are already using the methods you mentioned to force passwords out of people, then would an additional password really be a deterrent?

                          If someone were to steal your phone and their intent is not to steal data, just the phone, they could easily factory reset it. No password needed.

                          aiss Always use auxiliary users to configure files.
                          aiss Grapheneos needs to implement "deleting the auxiliary user configuration file" and needs to enter the password

                          Even if it's possible to allow a different secondary user to also modify profiles, it doesn't make sense since Owner still has to have that permission since it's the only profile on newly flashed or factory reset devices. Owner still needs that permission because secondary user profiles can be removed while Owner can't.

                          The only way I can see your request being fulfilled is if the Settings app were to optionally force Owner to authenticate when making certain changes, like in this guide. Depending on how they implement it, the settings app could also force authentication for other sensitive settings. But, then again, my suggestion to use a secondary profile for regular use instead of the owner profile achieves the same thing in practice.

                                JayJay There is no sense in putting requests here. No dev will ever notice this request nor even consider starting work for it.

                                To request something you need to visit github and create a request there.

                                But it does make sense to discuss feature requests here.

                                Devs and other community members read things on here. Good ideas won't just get buried. Just because a developer doesn't comment on a thread doesn't mean discussion here is a dead end. A discussion can lead to a very well thought out feature request. We don't want to waste the devs' time with incomplete feature requests or by constantly pinging them by discussing a feature on GitHub.