E

Explorer666

intron

you mean "never underestimate anything or anyone, specially not human stupidity" ? Wasn't that Einstein who allegedly said "two things are infinite - the universe and human stupidity, but not entirely sure about the former..."?

Hope for the best but prepare for the worst, for what CAN go wrong WILL go wrong (Murphy's laws)

okay, "overkill is underrated" is new but noted, I defo have good use for this one... lol

write 123456 on a paper, laminate and keep inside the phone case... AFTER "they" used it.... "oh why the hell would you do that? that's the reset code.... do you really think I would need to write down my pin?" lol

but back to the discussion of plausible deniability and "dummy profiles" which wipe everything else....
the corresponding threat scenario ranks in certain places as "not unlikely" and the implications as "very severe"
(and no, that does not involve any state-backed or law enforcement activity as THEY can undo the wipe which lands you in even more trouble)

could be that duress profile boots from another partition and formats the other partitions in the background or something like that... really just throwing stuff on the wall here and see if anything sticks....

So if anyone knows of a viable solution and knows what sticks, please answer here or on GrapheneOS Discord (same nick)

Thanks a bunch

intron

as the old joke goes... my PW is 1234.... writes 2444....lol

intron

That's all at least on 2FA with no pop-up alarms or quick view etc enabled what so ever... it's common sense, but I reckon it's not THAT common anymore these days.... 🙄

intron

as for the last part - I haven't heard about that theory, but the whole point of threat scenarios is to factor in what the likelihood of such event is, and IF it happens, what is the potential gravity of consequences (aside from desirable/undesirable outcome of course)
Everything has its trade-offs so I would take the risk of a potentially increased vulnerability to hacking over a negative outcome in a life-threatening situation any time of the day in a heartbeat... lol... but that's just me 😉

intron

well yeah, you defo don't want to end up in the hospitality of "non-existing" agents... that's also less of my concern as you would have to do something first to pop up on their screen - and once you do, no grapheneOS and no system wipe can safe you... The phone goes to data forensics while you "enjoy" the SPA treatment....

On the other hand, in case of non-state-related incidents, the worst option is to give a wiped phone with black screen... the second worst to give them access to all you life savings... in most circumstances their adrenaline is just as much through the roof as yours - for other reasons... and as long as you hand them a working phone and are able to withdraw a few 100$ most situations are resolved...
(there may be even worse scenarios, but in those your phone usually plays little to no role, except that they will get rid of it ASAP to avoid tracking)
I used to travel a lot and explore in my younger years, even the shady sides of towns. Back then smartphones didn't even exist yet and few people had heavy, bulky Motorolas... was robbed at gunpoint twice and knowing that I was going to a potentially unsafe place I carried a secondary wallet containing just a small amount but no cards or IDs as those are a pain in the rear to replace.... in both instances they took the "dummy"-wallet, saw that it has a little bit something inside and ran off... so maybe a secondary phone to hand over in such a situation would be the better option? as I said, having access to a small bank account that acts as a life saver may be a beneficial strategy if forced at gunpoint to withdraw money...
If afraid of detection of the "real" phone either leave that at home to begin with (always be aware of where you are going) and if that is REALLY not an option, well, that's the situation where the "wipe all except for this dummy profile" would come in super handy.

Explorer666

further to my previous post, for most scenarios there are available tools ready...
for scenario a) GOS duress code
For scenario c) Ripple
For scenario d) Shelter

It's really just the scenario b) that has no ready available tool to protect against a sufficiently sophisticated robber/kidnapper and depending on where you are those scenarios are more likely to occur than for example c)...

de0u

Any security firm half-worth their salt works with threat scenarios and then different solutions for each scenario, there's no "one solution fits all" approach.
as intron mentioned, it’s all tools and the presence of hidden files may do more harm in one situation while it would be perfectly safe in another.
For example, it would be total over reaction to wipe your phone if your co-worker wants to borrow your phone to call his wife as his battery died on him...lol
on the other hand, you can have different profiles/pin that can be used in different situations...and the level of expertise of your adversary...

a) under attack or being raided? Pin 1 – total wipe, no trace left…. ideally don’t let them connect the phone to you….

b) street robbery? pin 2 - lets them land on a dummy profile, may save your life while everything else gets wiped in the background. Specially if you have a small, limited bank account in it to “buy your life” if required. Pin 2 also sets the phone in alarm mode, transmitting GPS, photos etc…

c) travelling and TSA inspects your phone? Pin 3 – “silent” dummy profile while deleting everything else… just in case in their country crypto is outlawed. Even if they are more sophisticated as the data is deleted there is nothing to see for them… and they won’t arrest you for having used crypto back home as long as you don’t bring it along…

d) nosy GF? Co-worker making a call? Pin 4 – nothing to see here. Keeps your data intact

make pin 1 the easiest to be triggered by brute force as well as keeping it on a paper as suggested by Bullion. (I actually do that ever since phones have a “kill code”)

in situations b and c you would become even more suspicious with a wiped phone and data forensics may be able to recover the data anyway… besides TSA inspects hundreds of phones per day and don’t have time to go into detail unless you act suspicious….

Anyway, it would be cool to have the option – how and when you apply which of the codes is then up to you….

intron

don't worry, I was joking about learning to code... I would be like 30 years late to the party.. lol

of course you are right about viewing everything as tools including apps or skills). it's just that there is no tool that does exactly what I want it to do - at least according to my status of research. that's why I am asking if missed something, or if anyone found a suitable tool to reach my goals.

And I completely agree with what you said about having to understand how to break it, before you can harden/fix it....
That's what threat scenarios are here for... what are the possible dangers and how do they work?
Then next step, what are the means to counter-act those threats?

While nothing is secure, we can just become "hard targets" or respectively "nothing to see here" for the bad guys so they go look somewhere else...

That's why I keep looking high and low for a solution that retains an unsuspicious basic profile while wiping the other profiles and related data on demand (from lock screen in the background with no suspicious messages popping up.)... as the topic here is "plausible deniability"... if there is nothing "off" to be found, then there is nothing to deny...

intron

No offense taken at all. 😉
So on top of everything else, you suggest that I should learn coding now? lol....
oh well, guess if you want something done right, you gotta do it yourself after all... 🙄

hoped that anyone would have picked it up ever since "DueProcess"
https://android.ins.jku.at/plausible-deniability/

but seems not much progress was made in the meantime... that's a bummer somehow....

Hb1hf

To keep the thread alive... your idea is also what I would consider the most secure way to implement "plausible deniability"

To hand over a completely empty and wiped phone to anyone who lawfully or un-lawfully demands your credentials will just pizz them off and land you (or any other user) in hot water (either because it's considered "destruction of evidence" - or because the bad guys realize what you just did...)

unlocking the phone to land in a dummy-profile while in the background the real profiles (2, 3 and 4) get wiped solves the issue. Plus in most scenarios it will buy the user in a pinch enough time to complete the background wipe before anyone realizes what may or may not have happened... and at that point there is no trace of it left... hence "plausible deniability"

Further you could set up two potential profiles for spicy situations... one for a theft scenario where the phone starts sending distress signals in the background, and one for anything like border controls etc with no background signal.

If anyone is aware of such a solution since this post was last active, the input would be much appreciated.