Use app PIN/biometric authentication to limit risk
In addition to disabling biometric, you can also enable auto reboot.
Also be aware of an upstream bug that occasionally causes fingerprint sensor to appear even while it is disabled for screen unlock. It happens in secondary profiles only not main. Ive seen this pop up and so too have other users.
I’ll second “Private Lock” for phones. It’s an unobtrusive application, and can be configured to lock down the phone in case of a physical shock. IE, with the phone in my pocket, it’s configurred to unlock with the less secure fingerprint unlock. However, in case of a physical shock / struggle / dropping the phone, it reverts to the more secure PIN screen, like when the phone has just rebooted. It’s a great balanace of usability and security. No need to have the phone auto reboot every few hours, as I’ve seen some discussions about here.
Your own threat model will determine how you impliment it, but for me, I have it configured to run when my screensaver kicks in. Any USB devices inserted or removed when the screen is locked will result in the system flushing keys and shutting down in seconds.
You can add the script to rc.local to have it running constantly, but that’s a bit too aggressive for my needs. With Debian, I’m able to invoke it only when the screen is locked and that suits my threat model fine. You can whitelist certain devices and configure it to your needs, hopefully find the right balance for your own model.
Not sure if there’s a Windows equivelant, but sure there must be something similar.
Fair enough, I’m just sharing my experience with Private Lock on Graphene OS and a Pixel 7, which works fine. I’m surprised it’s not been updated or forked, as it’s a very good concept and works well on GOS / Pixel 7 - although as you say, it’s currently not being updated and doesn’t work on Android 13 (and likely other OS / hardware combos).
Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.