Write about new GrapheneOS duress feature and discourage duress apps

We should recommend GrapheneOS duress feature for those who need it, discourage the usage of duress apps, and explain why they’re not good and shouldn’t be relied on.

5 Likes

Agreed, think this could have stayed in the same topic. But yes this a good addition and definitely those who used apps for it should move to the built in solution now.

3 Likes

Anyone with some legal background that can advise on the use of this feature?
Will you be held accountable for destruction of evidence if you give a wipe PIN when held under custody?

4 Likes

?

https://dustri.org/b/reflections-on-grapheneos-duress-feature.html

makes great points

It would have been interesting if you could set a PIN that opens a hidden user profile which looks like the main profile. Similar to VeraCrypt’s plausible deniability function.

5 Likes

For the plausible deniability you could theoretically design the OS to have two ‘owner’ profiles to choose from a boot and select via the PIN you enter, but I honestly can’t assure if this is even viable since there would probably be ways to figure out it existed. I think it would also be too much work. It would also kind of be like ‘profiles in profiles in profiles’ in terms of OS architecture which seems like a flawed design. The user profiles may help, by having an entirely empty Owner profile and everything stored in separate user profiles since they are isolated. Can delete a profile or act like you forgot how to get in one of them etc.

Is that an answer to what you are suggesting? There are also other replies in the thread. Some suggested Duress for other profiles, but it is only possible now on owner profile.

1 Like

Yeah I figured that’s probably why it doesn’t exist, but it’d be cool nonetheless if someone was able to figure out a way to make it work.

2 Likes

Keep a paper note with the duress PIN under your phone case. If they wipe it themselves, you’re innocent, lol.

10 Likes

Reminds me of Cop fucks himself over when he accidentally unplugs USB with TAILS on it - r/darknet

2 Likes

Keep good backups, though. You might have a 0.01% chance of your phone being wiped by LE, but you’ll have a 50% chance of it being wiped by a curious relative.

@whoami5 But the serious answer is: if you think that’s a real possibility, seek legal advice from a local lawyer. This varies wildly by jurisdiction and you’ll probably even have diverging court decisions in your country/state so will have to make some educated judgement calls.

I will bookmark this

OnePlus implements this feature and calls it “system cloner”. You have one lock screen and you setup two passwords for the two profiles.

OnePlus implements this feature…

OnePlus also does some weird things. For example, OxygenOS runs oplus.app.bg thread in every? app process (it does so at least in the debuggable ones I observed).