Biometric anything feels weird, being an identical twin. I stick to never using it.
this post was submitted on 22 Apr 2025
25 points (93.1% liked)
Android
30131 readers
171 users here now
DROID DOES
Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
founded 2 years ago
MODERATORS
it is an oxymoron. Biometrics are the equivalent of a username, not a password.
I like this perspective. Wish there were more implementations of a biometric + password combo.
Pragmatically, is that really any different with a passcode? Someone might not be able to physically force an unlock like with biometrics by moving the relevant body part over, but there's certainly nothing stopping someone from forcing you to unlock your phone if you had a passcode through by duress. Most thieves would have certainly wised up enough to force you to remove your passcode before leaving, or they'd watch you unlock your phone, and figured out the passcode that way.
I rather doubt that, if in that kind of situation, there would be many who would resist. Your phone is not worth your life for most.
Personally, if I wasn't doing anything sensitive, like travelling through some countries (like Australia/the US) or going to a protest, I'd probably keep it on. The convenience makes up for it for the most part.
If I can't change it once it gets breached (because it will get breached), then it's not security, it's a hurdle at best. Biometrics entry isn't security; it's convenience.
If I were a breaking bad meth dealer and had all my buyers as contacts on that phone and all my incriminating chats, I wouldn't use biometrics to unlock it. But I'm not a meth dealer (and I'm not just saying that because that's what a meth dealer would say).
There is a spectrum of convenience vs. security. It depends on where you sit. I'm okay with the fingerprint, wouldn't go for the face.
Doesn't Android have the panic/cop switch where you force password over biometrics unlocking? It's not a 100% failsafe but it is a start.
(and I'm not just saying that because that's what a meth dealer would say)
Hmm sound like something a meth dealer would say
And yeah android does have a lockdown button, if you press and hold the power button, its in the options.
Alternatively you can quickly spam the wrong finger over the sensor a few times until it requires the pass code, which will work for iOS too.
Edit: after a quick test the "wrong finger" method has a a fatal flaw. After using the wrong finger a few times, the pass code UI appears. If you back out of it you can still use finger unlock. You have to get to the code UI and back out 2-3 times before it says too many failed attempts and forces you to use the pin.
And yeah android does have a lockdown button, if you press and hold the power button, its in the options.
For those of us, that opens G-Assistant by just pressing the power button:
Power + Vol up
Neither option works on my Xiaomi Mi 10t Lite 5g, with the MIUI overlay :(
Hmm sound like something a meth dealer would say
I assure you. I'm not a meth dealer. Really. I don't know what else to tell you!
Thanks for answering my question.
Methinks the meth dealer doth protest too much.
Hoisted by my own methtard.
Also, for the ones that support reset after 10 wrong passcodes, enable that shit. SIM PIN too (mostly for various other reasons.)
It may vary between models. Mine if you spam the wrong finger it just counts down 30 seconds before you can try again. But restarting does force a pass entry before fingerprint will work again. I guess the caveat is you have to be able to hold down the power and then select a restart.
I don't want to test this right now, but some of my previous devices would just reboot after keeping the power button pressed for approx. 10-30 sec, overruling the need to use the on-screen shutdown menu - probably to be able to escape a frozen/broken system without waiting for the unremovable battery to run out. That could very well still be the case for some current devices out there.
For every day use, I use it. It’s convenient.
If I’m traveling or going to a protest, I’ll turn it off. I also make sure I know the ways to disable it.
or going to a protest
I'd suggest you may be better off not bringing your phone at all, in this case.
Do NOT use biometric unlock in the U.S.
Law enforcement can force you to open the phone vs. requiring a warrant for PIN/Password.
Same with face unlock, not requiring a warrant, if I'm remembering correctly
Yes
If you don't have time to quickly disable biometrics (lockdown mode) before the cops grab it, you wouldn't have time to turn it off either. A phone in AFU mode is very easily cracked with those forensic devices.
in the U.S
And they could just beat you for the password either way, given the current political atmosphere.
Graphene allows for fingerprint and second factor pin unlock, which is what I use. I mostly do that for cops, though, since in the US you can be legally compelled to unlock your phone with biometrics but not pin.
Wouldn't stop someone from torturing you to unlock your device, but that's what a duress pin is for ;) (they may kill you once your phone wipes but at least they wouldn't have your data)
Police officers cannot force you to unlock your phone by a testimonial act that reveals the contents of your mind. You can be forced to unlock your phone by a nontestimonial act.
If only for the above reason, I refuse biometrics on any of my devices. 🤷♂️
I don't use it at all, even with various bank apps and such yelling at me to do so. Yeah, a $2 wrench could still eventually get it out of me, but you can't just use my face/finger to do so.
I run GrapheneOS on my phone and reject all biometrics on principle not because I have anything to hide.
But you do have things to hide. Everybody does. That doesn't make it bad.
biometrics are for usernames and not passwords/keys.
GrapheneOS allows it to not be used as the device unlock, but still use it for other apps once unlocked (such as banking apps).
Device unlock should never be biometric.
I also have data over the usb port disabled unless the device is actively unlocked.
For proper user authentication the model always used to be that the user should present three things: something they were (a username for instance), something they knew (a password), and something they had (a OTP from a device, or a biometric). The idea being that, even if a remote attacker got hold of the username and password, they didn't have the final factor, and if the user was incapacitated or otherwise forced to provide a biometric, they wouldn't necessarily supply the password (or on really secure systems, they'd use a 'panic' password that would appear to work, but hide sensitive information and send an alert to the security team).
Now we seem to be rushing into a system where you have only two factors, the thing you have, namely your phone, and the other thing you have, namely a fingerprint or your face. Notably you can't really change either of those, especially your biometrics, so they're entirely useless for security. Instead your phone should require a biometric and a password to unlock. The biometric being 'the thing you are', the phone 'the thing you have', and the password being 'the thing you know.
So, yes, I'm entirely against fingerprint unlocking.
Biometrics are fine as a /username/ but should not be used as a password - heard that on some security podcast ages ago and have kept with it since.
So basically I don't use biometrics, lol
As opposed to what? What will you use that's impervious to those things?
passwords, which are protected under the 5th amendment of the us constitution
Passwords are impervious to guns and torture?
OP specifically used cop unlocking your phone as an example. Don't argue in bad faith.
Absolutely no access control on a consumer device is impervious to guns and torture.
They also specifically used the example of guns and torture.
They're generally a bad idea, especially if you're a political dissident.
I don't use ot on the lock screen.
Half the time, I bypass it on the apps because I'm wearing gloves at work.
While I’d want to turn off biometrics if I thought I was in a risky situation:
- pin required on restart
- Lock Screen is pretty fast
- must importantly sensitive apps and settings use a secondary authentication, including in app switching
So they could force me to unlock it, but probably wouldn’t take the time to hunt down all the places there’s secondary authentication. So damage would be partly mitigated
The thumbprint and facescan reader on my phone straight up says that it's not necessarily good enough to distinguish me from family members (especially if we look similar, which we do) when you go to set it up, so I've pretty much never used either.