IIRC one of the mobile operating systems has a duress pin that instead of deleting all your shit, it just opens up basically a different user profile. So you can throw a few random apps and photos etc until it looks convincing, and just have that on standby. Put in your normal pin and you get the profile you actually use.
Cop demands to see your phone, and it’s just a “sure - it’s 4022” and they get to scroll through some uninteresting bs.
Go home and put the real pin in and it’s back to normal - nothing’s deleted.
It’s kinda like carrying a throw-wallet with a few bucks and expired credit cards… get mugged, hand em that, and be on your way with your real wallet in another pocket.
That’s a good point. I wonder if there’s a way to combine the throw-wallet duress pin with the delete-everything duress pin.
Like, enter the duress pin, get the fake profile AND start a timer: if the real pin isn’t entered within 1 hr (or whatever timeframe the user set it to), then it factory resets.
Definitely would be pretty easy to figure out a fake phone profile. Unless you are constantly updating it, any photo/emails/texts call logs will have timestamps from like months/years ago. Might fool a few, but even less if it becomes a widespread thing and authorities become aware of how it works.
IIRC one of the mobile operating systems has a duress pin that instead of deleting all your shit, it just opens up basically a different user profile. So you can throw a few random apps and photos etc until it looks convincing, and just have that on standby. Put in your normal pin and you get the profile you actually use.
Cop demands to see your phone, and it’s just a “sure - it’s 4022” and they get to scroll through some uninteresting bs.
Go home and put the real pin in and it’s back to normal - nothing’s deleted.
It’s kinda like carrying a throw-wallet with a few bucks and expired credit cards… get mugged, hand em that, and be on your way with your real wallet in another pocket.
It’s gonna be sus when your browsing history and other stats on that profile doesn’t collate with how a normal person uses their phone.
They might confiscate the phone.
My point is that you shouldn’t assume your phone is secure.
If you have something worth hiding on your phone that isn’t hidden when they look at it, they are DEFINITELY going to confiscate your phone
You must enforce the principle of least prilevelege.
Not by just using SELinux in your PC, but IRL.
“it’s new”
That’s a good point. I wonder if there’s a way to combine the throw-wallet duress pin with the delete-everything duress pin.
Like, enter the duress pin, get the fake profile AND start a timer: if the real pin isn’t entered within 1 hr (or whatever timeframe the user set it to), then it factory resets.
Best of both worlds.
Definitely would be pretty easy to figure out a fake phone profile. Unless you are constantly updating it, any photo/emails/texts call logs will have timestamps from like months/years ago. Might fool a few, but even less if it becomes a widespread thing and authorities become aware of how it works.