I am using ArrowOS 11 on a POCO X3 NFC.
I have enabled the Multiple users option and created a second user profile, but for that one it's not possible to enroll fingerprints with the following error message after the fingerprint has successfully been scanned:
Enrolment was not completedFingerprint enrolment didn't work. Try again or use a different finger.
Click to expand...
Click to collapse
For the device owner there are already 4 fingerprints stored, but that's not the limit (I have tested this by enroling a 5th fingerprint without problems). The used finger is also not causing the issue (I have tried with a different finger).
I'm not sure if this is an Android design limitation, so that only the device owner is supposed to enrol fingerprints, or if this is a bug with ArrowOS (possibly a permission issue?), but with the fingerprint option present in the additional user profile (in contrast to the developer options for example, which can only be activated for the device owner), I assume this is rather a bug than a feature?
My intention was to install some banking apps in an additional user profile as well, so that I can manage online banking access and pushTANs for my wife and myself using only one (backup) phone, but without working fingerprint authentication in the additional user profile that endeavor is completely pointless.
P.S. Since it's unclear to me, if this is a feature or bug, I have opened an issue at the ArrowOS GitLab Tracker, if anyone is interested.
I'm having the same issue. Not only from ArrowOS (Android 12), but also CrDroid (Android 11).
Not only that, fingerprint scanning of the original account fail to work once I switch to the 2nd user. Checking the security setting, my finger print was removed from my orig account. This was what happend on CrDroid (11).
Now I'm on ArrowOS (12), the fingerprint of the 1st account is not removed, but fails to work until I reboot. Fingerprint does not work again after I switch to the other user.
Related
This is just a question. Is there any way that i can set up a decoy password on my nexus 5 lockscreen? I am rooted and running LineageOS 14.1 and the phone passes SafetyNet, and has internal storage encrypted. Here's an example: your real pin is 13579, but you want a decoy pin (24680). When 13579 (real pin) is entered, the phone will unlock like normal. But, if 24680 (decoy) is entered, then the phone should switch to a different (possibly restricted) user, so that if you are stopped at an airport and your phone is confiscated and the authorities ask for your pin, you can give them the decoy. The switching users should be invisible, so that the authorities don't suspect anything. If they ask about the main user, i can just make up an excuse like "This is my friend's phone, and i am going to visit him. He just added me as a restricted user". Note: i just want to keep my privacy and make sure that my data is safe.
Hi - wondering if anyone else here has Airwatch for work, and has updated to MIUI 11. My device is force disabling the fingerprint unlock option so I have to type a pin to access the device. This option is configured to ALLOW in the Airwatch admin console, but I can't get it to not disable it (I'm the only Xiaomi device user). I have a ticket open with Airwatch, but they are saying this is a Xiaomi problem. I can confirm this is occurring on the newest Xiaomi.EU version, the Global Stable version, so it could be, but I also appear to be the only Airwatch user in the global beta group.
Edit: Big Dummy Spelling.
I'm using Intelligent Hub (AirWatch) and I'm not having any issues with fingerprint unlocking, but I have had issues with Hub in the past, such as unenrolling and being unable to re-enroll unless I factory reset the device. It's possibly a work profile configuration issue. Try resetting and reenrolling and see if that may fix it
So my Dad uses a Galaxy Note 10 Plus. He works at a high level judiciary position i cant mention, so information stored on his phone are govt. classified stuffs. Security is very vital.
He is almost 70 , so memorising pins and password is not his thing.
Therefore he uses Face Unlock/Face ID feature and Fingerprint scanner for unlocking phone and securing his apps.
But this morning, for God knows what reason, his phone can ONLY by unlocked via GESTURE PATTERN.
The thing is, Dad never uses gesture pattern, he must have set it when he first recieved the phone from the govt. He doesnt recall the gesture anymore.
All the officials have been trying their luck with the gesture unlock to no avail.
He needs to recover his phone data fast.
Is there a way for him to unlock his phone using face ID, fingerprint, or even email authorisation or something like that??
As far as I know, after you've tried many times, you will get a messages "Forgot pattern" on the lower left corner of your lock screen. Touch Forgot pattern and enter Google Account info to clear the lock.
Just hope he can still remember the password for the google account!
Just keep on trying until the phone starts asking you for the account (mail) and it's password.
Use the account data (password) to unlock the phone.
It is possible that his employer has the phone under MDM (Mobile Device Management). That is very common on mobile devices that access secure information from an employer. It allows them to control settings on the phone. If so, they may be the ones that changed the settings and they also may be able to unlock the phone.
I can't see any option in settings to encrypt the phone, so is that not possible with Realme 5i/ColorOS? I would never buy a phone without that option but I assumed it was standard on all Android phones.
doveman said:
I can't see any option in settings to encrypt the phone, so is that not possible with Realme 5i/ColorOS? I would never buy a phone without that option but I assumed it was standard on all Android phones.
Click to expand...
Click to collapse
Full-device encryption was deprecated with Android 10 because it blocks Accessibility Services, the dialler & other useful things till the device is unlocked, File Based Encryption was introduced with Android 7 & is now used instead, this allows these functions to be encrypted with the device's keys (rather than the user's password) so remaining functional before the user unlocks the device.
https://source.android.com/security/encryption/
I found this older thread about the POCO X3 NFC: https://forum.xda-developers.com/t/phone-says-its-encrypted-but-is-it-really.4167645/
I do not know if the info there is also valid for the X3 Pro ... or if it even was correct in the first place. (Cause just 1 other user mentioned this and no one else talked about it.)
In the 2nd post there is tha guy mentioning that MIUI is not changing the decryption keys when changing the password. Is this a problem?
I have bootloader unlocked and Magisk + LSposed installed. Using the latest stock MIUI. From what I have read online ... unlocking hte bootloader just allows to tamper more with the device - and allows an attacker to bypass the hardware security stuff to run brute force without using the phone (to bypass rate limits and run brute force very fast) - shouldn'd that still be safe with a long password?
Well Android allows at max 16 chars and I am using 16 chars letter, numbers, special chars now + biometrics for screen unlock. After the boot it seems it forces you to put in the password. (Biometrics not working.) TWRP decryption is working - and only works with the password I put. (Not with "default_password".) Even when adb is enabled (I usually leave USB debugging disabled) it seems not to work unless I also change the charging options to allow file transfer (not only charging battery) - which always seems to reset to recharging battery only after a reboot. (And not allow for changes unless passwort is put in once at least.)
I am talking mainly about attacks where you are able to power off your phone and someone else gets physical access to it. (Like police or NSA lol. After I got it back I would always completely wipe it to make sure they have not installed some keyloggers.) Unless the bootloader and internal keystore somehow (I do not have much knowledge about this) just checks your passwort but is still using "default_password" in the background (and TWRP also works using this) should not a strong password be safe?
I think the key generation with "default_password" itself still would have some random compoment (every time you reset the sytsem and it gets newly encrypted)? And it only matters if that "key encryption key" gets re-encrypted when changing the password. (And not only encrypted/hashed with "default_password".) As mentioned here by Elcomsoft: https://blog.elcomsoft.com/2018/05/demystifying-android-physical-acquisition/
"It still takes effort to decrypt the smartphone even if the data is encrypted with “default_password”. Much depends on the encryption implementation of a particular vendor. As an example, some vendors will not re-encrypt the KEK (Key Encryption Key) when the user changes their passcode; this in turn allows decrypting the data regardless of the current passcode by simply using “default_password”. The same situation occurs if, at the time of the initial setup, the vendor opts to start encrypting the phone before the user sets the passcode. According to Oxygen, this is exactly what happens on Motorola smartphones, which can be extracted and decrypted regardless of the lock screen password – but only if Secure Startup is not enabled."
(This info still seems to be for the old FDE but I think it should be similar fo file based encryption which is used in the POCO X3 Pro?)
If the TWRP only works with the correct password (otherwise showing encrypted stuff for the files that are supposed to be encrypted in th FBE - not everything like in the FDE but still enough I think) ... is it safe to say that this key encryption key is getting re-encrypted?