How to set up Duress PIN/Password on GrapheneOS

published 2024-08-19 · updated 2024-08-19 #how_to #android #grapheneos #duress #pin

A few months ago, GrapheneOS released the Duress PIN/Password feature. In this video, I'll describe some caveats about the feature, walk you through the setup, and show you what it looks like when you enter it to wipe the device.

🎥 Video Link

Links referenced for video

https://grapheneos.org/features#duress - GrapheneOS Duress PIN/Password documentation
https://monogr.ph/665ae7b0571fecfdc8c3bdb0/ - QA of GrapheneOS Duress PIN/Password feature
https://yellowball.fm - 🟡 Yellowball, no BS podcast hosting

Transcript

Please excuse any grammatical errors. I used a tool to generate the transcript and haven't had a chance to read through it yet.

I finally found my battery, so I can start recording videos again. The feature I want to talk about today is the duress PIN/password feature that GrapheneOS released a few months ago. First, we'll start by looking at the documentation, and then I'll show you how to set it up on a device and what the actual wipe process looks like once you enter the duress PIN/password.

Looking at the official documentation, which is always the best place to go first, I will link that down below. GrapheneOS provides users with the ability to set a duress PIN/password that will irreversibly wipe the device along with any installed eSIMs. Once entered, anywhere the device credentials are requested, such as the lock screen or any other prompt that the OS shows you asking for your PIN or password, the wipe does not require a reboot and cannot be interrupted. So once it's entered, all data on your device is completely inaccessible, and you will never have access to it again. Take that as a warning—be careful with this. Once you set it, do not enter it just to test for any reason whatsoever, because all your data will be gone.

Both a duress PIN and password are needed to account for the different unlock methods that user profiles may use. You might have one user profile with a PIN and another with a password, which is why you need to set both. It's important to note that if your duress PIN is the same as your actual unlock PIN, the actual unlock PIN will take precedence. So, let's say your duress PIN is 1234 and your unlock PIN is also 1234—once you enter 1234 into your device, it will be unlocked, and you will not wipe the device.

One more thing I want to mention before I get into the live demo: make sure you check into any local laws or regulations regarding this feature. If you're at the airport and they ask you for your PIN, and instead, you enter this and your device is wiped, who knows what could happen. Destruction of evidence could be one of many legal implications. So, make sure you understand the ramifications of using this feature, wherever you are in the world, before actually using it.

With that out of the way, let's check out what this actually looks like. Here, I have a Google Pixel with GrapheneOS installed. The only thing I've done is set a PIN code, which is 12345. In order to set a duress PIN/password according to the documentation, we go into Settings, scroll down to Security, and then we go to Duress Password. We need to enter our device PIN to authenticate that it's us. Once you finish reading the text on the page, you can select the duress PIN. I'm going to set the PIN to 1111 and the password to qqqq. Once we select "Add," again, you'll see a warning about what will happen if you enter this. Select "Proceed," and now on this screen, you can either update your duress PIN or password or delete it.

So now, let's see what the actual wipe looks like. We're all pretty familiar with the lock screen—if you enter it there, the phone will be erased. To show you a little more non-standard scenario, if we go into Settings and back to Security, in order to set a fingerprint, you have to enter your device PIN. We're going to select the fingerprint unlock, and now this is an example of the OS prompting us for our PIN. Instead of entering my actual PIN, I'm going to enter my duress PIN. You'll see it says "Wrong PIN," the device powers off, and the irreversible wipe has occurred along with wiping all installed eSIMs. At this point, you can power the device back on. Just give it a minute to power up. This is the screen you'll see after the wipe occurs. You can go down to the factory reset. It's important to note that this feature does not brick the device in any way; it just makes the data completely inaccessible. So, we select the option for factory reset, confirm that, and now we have a fresh installation of GrapheneOS.

Whether or not this feature is applicable to you and your threat model is a personal decision and something you need to decide. I would caution against setting it to something simple like 1234. If someone has your device and, as a joke, they enter that PIN, now your device is wiped, and that would not be good. I do want to point out one other site that I think someone posted on the GrapheneOS forum. Someone did some duress password QA testing—they just went through a bunch of different scenarios to test it out. I thought it was something cool to check out, so I'll link that down below. One other use I saw someone mention for this feature is: you take a piece of paper, write your duress PIN code on it, and put it in your phone case. If someone finds your phone and they think you just left your PIN code in there because you're forgetful, they'll enter it, and your device is wiped. That's one option I like—that's something to consider.

So, for the last year, I wanted to start a podcast, and when I started looking at where I could host it, I couldn't really find an option that had everything I was looking for from a privacy perspective. So instead, I decided to build that, and it's called Yellowball. You can check it out at yellowball.fm. I would appreciate it if you could sign up and test it out. Let me know if you find any bugs—all you need to sign up is a username and a password. I know many of you are not looking to start a podcast, but if you're like me, then in your friends and family, you're likely the go-to person when someone has a tech question. So, if someone comes to you and asks about starting a podcast, if you could suggest they check out Yellowball, I would really appreciate it. Keep an eye out because in the next one to two weeks, I'll be publishing the first episode of my podcast, which is going to be called In the Shell. It's going to feature different stories from tech, different events that have happened in the past, and things I find interesting. So, if you're watching this video a week or two after it's been published, check down below—I'll link it in the description. If you have any questions or comments, feel free to leave those down below, and I'll see you next time.