Hey everyone. Does anyone know how I can store a fingerprint on this but NOT use it to unlock the phone?
I want to be able to use it for apps like LastPass, or payments, but I do not want it able to unlock my phone. Can someone please tell me how to set that up? Thanks!
I don't have a solution for you, but I am very curious why you don't want it to unlock the phone?
skaforey said:
I don't have a solution for you, but I am very curious why you don't want it to unlock the phone?
Click to expand...
Click to collapse
Because of Security / privacy. Police or government personnel are allowed to force you to unlock your phone if it is only locked with a finger print.
However, if you lock your phone with only a pin or password (Something you KNOW), it is protected by the 5th Amendment, and they can't make you open your phone.
Drashnar said:
Because of Security / privacy. Police or government personnel are allowed to force you to unlock your phone if it is only locked with a finger print.
However, if you lock your phone with only a pin or password (Something you KNOW), it is protected by the 5th Amendment, and they can't make you open your phone.
Click to expand...
Click to collapse
This is not true at all. Also when you use a fingerprint you still have a passcode or pin that has to be set up.
Either way is it THAT big of a deal. What kind of situation would you get into that the police would ever want to get into your phone?? Even if they did.. what's on your phone that you would care if they saw...
I don't get people.
skaforey said:
I don't have a solution for you, but I am very curious why you don't want it to unlock the phone?
Click to expand...
Click to collapse
aholeinthewor1d said:
This is not true at all. Also when you use a fingerprint you still have a passcode or pin that has to be set up.
Either way is it THAT big of a deal. What kind of situation would you get into that the police would ever want to get into your phone?? Even if they did.. what's on your phone that you would care if they saw...
I don't get people.
Click to expand...
Click to collapse
Yes, you set a pin. But as long as you have your fingerprint, it no longer requires that pin to be used.
And it isn't a matter of what a person does or doesn't have on their phone. It's a matter of I don't want them on my phone without my permission, period.
As for it being true, it IS true. In addition to various court rulings, I was taught when I went for my CISSP Cert.
http://gizmodo.com/cops-can-make-you-fingerprint-unlock-your-phone-and-th-1653984192
http://www.latimes.com/local/california/la-me-iphones-fingerprints-20160430-story.html
------------------------
Anyway, this thread can be locked / deleted.
I used the support / chat feature on the phone to speak with a Google Rep. The functionality I want isn't present, but being of a security/privacy nature, has been escalated for inclusion in a future build. Thanks everyone.
This thread is to discuss how to accomplish the requested, not a discussion on whether or not you should be able to from a moral/legal standpoint.
That being said, I would love to know how to do this, but for a different reason entirely.
The closest thing I can offer is to reboot the phone if you have reason to believe you might be in a situation where the fingerprint could be used against you. When the phone boots, the PIN is required the first time instead of the fingerprint. If you press and hold the power button for about 10 seconds or long press for 1-2 seconds and tap restart, there are no other steps to reboot. It doesn't prompt or confirm the reboot.
I don't use fingerprint security at all.
But Doesn't Google have access to our pin codes and passwords.
That have to be used with biometric security?
If so a simple court order gets that done quickly.
Drashnar said:
Yes, you set a pin. But as long as you have your fingerprint, it no longer requires that pin to be used.
And it isn't a matter of what a person does or doesn't have on their phone. It's a matter of I don't want them on my phone without my permission, period.
As for it being true, it IS true. In addition to various court rulings, I was taught when I went for my CISSP Cert.
http://gizmodo.com/cops-can-make-you-fingerprint-unlock-your-phone-and-th-1653984192
http://www.latimes.com/local/california/la-me-iphones-fingerprints-20160430-story.html
------------------------
Anyway, this thread can be locked / deleted.
I used the support / chat feature on the phone to speak with a Google Rep. The functionality I want isn't present, but being of a security/privacy nature, has been escalated for inclusion in a future build. Thanks everyone.
Click to expand...
Click to collapse
When the police bist in just reset the phone... First login has to be a pin or password not a fingerprint.
If you're don't want you're phone used against you then take the ultimate plunge and smash that on the ground.
Or don't use the fingerprint scanner. Lol
Related
Remember that Google Wallet exploit from a few days ago? The one that would allow*'brute-force' PIN attacks, but only on*rooted*Android devices? Well, another PIN-related security hole was discovered soon after, putting even non-rooted Androids at risk. As*Android Central points out, should your phone make its way into the wrong hands, your Google Wallet PIN number could be reassigned, allowing access to the prepaid account attached to the phone itself --*yikes. As such, the folks at Mountain View have taken action, shuttering provisions to prepaid cards until it finds a permanent fix for the problem. Despite the troubles, Google is sticking by its original tune, stating that Google Wallet offers multiples levels of protection (when used on*official*builds of Android) that go beyond traditional plastic cards, including your phone's lock screen. There's no estimate on when things will be back to normal, but you'll find Google's assessments and assurances about this situation at the source link below.
http://m.engadget.com/default/artic...n-related-securi/&category=classic&postPage=1
Via :*Android CentralSource :*Google*
Sent from my SAMSUNG-SGH-I727 using xda premium
Sigh, and if you lose your wallet what happens?
Anyone using their phone to make payments SURELY has a pin or pattern lock to protect their phones data... Right?
Would this be why I couldnt' use my "Wallet" tonight? Said it couldn't connect to the bank to get my account number. (the guy at McDonald's sure was looking at me funning trying to pay with my phone LOL)
Broken said:
Sigh, and if you lose your wallet what happens?
Click to expand...
Click to collapse
Exactly
Sent from my Nexus S 4G using xda premium
That second exploit has been posted in tons of forums almost since day one. Nothing new to report.
Sent from the third terrestrial planet in the system Solar from an electronic communications device.
Broken said:
Sigh, and if you lose your wallet what happens?
Click to expand...
Click to collapse
I rather lose my phone than my wallet.
Sent from my Galaxy Nexus using Tapatalk
it appears the the bank in charge of the prepaid cards has pulled its authorizations, just tried to set my wife's Wallet up on her phone and got the message:
"Prepaid is unavailable at this time. Please try again soon."
swiping my card is much more faster than turn on, unlock, tap, enter pin, tap, and then hit sent.
chevihemi said:
it appears the the bank in charge of the prepaid cards has pulled its authorizations, just tried to set my wife's Wallet up on her phone and got the message:
"Prepaid is unavailable at this time. Please try again soon."
Click to expand...
Click to collapse
Yeah, when I sign in to my wallet account it says "Cannot contact bank" under "user id"
*sigh*
of course there are attacks for this. they should make pinning your phone mandatory for wallet. just like when you encrypt your device, it forces you to use either pin, password, or pattern, no slide or face. just copy that...
zeke1988 said:
swiping my card is much more faster than turn on, unlock, tap, enter pin, tap, and then hit sent.
Click to expand...
Click to collapse
I just fully enjoy the look on the cashier's faces when paying with phone, not all that convenient but quite entertaining. Its the small things in life that bring joy, right??
hacky486 said:
they should make pinning your phone mandatory for wallet. just like when you encrypt your device, it forces you to use either pin, password, or pattern, no slide or face. just copy that...
Click to expand...
Click to collapse
Absolutely. If I am forced to use a pattern/pin/password lockscreen in order to store my VPN credentials, Wallet should require the same - in addition to any security within the app.
codesplice said:
Absolutely. If I am forced to use a pattern/pin/password lockscreen in order to store my VPN credentials, Wallet should require the same - in addition to any security within the app.
Click to expand...
Click to collapse
Google's lockscreen PIN setup sucks. There should be an option to automatically unlock the phone once the correct PIN has been entered, without having to press OK.
Evangelion01 said:
Google's lockscreen PIN setup sucks. There should be an option to automatically unlock the phone once the correct PIN has been entered, without having to press OK.
Click to expand...
Click to collapse
That is an option on most community ROMs... but then you would be rooted and breaking the First Rule of Wallet -whoops!
I use the pattern anyway. Works just like a PIN (think of the grid as a number pad) and sliding a finger across the screen is almost as quick as slide-to-unlock.
Come on, Google, let me use Wallet again!
Gotta love having money online that you can't use, access, or transfer. I just transferred a nice chunk of my paycheck onto google wallet right before this happened.
thunder2132 said:
Gotta love having money online that you can't use, access, or transfer. I just transferred a nice chunk of my paycheck onto google wallet right before this happened.
Click to expand...
Click to collapse
yea this is a serious annoyance. luckily i only have like 12 bucks left on my prepaid card but I dont have a citi master card so its rather bs
codesplice said:
That is an option on most community ROMs... but then you would be rooted and breaking the First Rule of Wallet -whoops!
I use the pattern anyway. Works just like a PIN (think of the grid as a number pad) and sliding a finger across the screen is almost as quick as slide-to-unlock.
Click to expand...
Click to collapse
Remove the root, relock bootloader. When you feel the need to update, do an adb backup, unlock and flash, restore backup, lock.
chirea.mircea said:
Remove the root, relock bootloader. When you feel the need to update, do an adb backup, unlock and flash, restore backup, lock.
Click to expand...
Click to collapse
Me, I'd rather just keep the root. That's kind of the point of a Nexus device to me
I am not an Apple Fanboy. I do not own an iPhone, ever.
But seeing Apple Pay in video, I think Apple really understand what it takes to use NFC. Having to unlock your phone and/or enter a pin before tapping the phone to the NFC reader is more hassle then swiping a credit card and sign.
Yes thanks for the troll!
Oh and you really want anyone that gets their hands on your phone to also be able to spend your cash?
Sent from my SM-G900F using XDA Free mobile app
curioct said:
Yes thanks for the troll!
Oh and you really want anyone that gets their hands on your phone to also be able to spend your cash?
Click to expand...
Click to collapse
No trolling. I don't own and not planning to buy any iPhone, iPod, iPad, AppleTV nor Apple Watch.
There has to be a better way to authorize an NFC transaction then entering a PIN. Face unlock, voice signature comes to mind.
I like the security of entering a pin before authorizing the transaction. If someone steals my phone, they can go tapping all over town spending my money.
pcdebb said:
I like the security of entering a pin before authorizing the transaction. If someone steals my phone, they can go tapping all over town spending my money.
Click to expand...
Click to collapse
How about having the security yet not have to enter a PIN on a bright 5-inch screen in front of strangers?
IMO,
1. NFC on Android should work without having to unlock, like checking-in.
2. Wallet service should allow easier yet secure authentication. Like face unlock, voice recognition, even tap code!
nookin said:
How about having the security yet not have to enter a PIN on a bright 5-inch screen in front of strangers?
IMO,
1. NFC on Android should work without having to unlock, like checking-in.
2. Wallet service should allow easier yet secure authentication. Like face unlock, voice recognition, even tap code!
Click to expand...
Click to collapse
Strangers should not be that close to me in line to see me enter my code, whether it's the PIN pad at the register or my phone. Period. Shouldn't be that close anyway if I'm doing something on my phone, it's none of anybody's business to be snooping. That's considered my personal space, and you will get some F-bombs for being too close.
The idea of not having to authenticate without having to enter something is just not secure to me. And I sure as heck don't want to use voice recognition to tell everyone within earshot what my authentication code or whatever is.
pcdebb said:
Strangers should not be that close to me in line to see me enter my code, whether it's the PIN pad at the register or my phone. Period. Shouldn't be that close anyway if I'm doing something on my phone, it's none of anybody's business to be snooping. That's considered my personal space, and you will get some F-bombs for being too close.
The idea of not having to authenticate without having to enter something is just not secure to me. And I sure as heck don't want to use voice recognition to tell everyone within earshot what my authentication code or whatever is.
Click to expand...
Click to collapse
Then we get a newer version of google glass with sensors on the earpieces that press against your head and takes brainwaves. You "Think" of the code or passphrase, it gets then taken in by the sensor, encrypted, sent wirelessly to your device, decrypted, authenticated and you pay. As fast as a "thought", well some might have problems but that's another story.
Who will know your code then?... Well atleast until you find some or other method to read peoples minds.
pcdebb said:
Strangers should not be that close to me in line to see me enter my code, whether it's the PIN pad at the register or my phone. Period. Shouldn't be that close anyway if I'm doing something on my phone, it's none of anybody's business to be snooping. That's considered my personal space, and you will get some F-bombs for being too close.
Click to expand...
Click to collapse
There is a reason the pin pad on check out line has a small barrier. People can see what you type from the side. I can easily see the pattern or the PIN other people use to unlock their phone from a distance because their screen is so large and bright. Well outside of their "personal space". This is because PIN entry has a dilemma, it must display the pin pad that the user can see and large enough for the user's fat finger to touch.
The idea of not having to authenticate without having to enter something is just not secure to me. And I sure as heck don't want to use voice recognition to tell everyone within earshot what my authentication code or whatever is.
Click to expand...
Click to collapse
No one suggested authentication is not needed. Voice recognition is not the same as voice signature. Say, the phone can display a random word and you read it to the phone. The phone knows your voice. This is better than entering the same PIN over and over again.
We should be able to configure our own restrictions.
I'd make $20 and below work without unlocking or entering a PIN. and only twice in an hour. Anything over $20 would need my PIN.
PIN Settings
You can set your pin to have a timeout of 15 minutes, 1 day, or never in Google Wallet. This seems like a good compromise. If you have it at one day, you can enter it before you leave your house, or your car, etc...
Biometrics
Biometrics really need hardware integration to be both convenient and secure. The reason Apple added the fingerprint reader in the iPhone 5s is that Apple makes you authenticate for EVERYTHING. In order to store keychain passwords on the iPhone requires that you use a pin on the unlock screen, and from there it's a combo of pin and password for every single thing. Download an app? Password. Change security settings? pin. Download a song? password. Without both a pin and a password for a secured iPhone you never have access to the whole thing but it's a huge pain in the ass.
Enter touch ID- you can register up to 5 finger prints to unlock it and purchase apps and songs- the most common tasks- and now to use NFC pay. It turns the previously annoying security into a simple tap-to-unlock affair. It's silent, it's instantaneous and it is completely private, and it still doesn't give you access to the whole phone. You still have to put in the PIN every time it restarts, and password for certain things. And even if someone gets a hold of the phone, the PIN, the password and the fingerprints, the owner can brick the device remotely with find my iPhone and have it beam its location to Apple until the battery runs out and blacklist its ESN. - I think that's what the OP is talking about when he says that only Apple "gets" NFC Payment- a ****pot worth of security made totally effortless.
I hate to say it but NFC- especially payments- on Android makes me nervous as hell. I like Android for its openness and the ability to customize it and get root access if I want to and make full use of my phone- but I and a lot of other people don't have time to take the security precautions that are necessary for NFC. Apple kind of bubble wraps its users and when it comes to paying for stuff with my phone and that huge unknown, as of now, I'd prefer to be bubble wrapped and pay for stuff with a couple of highly secure taps. Even with voice or face recognition locks- things that can be accomplished in software, without standardizing hardware, it requires a certain locking down of the OS and negates a lot of the appeal of Android.
Yes
nookin said:
How about having the security yet not have to enter a PIN on a bright 5-inch screen in front of strangers?
Click to expand...
Click to collapse
You don't have to. Wallet allows setting the Wallet relock timeout to be as long as 24 hours.
IMHO Apple's implementation of Biometrics is the best so far. That, coupled with the ease of Apple pay makes it the most safe and elegant implementation so far. If nfc payments have to take off, this is the way to do it!
Sent from my Nexus 5 using Tapatalk
nookin said:
There is a reason the pin pad on check out line has a small barrier. People can see what you type from the side. I can easily see the pattern or the PIN other people use to unlock their phone from a distance because their screen is so large and bright. Well outside of their "personal space". This is because PIN entry has a dilemma, it must display the pin pad that the user can see and large enough for the user's fat finger to touch.
No one suggested authentication is not needed. Voice recognition is not the same as voice signature. Say, the phone can display a random word and you read it to the phone. The phone knows your voice. This is better than entering the same PIN over and over again.
Click to expand...
Click to collapse
What if the place you're using it in is very noisy or has a lot of background chatter? How will it be able to recognize your voice under those conditions? Also voice signature sounds a lot like something that would have an annoyingly high failure rate.
AppleCultApostate said:
What if the place you're using it in is very noisy or has a lot of background chatter? How will it be able to recognize your voice under those conditions? Also voice signature sounds a lot like something that would have an annoyingly high failure rate.
Click to expand...
Click to collapse
It is similar to what you do when voice dialing does not work. You can always fall back to PIN entry.
Entropy512 said:
You don't have to. Wallet allows setting the Wallet relock timeout to be as long as 24 hours.
Click to expand...
Click to collapse
That is a very bad workaround. You are essentially giving up security. It is like you are tired of using key to unlock a door that you decided to leave the door unlocked, for 24 hours.
I think you're all taking this security thing a little too seriously. I've been using paypass contactless credit card for years now, and I love that it doesn't need any authentication up to $20. Above that it needs the PIN. I think this is the way to go, fingerprint is not bad either.
Well that may be the case but you have to remember that nfc is still new technology. Android has been using if for years (android phones). In all of that time it took apple like 5 years to make a iphone that has specs even worth mentioning. Also android has google wallet a nfc payment system like apple pay. So really it comes down to who can have more features in the long run. On samsung phones theres samsung wallet and im pretty sure on the s5 it uses fingerprint as well.
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
greves1 said:
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
Click to expand...
Click to collapse
You can search that but might as wipe in the meantime. Get yourself a working phone.
bobby janow said:
You can search that but might as wipe in the meantime. Get yourself a working phone.
Click to expand...
Click to collapse
Thanks for the reply. Going through the post-wipe setup now. Grrrr. It's just that I entered the password a bunch of times, and it always worked. Just on reboot from recovery it didnt. Now I'm afraid to go back into twrp...
Anyone know if this could be caused by some android security feature that doesnt like systemless root, xposed, etc.
greves1 said:
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
Click to expand...
Click to collapse
I assume this is the same problem as the Nexus 6P. You need to disable the security before making a TWRP backup. The fix is:
After restoring the nandroid, boot into twrp and then delete /data/sytem/locksettings.db. If that doesn't fix it, delete the locksettings.db-shm and locksettings.db-wal in the same location. If that doesn't fix it either, delete gatekeeper.password.key and gatekeeper.pattern.key in the same location.
Click to expand...
Click to collapse
KennyG123 said:
I assume this is the same problem as the Nexus 6P. You need to disable the security before making a TWRP backup. The fix is:
Click to expand...
Click to collapse
Thanks for this fix. I'll keep it in mind next time. My broader question is now about security in general, since there seems to be a way to remove security from our roms?? For example, if someone got ahold of your phone, couldnt they just follow these steps to get in? Is this just a side-effect of unlocking the phone that is unavoidable? If I'm missing something about how to maintain security in the unlocked/rooted environment, please let me know. I've looked around but I haven't found any great guides for best practices regarding nandroids/security, etc. Thanks all!
greves1 said:
Thanks for this fix. I'll keep it in mind next time. My broader question is now about security in general, since there seems to be a way to remove security from our roms?? For example, if someone got ahold of your phone, couldnt they just follow these steps to get in? Is this just a side-effect of unlocking the phone that is unavoidable? If I'm missing something about how to maintain security in the unlocked/rooted environment, please let me know. I've looked around but I haven't found any great guides for best practices regarding nandroids/security, etc. Thanks all!
Click to expand...
Click to collapse
Rooting is in itself the biggest security risk. This is why carriers are working with manufacturers to make many phones fully locked and unrootable. Our main security expert Jcase does not use a rooted phone. He recommends if you need to root, go ahead, make the changes you want, then quickly unroot. So sure, if someone stole your phone they could follow that procedure to get into it. They could also just force a fresh stock version on it to wipe everything. Security and locks are meant to keep out honest people and slow down the dishonest.
KennyG123 said:
Rooting is in itself the biggest security risk. This is why carriers are working with manufacturers to make many phones fully locked and unrootable. Our main security expert Jcase does not use a rooted phone. He recommends if you need to root, go ahead, make the changes you want, then quickly unroot. So sure, if someone stole your phone they could follow that procedure to get into it. They could also just force a fresh stock version on it to wipe everything. Security and locks are meant to keep out honest people and slow down the dishonest.
Click to expand...
Click to collapse
Just so I'm clear, the only thing keeping a stock phone safe is that when its locked, it can't be unlocked/rooted because the option to allow oem unlocking/adb connections are not (or should not be) checked in the developer options, is that correct? From what you're saying, as long as those two boxes are checked, there is essentially nothing stopping someone from wiping out your password and getting into your device. I'd love to run unrooted, but would adaway still have an effect? I'm thinking that the definitions are already applied, so maybe it would work unrooted. But cf.lumen, which I love and can't find the same functionality anywhere else, seems to always "enable interactive shell" on boot. Would this work unrooted? But again, as long so you're doing all this stuff, you can't lock your bootloader again, can you? Or can you lock it on a stock rom with the kind of modifications I'm talking about. I read that locking bootloader while having a custom rom loaded can cause a brick, although I'm not quite sure why. Couldn't you just always get into fastboot to unlock it again?
greves1 said:
Just so I'm clear, the only thing keeping a stock phone safe is that when its locked, it can't be unlocked/rooted because the option to allow oem unlocking/adb connections are not (or should not be) checked in the developer options, is that correct? From what you're saying, as long as those two boxes are checked, there is essentially nothing stopping someone from wiping out your password and getting into your device. I'd love to run unrooted, but would adaway still have an effect? I'm thinking that the definitions are already applied, so maybe it would work unrooted. But cf.lumen, which I love and can't find the same functionality anywhere else, seems to always "enable interactive shell" on boot. Would this work unrooted? But again, as long so you're doing all this stuff, you can't lock your bootloader again, can you? Or can you lock it on a stock rom with the kind of modifications I'm talking about. I read that locking bootloader while having a custom rom loaded can cause a brick, although I'm not quite sure why. Couldn't you just always get into fastboot to unlock it again?
Click to expand...
Click to collapse
Pfew...so many questions...there are always vulnerabilities out there that hackers can find..like Stagefright...but a rooted phone is the most vulnerable. So having a phone with a locked bootloader and unrooted is the best security...still not guaranteed against every possible thing. But it is the best...now what are you trying to protect? Your data...or someone being able to wipe and use the phone as their own? All you can do really is try to protect from a phone being hacked remotely...and a rooted phone is like leaving the safe door open. But if someone steals your phone, there are always nefarious ways to make it usable.
KennyG123 said:
Pfew...so many questions...there are always vulnerabilities out there that hackers can find..like Stagefright...but a rooted phone is the most vulnerable. So having a phone with a locked bootloader and unrooted is the best security...still not guaranteed against every possible thing. But it is the best...now what are you trying to protect? Your data...or someone being able to wipe and use the phone as their own? All you can do really is try to protect from a phone being hacked remotely...and a rooted phone is like leaving the safe door open. But if someone steals your phone, there are always nefarious ways to make it usable.
Click to expand...
Click to collapse
Yeah, sorry for the wall of questions. I am just trying to wrap my head around some of these issues. At the end of the day, I don't really keep sensitive data on the phone, although it would not be good if a bad actor got into my gmail, for instance. I suppose I should migrate the last of my sensitive accounts to a secondary email, so no password resets could be initiated from a stolen phone. It's always a tradeoff between convenience and security I know. It's also a little worrysome that simply unlocking the phone activates it for androidpay. An unlocked phone stolen out of someone's hand is essentially the same as stealing all the credit cards in their wallet. It would be nice if android pay allowed an additional fingreprint/pin/password to make the transaction. Anyway, I'm now taking my own thread way off topic. Thanks for the insights though.
greves1 said:
Yeah, sorry for the wall of questions. I am just trying to wrap my head around some of these issues. At the end of the day, I don't really keep sensitive data on the phone, although it would not be good if a bad actor got into my gmail, for instance. I suppose I should migrate the last of my sensitive accounts to a secondary email, so no password resets could be initiated from a stolen phone. It's always a tradeoff between convenience and security I know. It's also a little worrysome that simply unlocking the phone activates it for androidpay. An unlocked phone stolen out of someone's hand is essentially the same as stealing all the credit cards in their wallet. It would be nice if android pay allowed an additional fingreprint/pin/password to make the transaction. Anyway, I'm now taking my own thread way off topic. Thanks for the insights though.
Click to expand...
Click to collapse
For most phones that have fingerprint security Android Pay can be set up that way. I won't use it anyway because it would be crazy to hand a waiter your unlocked phone, or to have to follow him to the register. It would only be useful to me in the supermarket but I am carrying a credit card anyway. But that is one thing people forget, rooting a phone means removing the main security.
KennyG123 said:
For most phones that have fingerprint security Android Pay can be set up that way. I won't use it anyway because it would be crazy to hand a waiter your unlocked phone, or to have to follow him to the register. It would only be useful to me in the supermarket but I am carrying a credit card anyway. But that is one thing people forget, rooting a phone means removing the main security.
Click to expand...
Click to collapse
N5X and android pay seems to tell me to just "unlock your phone" and hold it close to the reader. No need for an additional fingerprint. And no option to require this in settings...
greves1 said:
N5X and android pay seems to tell me to just "unlock your phone" and hold it close to the reader. No need for an additional fingerprint. And no option to require this in settings...
Click to expand...
Click to collapse
Yes, that should get you to the authorization screen and then if you have fingerprint set up should ask you for the fingerprint to authorize. Android Pay also now works on phones without fingerprint sensors so that is why they provide those simple instructions. Final authorization instructions will appear on your screen.
KennyG123 said:
Yes, that should get you to the authorization screen and then if you have fingerprint set up should ask you for the fingerprint to authorize. Android Pay also now works on phones without fingerprint sensors so that is why they provide those simple instructions. Final authorization instructions will appear on your screen.
Click to expand...
Click to collapse
Ah, great to know. Thanks.
greves1 said:
Ah, great to know. Thanks.
Click to expand...
Click to collapse
Unfortunately I can't test that theory since I am on a custom ROM and also Xposed. But everything I read says it should utilize the fingerprint if available.
KennyG123 said:
Unfortunately I can't test that theory since I am on a custom ROM and also Xposed. But everything I read says it should utilize the fingerprint if available.
Click to expand...
Click to collapse
Real word use shows that android pay does not ask for an additional fingerprint at the time of use. It's just as the instructions say, as long as your phone is unlocked at the time it is held up to the scanner, androidpay will work. I kind of wish they allowed for the additional security of an at-scan fingerprint read, but oh well. I have yet to test if the password/pin can be removed by the methods discussed in this thread, and androidpay working after defeating this security. If it does, then this is obviously a major security vulnerability of having an unlocked phone and using androidpay at the same time. Probably not more dangerous in terms of protecting against CC thieves, since they can just swipe a card stolen from your wallet at a terminal, but you probably wouldn't want to keep too many cards on your phone. Again, I haven't tested this out, if a fingerprint is still required to get in after a password database defeat, but someone should do this test.
If you have your phone lost or stolen just cancel your cards as if it happened to your wallet. Simple no?
I've always been a privacy advocate and been knowledgeable about those law that protect us. After finding out judges can compel you to use your fingerprints to unlock your phone but compel you to give your password to unlock your phone/ your information, I've been looking to see if you can combine the two. I haven't found any yet but I thought someone here might now.
Is there a way require both a fingerprint and password/pattern/pin to unlock your phone every time? Would I have to download an app or something else? Is this even possible without me doing the coding myself?
Thanks in advance to anyone who answers or offers advice on how to achieve this.
Google gives you the option when you set up on initial boot .:good:
Icon000 said:
I've always been a privacy advocate and been knowledgeable about those law that protect us. After finding out judges can compel you to use your fingerprints to unlock your phone but compel you to give your password to unlock your phone/ your information, I've been looking to see if you can combine the two. I haven't found any yet but I thought someone here might now.
Is there a way require both a fingerprint and password/pattern/pin to unlock your phone every time? Would I have to download an app or something else? Is this even possible without me doing the coding myself?
Thanks in advance to anyone who answers or offers advice on how to achieve this.
Click to expand...
Click to collapse
I wouldn't be at all worried about being ordered to unlock a device with the finger print for various reasons.
- 3 wrong attempts locks the device via password
- rebooting the devices forces a password entry
- every 48 hours the device will require a password entry
So as you see there's no way that anyone could be sure that your device will be unlockable with your fingerprint, and just because you have a fingerprint sensor doesn't mean you've set it up to unlock your device.
Even if you happen to suddenly find yourself in some dystopian universe with a big brother government somehow being able to prove you use the finger print sensor, it would be child's play to simply reboot the device (can even be done in your pocket without looking at the screen) or to use your wrong finger 3 times, or for 48 hours to pass, etc.
I really love this feature but if I lost my phone, could it easily be exploited?
if you unlocked bootloader and not encrypted, yes. very easy to exploiting your phone. if not, i do not know.
That really depends on a lot of factors like for example if your phone has an unlocked bootloader and not encrypted.
The 1+ face unlock feature is not that easy to fool but it is not impossible to fool. That being said, if someone tries to unlock your phone using a photo of you and it fails five times, it will then deactivate the feature and fallback to asking you for the passcode/pin that you registered. Five attempts won't give someone a easy chance of unlocking your phone using a photo of you, that is they have to know who you are and how you look like in order to get a photo to try and fool the system in the first place.
All in all, in most likelihood, the person who finds the phone will just wipe it and keep it for themselves, unless you programmed a very easy pin/password to unlock the phone, the average person will not go through all the hassle of trying to get into your info.
HueleSnaiL said:
That really depends on a lot of factors like for example if your phone has an unlocked bootloader and not encrypted.
The 1+ face unlock feature is not that easy to fool but it is not impossible to fool. That being said, if someone tries to unlock your phone using a photo of you and it fails five times, it will then deactivate the feature and fallback to asking you for the passcode/pin that you registered. Five attempts won't give someone a easy chance of unlocking your phone using a photo of you, that is they have to know who you are and how you look like in order to get a photo to try and fool the system in the first place.
All in all, in most likelihood, the person who finds the phone will just wipe it and keep it for themselves, unless you programmed a very easy pin/password to unlock the phone, the average person will not go through all the hassle of trying to get into your info.
Click to expand...
Click to collapse
Thanks, Are there known cases of face unlock being exploited?