Calvin Wankhede / Android Authority
From two-factor authentication codes to conversations and photos, our phones contain a ton of sensitive data these days. We rely on PINs and biometrics for daily security, but I shudder to think what would happen if that data landed in the wrong hands. And while Android is secure enough against remote attacks and malware these days, what if I’m forced to unlock my phone and hand it over? GrapheneOS, the privacy-focused Android fork, offers a rare solution to this hypothetical: the ability to set a duress PIN or secondary password that wipes your device clean and leaves no trace of your presence.
I’ve had a duress PIN set up on my phone for a while now. While it’s not something I hope to ever need, knowing it’s there gives me peace of mind. And even though I don’t think Google will add a feature as extreme as this one to stock Android, I can definitely see a use-case for a less extreme implementation. Here’s why.
The duress PIN: What it is and why it matters
Calvin Wankhede / Android Authority
Most devices will lock you out after too many failed unlock attempts. But that doesn’t mean your data is safe — what if you’re forced to give up your password or the attacker guesses your PIN? This is where GrapheneOS’ duress PIN flips the dynamic: it lets you set an alternate PIN or password that instantly triggers a silent and irreversible factory reset in the background.
The duress PIN doesn’t give you a second chance and will trigger anywhere you enter it: on the lockscreen, while enabling Developer options, or even while unlocking an app that requests authentication. And unlike a regular factory reset, a duress PIN will erase all encryption keys and your phone’s eSIM partition as well. This makes it impossible for an attacker to access my data just by having physical possession of your device and knowledge of the PIN.
I think the real strength of GrapheneOS’ duress PIN lies in its subtlety. There are no confirmation prompts, no announcements, and no obvious signs that the wipe was intentional on your part. Of course, GrapheneOS is no longer a fringe operating system these days — it has even attracted the ire of law enforcement in some jurisdictions. In other words, a professional attacker might be aware of the existence of a duress PIN. But if you can enter it quickly enough, it achieves its intended effect: no data can be lifted from your phone.
Why I use a duress PIN
Mishaal Rahman / Android Authority Old vs new lock screen PIN entry screen UI in Android
... continue reading