Some questions about these features, generally and in /e/ OS:
According to the Google documentation on Pixel, fingerprint data is only stored locally, encrypted in the most secure storage location, and this cannot be altered even with root (superuser) permission. There are also guidelines on the AOSP page for biometrics that I am having trouble parsing, but seem to say the same thing. My questions are these:
- Is this all implemented in open-source, so that it can be/has been verified?
- The guidelines say that “Fingerprint data must be removed from the device when a user is removed” – does this imply that you have to remove the user in order to remove fingerprint data, or can you wipe that data once you’ve added it?
Given all the available information about the fingerprint feature, I’m surprised how little there is on the emergency informaiton feature. Yes, this information is designed to be seen by the general population in a narrow range of emergency cases, but it is still information that under normal circumstances should be kept private. So my questions here are:
- Is this data stored only on the phone, or can it be sent over the a network?
- Is the security of this data also auditable (verifiable due to being open-source)