Some questions about these features, generally and in /e/ OS:
Fingerprint
According to the Google documentation on Pixel, fingerprint data is only stored locally, encrypted in the most secure storage location, and this cannot be altered even with root (superuser) permission. There are also guidelines on the AOSP page for biometrics that I am having trouble parsing, but seem to say the same thing. My questions are these:
Is this all implemented in open-source, so that it can be/has been verified?
The guidelines say that “Fingerprint data must be removed from the device when a user is removed” – does this imply that you have to remove the user in order to remove fingerprint data, or can you wipe that data once you’ve added it?
Emergency information
Given all the available information about the fingerprint feature, I’m surprised how little there is on the emergency informaiton feature. Yes, this information is designed to be seen by the general population in a narrow range of emergency cases, but it is still information that under normal circumstances should be kept private. So my questions here are:
Is this data stored only on the phone, or can it be sent over the a network?
Is the security of this data also auditable (verifiable due to being open-source)
Sorry to artificially bump this back up, but maybe I originally posted it at a bad time? I mean no one even heckled me? TLDR? If no one in the community has any information on this, how about at e? @Manoj ?
Checked with the build team reg this. The response is …
For newer phones, the fingerprint is stored under “TEE” (Trusted Execution Environment). For rest, it’s under data/ for each user in the device. It might vary depending on device, and it involves proprietary fingerprint drivers.
Emergency information is stored in an app called EmergencyInfo. You can find more details here platform/packages/apps/EmergencyInfo - Git at Google
/e/OS does not make any changes to this implementation.
Fingerprint drivers and how it’s stored depends on the manufacturer, we don’t touch it. Also, the user will not be able to modify it
Thanks, Manoj! This is great to know. Looking at EmergencyInfo using ClassyShark to see if it communicated with any trackers, and it’s not showing any trackers or network activity by the app at all, so that’s good.
With respect to security of the fingerprint data, in addition to the degree of protection of that data from hacking, people should also be aware that recent court cases have upheld law-enforcement’s ability to force you to use your biometric data to unlock devices. So just be aware of that.
If relevant country laws require it I guess vendors or developers will not have much of an option to resist. The alternative would be to cease operations in that country.
My intent was not necessarily to judge the rightness or wrongness of law enforcement officers compelling the use of biometric data. While I don’t like the precedent of it being used for accessing phones or other electronic devices without consent, there is clearly an argument to be made for it, and a low-tech precedent in the form of fingerprinting criminals. I just think that someone engaging in civil disobedience, or in other activities that could make them subject to harassment by law enforcement, should think twice before using biometrics to secure their devices at all. It is at least still illegal in the US for police to compel you to reveal a password, so that is probably a better alternative.
