Security of "Fingerprint" and "Emergency information" features

Some questions about these features, generally and in /e/ OS:

Fingerprint
According to the Google documentation on Pixel, fingerprint data is only stored locally, encrypted in the most secure storage location, and this cannot be altered even with root (superuser) permission. There are also guidelines on the AOSP page for biometrics that I am having trouble parsing, but seem to say the same thing. My questions are these:

  1. Is this all implemented in open-source, so that it can be/has been verified?
  2. The guidelines say that “Fingerprint data must be removed from the device when a user is removed” – does this imply that you have to remove the user in order to remove fingerprint data, or can you wipe that data once you’ve added it?

Emergency information
Given all the available information about the fingerprint feature, I’m surprised how little there is on the emergency informaiton feature. Yes, this information is designed to be seen by the general population in a narrow range of emergency cases, but it is still information that under normal circumstances should be kept private. So my questions here are:

  1. Is this data stored only on the phone, or can it be sent over the a network?
  2. Is the security of this data also auditable (verifiable due to being open-source)

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

1 Like

[crickets]

Sorry to artificially bump this back up, but maybe I originally posted it at a bad time? I mean no one even heckled me? TLDR? If no one in the community has any information on this, how about at e? @Manoj ?

2 Likes

very reasonable question. I’m another one who’d be thankful for the answer

1 Like