alt Hacker NewsFeature request: Make it default behavior on phones that you can have multiple passwords, connected to different profiles. With no way to determine how many profiles a phone have.
I'm sure there's some people here working on mobile operating systems, might be worth considering?
Replies
Crypto wallets work like that. Put in a different password (in addition to the seed) and it's a different account, preferably with some chump change on it for plausibility.
Veracrypt e.g. has had this for a long time.
This whole PRC law (system) is designed to condemn already targeted individuals, there's no big difference if there's nothing on the phone. Chinese laws are specifically formulated in this pattern: "A, B, C, or at the discretion of the relevant authorities". Since there's no attorney-client privilege in PRC, once you're targeted, the "discretion" can always be found.
As others have pointed out this would likely not save you in this case, but there are some phones which do support this, and I know people in Brazil that use these features in order to be able to comply when getting mugged without giving away access to your bank etc.
Another feature request:
Allow the device user to create a different (duress) password, which when entered, will immediately wipe the phone without any secondary warnings. The user could then provide that password to the people who seized their device, and be in compliance with all laws, while maintaining information security.
Android has a "Private Space" feature. As far as I can tell it's only a single extra profile you can create, but I think you can keep it "hidden" (at least in as much as you can't tell if it's been created without unlocking it).
https://source.android.com/docs/security/features/private-sp...
Software isn't going to save you in this scenario. If you're worried about local laws violating your privacy then buy a burner and only put data on there that's necessary for your travels.
Genius.
"This profile doesn't have anything on it. Give us the password for the real profile."
Or even worse, you did give them the real password, but because your phone supports the feature and your profile is kind of barren, they don't believe you. Now you are in a very bad lose-lose situation.