From Google Nexus teamJust put it into my Nexus. Does Google store this stuff on their server somewhere? Also what are the chances that some exploit is released and sends my fingerprint back to some Russian hacker? :\
You can also have a choice not to use fingerprint scanner if you don't want to.Fingerprint features are securely encrypted on the device, and processed in the secure Trustzone protected area of memory. The Android 6.0 fingerprint APIs do not provide any access to the fingerprint material to apps. Fingerprint features never leave the device and are not shared with Google (so for example if you setup a new phone, you need to re-enroll your fingers). If your phone is ever lost or stolen you can easily find, lock, and erase your phone using Android Device Manager.
Just put it into my Nexus. Does Google store this stuff on their server somewhere? Also what are the chances that some exploit is released and sends my fingerprint back to some Russian hacker? :\
Just put it into my Nexus. Does Google store this stuff on their server somewhere? Also what are the chances that some exploit is released and sends my fingerprint back to some Russian hacker? :\
Don't think I have been, unless in my sleep.Well, if you ever get or have been fingerprinted by our government, the Chinese and Russians probably have your fingerprints, credit card info, waist size, Netflix queue, and Amazon orders all documented already.
Don't think I have been, unless in my sleep.
When I set up the fingerprint scanner on my phone, it told me that my fingerprint might be less secure than using a PIN number password.
Don't think I have been, unless in my sleep.
When I set up the fingerprint scanner on my phone, it told me that my fingerprint might be less secure than using a PIN number password.
That's because someone could get your print off of something you touch and make a fake print that the device would recognize. Also you can be legally forced to unlock your device using your fingerprint so they could access it that way, but even if they could legally compel you to have to give up your password good luck on them being able to pull it out of your brain (at least right now) if you don't comply.
Basically its there to cover their butts legally. But then a PIN I think is actually fairly hackable so it might would be less secure overall as to get your print they'll need your finger or a really good pic of it or a pic of your print.
I think I read that someone cracked the android encryption, with 4 number PIN, in less than an hour. And since you have to use the PIN as the encryption key it would be a PIA to have a 12+ letter key.
I don't like loosing the 5th amendment protection by using the fingerprint, but goddamn it's convenient. And since the cops could clone and crack my encryption in an hour anyway (if I refused to give the PIN) I'm not sure it's worth worrying about.
Plus I'm white so chances the cops will search me are small.
Also what are the chances that some exploit is released and sends my fingerprint back to some Russian hacker? :\
I think I read that someone cracked the android encryption, with 4 number PIN, in less than an hour. And since you have to use the PIN as the encryption key it would be a PIA to have a 12+ letter key.
That would be kind of cool because when the Illuminati got my prints they would be like "whoa, weird" and invite me to come to their lair and then I could meet Sean Penn.Not to worry. Your fingerprints are promptly forwarded from Google and onto the Illuminatis' database before being wiped completely from google's servers.
Google does not keep your fingerprint.
I use a long passkey and fingerprint unlock. In the event you are pulled over or anticipate a situation where you might be searched, reboot your phone. That makes entering the passkey a requirement. That way you get the convenience of fingerprint unlock, and the security of a long passkey.
Here's some info: http://resources.infosecinstitute.com/understanding-disk-encryption-android-ios/Source please.
I use a long passkey and fingerprint unlock. In the event you are pulled over or anticipate a situation where you might be searched, reboot your phone. That makes entering the passkey a requirement. That way you get the convenience of fingerprint unlock, and the security of a long passkey.
That's a good idea. I set that up now; fingerprint and a 5 letter password. Turns out password is much harder to do fast since the keys are so much smaller, but works ok.
But if I'm pulled over and want to record police brutality on my phone it's now off. hmm, choices. Although if I'm the one being brutalized I doubt I can record anything anyway..
I do wish there was a button on the unlock screen like for Smart lock that will instantly lock it and force the use of the pass/PIN to open again.
I used to use an app called screen off and lock, and bound it to the double tap screen gesture in Nova Launcher. However, on my Nexus 6P I noticed that when I did this, if I tried to unlock the phone with my fingerprint it would require the pattern to actually unlock.
So whatever the reason is that's causing this on my Nexus 6P (maybe it's a Marshmallow thing), looks like it can be used to do what IeraseU was talking about. I can fingerprint unlock my phone like usual, but when I want to require a pattern unlock I can just do the double tap gesture (also Nova Launcher now has screen lock as a built in option).
Here's some info: http://resources.infosecinstitute.com/understanding-disk-encryption-android-ios/
Well the old Android encryption pre-5.0 was purely based on your lockscreen password, so yes in most cases that was a 4 digit PIN and can get easily hacked.
Google put in some software protections so you can't brute force that fast, but even if you force the software to limit you to 1 try per second or minute, that's not very long to try all 10,000 combos. Furthermore, with some skill supposedly you can brute force it all on a faster device.
With iOS, you're tied to the secure enclave, so the brute forcing actually has to be done on the device. Maybe you can transplant chips, but its a significantly harder process.
Anyhow, Google's done some upgrades since 5.0, but honestly the whole process is still meh at best as a lot of it is software based and just taking advantage of some ARMv8 extensions.