
Google “wontfix” a “panic pin code to wipe device” issue in Android - develop7
https://issuetracker.google.com/issues/121372590#comment9
======
brianwawok
How come this is worth talking about?

I am a real small dude that runs a real small SaaS app for a living, but I
won't fix 1-2 customer requests a week. I don't do it for fun, and I know they
are really important to the user that asked for them. But at some point you
have to have vision for the direction of a product, and build features for
that product that get you in that direction.

Some PM at Google decided that a panic PIN was not worth coding. I am guessing
they say all the bad cases of it (my toddler typed 1234 and my phone bricked),
and decided they would outweigh the good features. It seems a reasonable
decision?

Does apple have a panic PIN? If so, I am not aware of it...

~~~
m463
If you hold power + volume up on an iPhone for a couple seconds it disables
biometric unlock. It flushes the unlock keys and only your pin will unlock the
phone.

In other words power + volume up means the key to unlock your phone is in your
head, not at the end of your finger or your face.

Apple does not have a panic wipe pin.

Personally I think a wipe pin is reasonable, just be VERY sure you don't type
the wrong pin in by mistake.

Also, I wonder... would it even work? How long would it take to wipe 64gb or
128gb of flash? securely?

~~~
geofft
> _In other words power + volume up means the key to unlock your phone is in
> your head, not at the end of your finger or your face._

That's not relevant to the specific request that was linked here (and that's
why I think Google was right to close it, this is for one very specific use
case and one very specific mechanism of solving it that may or may not
actually work):

" _In my country (Russia, if you interested) policy try to force political
activist unlock their smartphones for collect more evidence. They use tortures
and threats of tortures for this. If you you can`t unlock because it wiped
they don`t have motivation to use tortures._ "

That is, the phone _already_ doesn't have biometric auth, and the police will
(allegedly) happily torture you until you reveal the unlock PIN.

~~~
m463
> That's not relevant to the specific request that was linked here

Sort of accurate. The "in your head" part is mostly relevant to the United
States 5th amendment, where you cannot be compelled by the court to reveal
your pin.

So if you live in the United States, they are similar in practical if not
technical terms.

If you live in Russia? You're going to need google to fix that.

------
deadmutex
Misleading title? This was a feature request which the team feels like is
obsolete. The title makes it seem like it was some buggy piece of code they
decided to leave as-is.

Disclosure: I work at Google, but my views are my own.

~~~
strbean
Any notion why this would be obsolete?

~~~
thewisenerd
I think the "obselete" part is the issue being open from 2018.

@ parent, it doesn't really seem like the title is "misleading" given we know
the feature does not exist. although some might wonder if it did, so /shrug.

~~~
strbean
I suppose I understand, but don't they have a more descriptive tag, like
"stale"?

------
ceautery
I can't imagine Google ever implementing that feature request. Apple had a PR
nightmare after not unlocking a phone. Imagine the fallout if Google made it
easy to quickly hide evidence from the authorities. It would be a legal and PR
disaster, with the risk of having oppressive governments ban all Android
devices.

------
geofft
This is a surprising threat model:

> _It would be great to have the possibility to set second pin code which wipe
> your device without confirmations. [...] In my country (Russia, if you
> interested) policy try to force political activist unlock their smartphones
> for collect more evidence. They use tortures and threats of tortures for
> this. If you you can 't unlock because it wiped they don't have motivation
> to use tortures._

My mental model of law enforcement in the US is that they don't become _less_
inclined towards illegal violence if you anger them. If anything, I'd expect a
"clear this subset of data, but go ahead and unlock the phone anyway so it
looks normal" feature to be more useful.

(So I guess I think that this feature request needs more detail/discussion in
order to be useful.)

------
tialaramex
A Microsoft employee (Eric Gunnerson?) wrote that every feature starts with
minus 100 points. I can't link that claim because Microsoft periodically
decides it's now a hip exciting new company and throws away things that made
it relevant. In 1995 it didn't surprise me that Microsoft didn't "get" the
Web, but in 2020 it does seem kinda crazy that they still don't get it.

What Eric meant is, implementing features isn't a coin toss decision. The
effort of adding even the very simplest feature, and then testing it, and
documenting it, and supporting it, is enormous, so all of that weighs against
any potential feature from the outset. If your feature should go on the list
that's because it scores "plus 100 points" against those considerations.

------
rubber_duck
This sounds like a decent project for a student that could be contributed to
something like Lineage OS.

------
thewisenerd
note: I don't even dabble, and getting my info from [1] so _salt_

with Qualcomm, if I'm not wrong, it should suffice to, with FDE,
(transparently, on entry of pin), nuke the DEK (random key generated by
Keymaster), and force a device reset; this does seem like an interesting
usecase for custom firmware and/or magisk

[1] [http://bits-please.blogspot.com/2016/06/extracting-
qualcomms...](http://bits-please.blogspot.com/2016/06/extracting-qualcomms-
keymaster-keys.html)

albeit, if this does end up being implemented in some manner, wouldn't the
fallback be a "confiscate electronic devices first for forensic" approach?

------
mcstafford
It's misleading to suggest they won't fix an identified bug, as opposed to
declining a feature request.

------
WillDaSilva
Seems like an extremely easy feature to add. A question I'm left with is what
possible reasons could they have for not wanting to implement this?

~~~
brianwawok
There are literally MILLIONS of easy features you can think up for an android
phone.

How deep do you want menus to go? Do menus 10-15 levels deep really help the
end user?

