Panic should have an option to disable biometrics

[micah]

Many people insist on using biometrics for unlocking their phones. This is not a good security practice because it can be used to unlock your phone by an adversary. Nevertheless, many people insist on continuing to use it. For those who do, it would be good to have the panic mode disable biometrics, and revert to the pattern/password unlock method to protect them.

[dkg]

fwiw, biometrics can be a good security practice if they are used in concert with a strong password. That is, going from a password of "1234" (convenient but weak) and no biometric unlock to a password of "correct horse battery staple" (strong but inconvenient) and using a biometric unlock to regain some convenience is a security improvement. But only if it's possible to rapidly disable biometric unlock.

[chirayudesai]

Android has a built-in lockdown feature since Pie 0, which does something similar, and some more.

This can be triggered by device admin 1, couldn't find any other less intrusive method.

Lockdown is akin to rebooting the device and then not entering your password even once (though not completely the same I think)

Edit: just noticed https://github.com/guardianproject/ripple/issues/11

[chirayudesai]

There's another device admin API, which can be used to set the timeout: 0

And another to disable biometrics completely 1, which would be more suitable here.