Duress password QA testing
July 17, 2024•1,315 words
Currently no issues noted.
Duress wipe
- Tested with device: Pixel 6a
- No eSims on the device
- GrapheneOS keyboard with a Norwegian keyboard layout used unless otherwise noted
GrapheneOS 2024102000 (seventh release based on AOSP 15)
| Duress PIN | Duress PW | Wiped using | Wiped from | Wiped? | Comments |
|---|---|---|---|---|---|
| 849552 | Matrix is rated pegi18 in play | Duress PW | Unlock screen of Private Space after a device reboot | ✓ | English (US) keyboard layout |
| 854838 | schematic ethically | Duress PIN | Unlock screen of Private Space after a device reboot into Safe Mode | ✓ | English (US) keyboard layout |
| 2580 | xcancel | Duress PIN | Unlock screen of Private Space when opening a running Private Space instance of Vanadium, after having unlocked the device with the Owner credentials | ✓ | Private Space unlocked at the time. Private Space set to lock automatically "only after device restarts". |
GrapheneOS 2024051600 (first release based on AOSP QPR3)
| Duress PIN | Duress PW | Wiped using | Wiped from | Wiped? | Comments |
|---|---|---|---|---|---|
| 5478 | torrent-gaily-fuji-atheling-lucifer | Duress PW | Safe mode, from the lockscreen of a secondary profile that was created in a previous boot into safe mode. Profile not at rest. | ✓ | English keyboard layout. |
| 314159 | 3.14159 | Duress PIN | Lockscreen of Owner, AFU. | ✓ | Accessibility settings set to max. display and font size. |
| 314159 | 3.14159&@ | Duress PW | Settings > Network & internet > Internet > [network name] > QR share | ✓ | Heliboard, Norwegian keyboard layout (duress password set and entered into QR share credential screen with Heliboard).\n\nAccessibility settings set to max. display and font size. |
GrapheneOS 2024060500
| Duress PIN | Duress PW | Wiped using | Wiped from | Wiped? | Comments |
|---|---|---|---|---|---|
| 1337 | puppy unrolled the toilet paper roll | Duress PW | Lockscreen of Owner, BFU. | ✓ | Duress PW entered with a physical keyboard.\n\nEnglish keyboard layout. |
GrapheneOS 2024060400
| Duress PIN | Duress PW | Wiped using | Wiped from | Wiped? | Comments |
|---|---|---|---|---|---|
| 2134 | sandpit passage grope backup jaywalker unkind collapse confined | Duress PW | Safe mode. Lockscreen, BFU. | ✓ | English keyboard layout. |
| 1234 | ********** | Duress PW | Lockscreen of Owner, AFU. | ✓ | English keyboard layout.\nDuress PW literally all asterisks. |
GrapheneOS 2024053100
| Duress PIN | Duress PW | Wiped using | Wiped from | Wiped? | Comments |
|---|---|---|---|---|---|
| 2580 | matrix is p**p | Duress PW | The lockscreen of a secondary profile. | ✓ | Backup restored from Seedvault prior to wiping. |
| 78956242 | mothercool! | Duress PIN | Settings > Security > Fingerprint. PIN confirmation screen. | ✓ | |
| 1337 | MATRIX has p00r moderation tools (uncomfortable truth). | Duress PW | Vanadium: unlock screen for locked incognito tabs. | ✓ | English keyboard layout. |
| 4567 | carpool majesty semisweet ashen buckwheat pentagram umbilical | Duress PW | Owner lockscreen, AFU. | ✓ | USB stick plugged in.\nEnglish keyboard layout. |
| 4727363 | Graphene0s | Duress PIN | Guest user lockscreen, AFU. | ✓ | |
| 2580 | matrix is p**p | Duress PW | The setup wizard during the creation of a secondary profile. Created an unlock PW and set it to the same as the duress PW. | No. | Intended behaviour. If the unlock PIN/PW is set to the same as the duress PIN/PW, the unlock PIN/PW takes precedence. Confirmed by a dev on Discord. |
| 123456 | GRAPHENE@#$%&-+()*"':;!? | Duress PW | Lockscreen, BFU. | ✓ | |
| 123456 | This is a passphrase with 128 charactersThis is a passphrase with 128 charactersThis is a passphrase with 128 characters12345678 | Duress PW | Owner lockscreen, AFU. | ✓ | |
| 1234 | screwyou | Duress PW | FIDO2 security key PIN prompt | No. | Intended behaviour. This is not a screen where you are asked for your GrapheneOS device credentials, only the credentials of your security key. |
| 62442 | 62442 | Duress PIN | Settings > About phone > Tap build number repeatedly. PIN confirmation screen. | ✓ | |
| 1337 | ~` | <>.,={} | Duress PW | Lockscreen of an at-rest secondary profile. | ✓ |
| 226262 | banana | Duress PIN | Signal's unlock screen (which provides a device credential lockscreen). | ✓ | |
| 4321 | Pantry0-Rejoicing2-Subtotal5 | Duress PW | Secondary profile. Bitwarden Authenticator's unlock screen (which provides a device credential lockscreen). | ✓ | Backup restored from Seedvault prior to wiping. |
| 1337584 | 1337584 | Duress PIN | From the lockscreen booted into safe mode, BFU. | ✓ | English keyboard layout. |
| 1337 | hotel abundant dog | Duress PW | From the lockscreen booted into safe mode, BFU. | ✓ | English keyboard layout. |
| 256710 | advanced attacker | Duress PIN | From the lockscreen of a secondary profile not at rest, with phone booted into safe mode. | ✓ | English keyboard layout. |
Setup UI – GrapheneOS 2024053100
Tested with device: Pixel 8. And duress input fields on a Pixel 6a.
Relevant UI: Settings > Security > Duress password
✓ = all good
- Clear feature description ✓
- No typos observed ✓
- Locking device while viewing the UI: unlocking skips back to the Security section ✓
- Switching from the UI to a different app and then back to the UI skips back to the Security section ✓
- Screenshotting the UI is blocked ✓
- Attempting to screenshot using the app switcher overview skips back to the Security section ✓
- Attempting to screenshot with Power + volume down does not skip back to the Security section. Can't see how this is an actual issue. ✓ Comment by a dev: muhomorr — Today at 3:39 PMAttempting to screenshot with Power + volume down does NOT skip back to the Security section.[3:39 PM] It's same behavior as with regular PIN/password [3:40 PM] Screen contents are blacked out
- Password input fields correctly recognized as such by Gboard, which disables its swiping and autocorrect features ✓
- No password manager autofill prompt shown when Duress password entry field is selected. Keyboard: Gboard. ✓
- The 'Paste' option is not shown when pressing on the duress input field. Forces the user to enter the password manually. ✓
- Gboard: if text is copied to the clipboard, Gboard allows the user to paste the text into the duress password field. However, this is only possible once, so can only be pasted into one of the fields. The user will have to confirm the password by entering it manually in the remaining input field. ✓
- Gboard: shows a 'Scan password' button when Duress password field is selected. Unclear what implications this has. Probably a new Gboard feature which GrapheneOS is unlikely to be able to control. But the feature doesn't appear to actually work: shows the text 'Failed to scan'. ✓
Notes to self:
The warning label texts in the duress PIN and PW fields are localized. Sourced from AOSP?
Special characters not allowed, in addition to locale-specific ones such as æøå: «»•√π÷ק∆°©®