1

Imagine a malicious actor has gotten a hold of your phone and is torturing you to find out the password. You very much do not want him to get access to your data. You could tell him a wrong password several times to trigger a data wipe. I am trying to improve this strategy.

Is it possible somehow to make a specific digit combination into an anti-password that will trigger data wipe immediately? I have seen the Device Admin API, which lets you change password policies and wipe device data, but I did not find how to do what I want.

Janvi Vyas
  • 732
  • 5
  • 16
Viktoriya Malyasova
  • 1,343
  • 1
  • 11
  • 25

1 Answers1

0

There is a watch login policy you can declare

<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
    <uses-policies>
        <watch-login />
        ...

It allows you to implement the DeviceAdminReceiver.onPasswordFailed() callback.

Unfortunately I'm pretty sure there is no way to know what the wrong password was. I think it would be very strange to allow an application (even a device admin) to access something that may be very close to the real password. Besides, it may not be a text password (e.g. a pattern)

Another option would be to implement a custom lock screen with separate passwords triggering different actions, but as far as I know it is not possible to replace the system keyguard.

bwt
  • 17,292
  • 1
  • 42
  • 60