Apps are easier, and they can design the app so they they query a list of all your other apps. They’ll know if you used any encrypted messaging apps, so later they know to search your chat logs and you cannot have plausible deniability, since they’ll know which exact apps you used (unless you use a second phone for your encrypted messaging apps).
If they make it mandatory, using a flip phone is gonna be breaking the law.
Edit:
Article says:
Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information:
Residence location
Fingerprint
Face photograph
Real-time geo-location monitoring
I think they are trying to verify that you actually have your phone with you, not just handing it to someone else and then sneak into a protest to create an alibi.
I speculate they will eventually randonly ping your phone and you’re expected to tap the notification to verify you are indeed the person holding the phone via facial recognition. Like a “check-in” with a probation officer type of thing.
How would they gain your fingerprint? I didn’t think iOS or Android actually passed that on to apps I thought the OS handled biometric authentication and just informed the app that the fingerprint matched?
“Предложенной депутатами поправкой для иностранных граждан вводится:
📍 обязательная регистрация по месту нахождения;
📍 дактилоскопия;
📍 биометрическое фотографирование;
📍 мониторинг геолокации абонентских устройств.” Or “The amendment proposed by the deputies introduces for foreign citizens:
📍 mandatory registration at the place of residence;
📍 fingerprinting;
📍 biometric photography;
📍 monitoring of the geolocation of subscriber devices.”
it will just be collected throught immigration police not just throught the app.
Yes but the fingerprint wouldn’t match would it so they don’t actually have to see your fingerprint they just need to get the error back from the phone OS
Changing the database of fingerprints can, if the app is properly configured, erase any “unlock token” stored on the phone.
I just tested this with KeepassDX on android. I deleted and re-added a fingerprint, the database that I had a fingerprint setup had relocked itself requiring the full password to be typed.
Why do they need an app instead of just using cell tower data? I guess you just take a flip phone then.
Apps are easier, and they can design the app so they they query a list of all your other apps. They’ll know if you used any encrypted messaging apps, so later they know to search your chat logs and you cannot have plausible deniability, since they’ll know which exact apps you used (unless you use a second phone for your encrypted messaging apps).
If they make it mandatory, using a flip phone is gonna be breaking the law.
Edit:
Article says:
I think they are trying to verify that you actually have your phone with you, not just handing it to someone else and then sneak into a protest to create an alibi.
I speculate they will eventually randonly ping your phone and you’re expected to tap the notification to verify you are indeed the person holding the phone via facial recognition. Like a “check-in” with a probation officer type of thing.
How would they gain your fingerprint? I didn’t think iOS or Android actually passed that on to apps I thought the OS handled biometric authentication and just informed the app that the fingerprint matched?
Looking original in telegram:
Tap for spoiler
“Предложенной депутатами поправкой для иностранных граждан вводится: 📍 обязательная регистрация по месту нахождения; 📍 дактилоскопия; 📍 биометрическое фотографирование; 📍 мониторинг геолокации абонентских устройств.” Or “The amendment proposed by the deputies introduces for foreign citizens: 📍 mandatory registration at the place of residence; 📍 fingerprinting; 📍 biometric photography; 📍 monitoring of the geolocation of subscriber devices.”
it will just be collected throught immigration police not just throught the app.
zero day exploits?
Yes but the fingerprint wouldn’t match would it so they don’t actually have to see your fingerprint they just need to get the error back from the phone OS
Nothing stopping an exta fingerprint being registered though…
Changing the database of fingerprints can, if the app is properly configured, erase any “unlock token” stored on the phone.
I just tested this with KeepassDX on android. I deleted and re-added a fingerprint, the database that I had a fingerprint setup had relocked itself requiring the full password to be typed.
Interesting, didn’t know that. Do you think that different enough from a timeout / reboot requirement of code? Could the app tell?
Holy shit, this is insane. No sane person would put up with this