Sounds really cool, but I'm not sure what problem it actually solves. Typical ATM robbery today probably ends with the cash coming out of the machine and the robber running away, hopefully without injuring or killing their victim. Victim calls police, they take a report, get the video from the ATM cam, bank refunds the stolen cash, done.
In the scenario that you're proposing, the only advantage is that police are called about 30 seconds sooner. But my guess is that in the vast majority of cities in the US, that 30 seconds won't be enough to catch the criminals.
Not to mention that if this became widespread (and therefore known) you've now given the victim a crude weapon that the robber may feel warrants more violence to convince the victim that they better not type in their duress code.
That would be an excellent idea in countries where people are taken hostage to empty out their bank accounts overnight to get the maximum withdrawal over 2 days.
I think the double-PIN makes sense in the ATM case (because you don't want to alert the robber to your scheme), but in the phone case I think multiple PINs is far too complex.
Why not just have e.g. "swipe left to unlock to guest mode" or something similar? Then you can still have it be locked, but with the same old PIN; it will be far more attractive to users.
I used to intern at a company that manufactured credit cards. If I recall correctly, this actually is in place in South American countries. Due to relatively low fraud rates, credit and debit card security in the US is far behind the rest of the world.
Edit: Somewhat replying to a sibling comment. In countries with less effective police, they originally put withdrawal limits on the cards, but this just caused muggers to hold their victims until the victim's account was drained.
Further Edit: I couldn't find any online sources for this information, so I could be remembering incorrectly.
Seems to me a better idea is that you put in a code, which locks your account for a few hours and displays a "this ATM is broken" message, taking it offline for a few mins.
I would forget the emergency pin. Maybe if they recognized a backward PIN, but I would probably be so flustered while being mugged that I couldn't enter it backward.
Diebold ATMs could be configured to send a "distress signal" when their safe was opened and the last number of the combination lock was off by 1. The option was off by default, because it required additional hardware hook-up (for the signaling), but it was there.
Several of the PIN-activated access control systems I've used have a similar concept, usually called a duress code or such. Your normal PIN would be 1234 but if you are being forced to enter under duress you put in 1235, and a silent alarm is set off.
It's a nice idea but wouldn't work in practice. If the "help" PIN is always 1 higher then there would be too many false alarms due to pressing the wrong button. Or if the "help" PIN is totally different then victims will forget under stress.
I work for a tablet manufacturer, and I spoke to an Android product manager at I/O last year about this.
According to him, this is a feature that pops up once in awhile, but they have a long list of stuff to do and this is just one of those things that always gets bumped out.
From my perspective as a platform dev, I'd like to get into some of the technical problems with changing this, but I could end up breaking some NDAs or something. I'll just say, when you start mucking around with adding login code, file system changes, and the current dmcrypt encryption, you hit lots of fun design problems.
> I'm more bewildered to why no tablets seem to have multi-user functionality.
That's the first thing I wondered about when Apple released the ipad: from the start, this looked like a family/eminently shareable device (and within a month you had reports of it being used as a shared family device, picked and left on the living room table for quick sessions of browsing or game), it felt weird that all the tablets were single-user, and the more time passes the weirder it is.
Their approach is targeted at kids though, I'd love to see someone tackle the general purpose approach.
Sounds like a great project for someone with a lot of free time. I rememeber hearing that the guy who came up with what is currently the ios notification style was hired by Apple after his jailbroken hack.
The void is wide open for someone to solve this well and be rewarded for it
I have heard many, many times from parents whose kids play with their iPhones, iPads, etc. that they would like to have this mode where only the current app is active, WiFi is disabled, etc. Kids are quick to figure out how to buy extra stuff from within the app.
Because dealing with multiple profiles and/or different profile types is a fucking huge giant pain the ass and a monumental amount of work! Xbox has local, guest, live silver, and live gold accounts. Dealing with all the different profiles and switching between is a nightmare. Urgh, no thanks.
At least two of the three most prominent smart phone roms are backed by operating systems that have long histories of (more or less successful) profile switching. It might in fact be a difficult problem, but it's one that has serviceable solutions and has for some time.
IOS is really a stripped-down Unix-variant (BSD). You know, Unix, the world's most ubiquitous operating system, that supports multiple user accounts out of the box.
That looks like a completely different issue... Are the local, live silver and live gold account all yours? If they are, that does look like a nightmare...
It's for different people, not for you that an account should be created. I also would like that in all the *pads. I'd like to split the history and logins of each person using my touchpad. It's a mess when 2+ people start using it.
The "two PINs" idea would also be great for when a police officer pulls you over and asks you to hand over and unlock your phone. With the proper encryption you could even have plausible deniability.
Haven't people suggested this with regards to TrueCrypt's hidden volumes, with "rubber-hose cryptography" being the most common answer, and "yeah, well, prove that this is your REAL phone unlock code" being the second most common.
This is also why any app that handles sensitive information (including, arguably, the photo and video galleries) on a phone should have at least the _option_ to set an in-app PIN that's required before it opens up.
Lots of folks hand their smartphone to their kids to play games and even if there's nothing sensitive on there, they might have things they don't want deleted like treasured photos and videos.
Hell, I'd be happy if iOS had a way to lock down the Springboard so my kids can't screw up my home screen every time they get their hands on a device. Does anyone else come back to find all their apps dragged into countless random folders?
At work we're required to have a PIN lock on our phones if we have our email or calendar synced to it. Majorly inconvenient to have a system-wide lock, why not just give the option to set a PIN before the email accounts can be opened?
there are at least a few big companies already doing virtualization with android to separate business and personal modes so that corporate email and other apps can be quarantined off with a secure password, leaving personal email and games to run in a separate environment that may not require as much security to unlock.
presumably the same technology could be used to provide "normal" and guest environments.
I'd benefit from a "Driving Mode" on my phone. If John, Rachel, or Stan calls, auto-text them: "I'm driving, can't talk". Everyone else goes straight to voicemail. If they send me a text within 5 minutes of that call (must be serious), make the font huge so I can read it in .5 seconds on my console. Hide all other texts.
I'd like to be truly responsible and just turn my phone off, but I don't to allow for those few times when there actually is something important.
HTC Sense has something called modes - which allow you to put your phone in profiles that switch data off, or the keyboard off, etc.
They recently acquired Inquisitive Minds for a "kids mode" (http://www.androidguys.com/2011/10/18/htc-acquires-inquisiti...) which is pretty much guest mode.
Web browsers have been around since 92, first usable guest mode [1] on a web browser appeared 2005 or so. Give the phones a little more time, and it will get there too.
[1] mozilla had multiple profile support since forever, but it required you to restart the browser with a command line argument, or requires you to pick a profile every time, and even then it's not "guest" profile -- it's another profile with history and all. When I needed multiple profiles, it was always easier to set up another user on Linux. [On windows, at least in the 2000 days, the new browser would defer to the old one that was already on screen even if they were RunAs different users -- a different "desktop session" was required for separation. bleh]
I was going to write a tweak for iOS to do something like this, with behavior similar to that of the built in Camera shortcut from the lockscreen.
1. You are using an app
2. You activate 'Guest mode' using a button press, swipe, tap, etc. (configurable)
3. If the user hits the home button, it redirects to the lockscreen instead of the homescreen (much like the Camera application does in lock-mode)
4. Instead of the camera icon on the lockscreen when you double tap, it is the icon of the locked-in application. (You can tap it to resume use of the locked-in application)
5. To disable this guest mode, you simply unlock the device with your passcode.
So, when a friend asks "Hey can I check my email?", you can open Safari, enable this guest mode, and hand the phone to him, no worries.
Yes, yes from a guy who has to nervously hope that as his Dad looks up something on his phone while having family dinner, he doesn't end up in my SMS or Photos app. It'd ruin the dinner. And some.
As far as I'm concerned the only 'Guest Mode' I need on my phone is the emergency call screen. I'm totally willing to be the 'weirdo' who won't let someone use his phone.
The reason I don't log on someone else's phone is not because they don't want me to, is because I don't want to! Just the same reason why I usually don't log in on an untrusted computer.
Maybe just for browsing the internet it would be allright, but I won't hand over my passwords. Isn't there any keylogger yet for android/ios? You don't even need to go by the store/marketplace, just local, developper stuff and there you go. Do you want to log on my machine?
Smartphones seem to have mostly sacrificed some of their security for convenience.
Take Windows for example, sure you can setup multiple user accounts with different levels of privilege , access to website and apps etc but how many people outside of a corporate or academic setting actually use this?
Whenever I borrow someones laptop they just use their own login, sometimes I find porn in their Internet history but at the end of the day who cares?
Perhaps this is more of a problem for people with kids who might want to use the internet themselves but when their child uses it they don't want them to have access to certain sites or see that their parent has accessed certain sites.
One issue I have with android is that when I clear the history in the browser and delete all cookie etc etc.
If I hit the back button it still goes back to whatever I visited last , also if I goto google and tap the search bar all my previous searches come up. It's not really very privacy friendly.
Hopefully this problem will pass once everyone has a smartphone so they don't need to borrow someone elses.
Users can, when choosing the right ROM.. hooray for choice!
Guest mode: enable the “Guest Mode” toggle in the panel, and your calls and text messages logs will be hidden, and all installed applications cannot be removed. You may have a try when you need to show your phone to guests or children.
The guest mode is a great idea. But for now, if you have very private stuff on your Android phone, you can lock down on an app-per-app basis. This could be a little inconvenient, though, and either you always keep them password protected, or you have to remember to protect them before you give the phone to someone.
This is something I've wondered quite a bit also.
ChromeOS already has this feature -- it's the idea of the device simply acting as a terminal, with all user data stored in the cloud.
Also, I'm a bit afraid implementing full-featured multiple user sessions (similar to a desktop OS) would lead to a lot more bloat.
Seems like Apple is planning to implement multi-user mode in iOS with face recognition based login ie a user just enter his PIN, however, the camera detects which account to load.
(IMHO, more secure than the current Android implementation)
Article talking about related patent:
http://www.cultofmac.com/137393/apple-patent-details-facial-...
I would imagine at that time, they might support Guest logins.
EDIT: the implementation detail of Face recognition talked above is my own take on how it should be done. Not suggested by the referenced article.
[+] [-] jerrya|14 years ago|reply
1234 is my regular PIN. 1235 is my help I'm being robbed PIN -- it dispenses the cash, calls the cops, and tags the video.
[+] [-] ryanwaggoner|14 years ago|reply
In the scenario that you're proposing, the only advantage is that police are called about 30 seconds sooner. But my guess is that in the vast majority of cities in the US, that 30 seconds won't be enough to catch the criminals.
Not to mention that if this became widespread (and therefore known) you've now given the victim a crude weapon that the robber may feel warrants more violence to convince the victim that they better not type in their duress code.
[+] [-] russss|14 years ago|reply
http://en.wikipedia.org/wiki/Duress_code
[+] [-] Lost_BiomedE|14 years ago|reply
[+] [-] marquis|14 years ago|reply
[+] [-] ChrisCooper|14 years ago|reply
Why not just have e.g. "swipe left to unlock to guest mode" or something similar? Then you can still have it be locked, but with the same old PIN; it will be far more attractive to users.
[+] [-] polymatter|14 years ago|reply
Will people pay a premium for it (compared to say, offering more air miles)?
I'd be willing to bet that for most people it simply isn't worth the investment for them.
[+] [-] seiwyn|14 years ago|reply
Edit: Somewhat replying to a sibling comment. In countries with less effective police, they originally put withdrawal limits on the cards, but this just caused muggers to hold their victims until the victim's account was drained.
Further Edit: I couldn't find any online sources for this information, so I could be remembering incorrectly.
[+] [-] furyg3|14 years ago|reply
[+] [-] drumdance|14 years ago|reply
[+] [-] huhtenberg|14 years ago|reply
Diebold ATMs could be configured to send a "distress signal" when their safe was opened and the last number of the combination lock was off by 1. The option was off by default, because it required additional hardware hook-up (for the signaling), but it was there.
[+] [-] jcurbo|14 years ago|reply
[+] [-] nradov|14 years ago|reply
[+] [-] rimantas|14 years ago|reply
[+] [-] ConstantineXVI|14 years ago|reply
[+] [-] walexander|14 years ago|reply
According to him, this is a feature that pops up once in awhile, but they have a long list of stuff to do and this is just one of those things that always gets bumped out.
From my perspective as a platform dev, I'd like to get into some of the technical problems with changing this, but I could end up breaking some NDAs or something. I'll just say, when you start mucking around with adding login code, file system changes, and the current dmcrypt encryption, you hit lots of fun design problems.
[+] [-] masklinn|14 years ago|reply
That's the first thing I wondered about when Apple released the ipad: from the start, this looked like a family/eminently shareable device (and within a month you had reports of it being used as a shared family device, picked and left on the living room table for quick sessions of browsing or game), it felt weird that all the tablets were single-user, and the more time passes the weirder it is.
[+] [-] mcobrien|14 years ago|reply
It's not full user accounts, but a multi-user web browser. You can protect your bookmarks, logins & web history and it also has a guest mode.
[+] [-] jiggy2011|14 years ago|reply
Once you start adding stuff like login systems, seperate file permissions you start becoming a PC with a touchscreen.
[+] [-] Tichy|14 years ago|reply
[+] [-] recoiledsnake|14 years ago|reply
[+] [-] wh-uws|14 years ago|reply
Their approach is targeted at kids though, I'd love to see someone tackle the general purpose approach.
Sounds like a great project for someone with a lot of free time. I rememeber hearing that the guy who came up with what is currently the ios notification style was hired by Apple after his jailbroken hack.
The void is wide open for someone to solve this well and be rewarded for it
[+] [-] Jun8|14 years ago|reply
[+] [-] forrestthewoods|14 years ago|reply
Because dealing with multiple profiles and/or different profile types is a fucking huge giant pain the ass and a monumental amount of work! Xbox has local, guest, live silver, and live gold accounts. Dealing with all the different profiles and switching between is a nightmare. Urgh, no thanks.
[+] [-] yock|14 years ago|reply
[+] [-] burgerbrain|14 years ago|reply
[+] [-] pygorex|14 years ago|reply
[+] [-] viraptor|14 years ago|reply
It's for different people, not for you that an account should be created. I also would like that in all the *pads. I'd like to split the history and logins of each person using my touchpad. It's a mess when 2+ people start using it.
[+] [-] baddox|14 years ago|reply
[+] [-] pavel_lishin|14 years ago|reply
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] tomkarlo|14 years ago|reply
Lots of folks hand their smartphone to their kids to play games and even if there's nothing sensitive on there, they might have things they don't want deleted like treasured photos and videos.
[+] [-] joezydeco|14 years ago|reply
[+] [-] kefs|14 years ago|reply
https://market.android.com/search?q=app+lock&c=apps&...
[+] [-] groby_b|14 years ago|reply
[+] [-] freehunter|14 years ago|reply
[+] [-] there|14 years ago|reply
presumably the same technology could be used to provide "normal" and guest environments.
https://www.youtube.com/watch?v=ydXJjCN2G-A
[+] [-] rocketsfan|14 years ago|reply
I'd like to be truly responsible and just turn my phone off, but I don't to allow for those few times when there actually is something important.
[+] [-] sandGorgon|14 years ago|reply
[+] [-] tzury|14 years ago|reply
https://twitter.com/#!/arrington/status/27763718700
[+] [-] beagle3|14 years ago|reply
[1] mozilla had multiple profile support since forever, but it required you to restart the browser with a command line argument, or requires you to pick a profile every time, and even then it's not "guest" profile -- it's another profile with history and all. When I needed multiple profiles, it was always easier to set up another user on Linux. [On windows, at least in the 2000 days, the new browser would defer to the old one that was already on screen even if they were RunAs different users -- a different "desktop session" was required for separation. bleh]
[+] [-] conradev|14 years ago|reply
1. You are using an app
2. You activate 'Guest mode' using a button press, swipe, tap, etc. (configurable)
3. If the user hits the home button, it redirects to the lockscreen instead of the homescreen (much like the Camera application does in lock-mode)
4. Instead of the camera icon on the lockscreen when you double tap, it is the icon of the locked-in application. (You can tap it to resume use of the locked-in application)
5. To disable this guest mode, you simply unlock the device with your passcode.
So, when a friend asks "Hey can I check my email?", you can open Safari, enable this guest mode, and hand the phone to him, no worries.
What do you think?
[+] [-] badclient|14 years ago|reply
[+] [-] zacharyvoase|14 years ago|reply
[+] [-] Zarathust|14 years ago|reply
Maybe just for browsing the internet it would be allright, but I won't hand over my passwords. Isn't there any keylogger yet for android/ios? You don't even need to go by the store/marketplace, just local, developper stuff and there you go. Do you want to log on my machine?
[+] [-] jiggy2011|14 years ago|reply
Take Windows for example, sure you can setup multiple user accounts with different levels of privilege , access to website and apps etc but how many people outside of a corporate or academic setting actually use this?
Whenever I borrow someones laptop they just use their own login, sometimes I find porn in their Internet history but at the end of the day who cares?
Perhaps this is more of a problem for people with kids who might want to use the internet themselves but when their child uses it they don't want them to have access to certain sites or see that their parent has accessed certain sites.
One issue I have with android is that when I clear the history in the browser and delete all cookie etc etc.
If I hit the back button it still goes back to whatever I visited last , also if I goto google and tap the search bar all my previous searches come up. It's not really very privacy friendly.
Hopefully this problem will pass once everyone has a smartphone so they don't need to borrow someone elses.
[+] [-] buster|14 years ago|reply
Guest mode: enable the “Guest Mode” toggle in the panel, and your calls and text messages logs will be hidden, and all installed applications cannot be removed. You may have a try when you need to show your phone to guests or children.
http://en.miui.com/a-10.html
[+] [-] nextparadigms|14 years ago|reply
[+] [-] sherwin|14 years ago|reply
Also, I'm a bit afraid implementing full-featured multiple user sessions (similar to a desktop OS) would lead to a lot more bloat.
[+] [-] hsshah|14 years ago|reply
I would imagine at that time, they might support Guest logins.
EDIT: the implementation detail of Face recognition talked above is my own take on how it should be done. Not suggested by the referenced article.