GrapheneOS, a privacy-focused Android-based operating system, has introduced a new “duress PIN” feature designed to protect user data in high-risk situations. The update enables a secondary PIN that, when entered, triggers a complete and irreversible wipe of the device.
The duress PIN works anywhere the system requests authentication, including the lock screen, app unlock prompts, and system settings such as enabling developer options. Once entered, it deletes the device’s encryption keys, stored files, and eSIM profiles before shutting down, rendering the phone unusable.
To set up the feature, users can navigate to Settings → Security & Privacy → Device Unlock → Duress Password and assign a unique secondary code distinct from their primary unlock method. Matching the primary and duress PINs disables the function.
Security experts note that the feature may deter attackers from accessing sensitive information by making the phone appear unlocked when, in fact, it has been wiped. However, GrapheneOS developers caution that attackers aware of the feature could become suspicious upon discovering an empty device. Community discussions have also explored the possibility of using common PINs, such as “1234,” to increase the likelihood of accidental activation by an intruder, though this approach carries risks.
The duress PIN joins other advanced privacy measures in GrapheneOS, including sandboxed Google Play integration, strict biometric unlock limits, and granular permission controls.
According to GrapheneOS, the duress PIN is for extreme situations where protecting data outweighs retaining hardware. The feature is now available to all GrapheneOS users through the latest system update.