• winterpeacock
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I don’t know the exact reason why Android requires the primary user to enter their PIN/password before any other user can log in, but it may be due to the fact that the primary user is also the “system” user which is “always running even when other users are in the foreground.

      Full disk encryption?

      • MishaalRahman@lemdro.idOP
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Android hasn’t used FDE for a couple of years now. File Based Encryption (FBE) has been required instead since Android 10. With FBE, each user has their own credential encrypted storage location for apps, which are encrypted with the credential from that particular user. (I verified this while testing. When you boot and unlock the primary user, other users data at /data/user/{id} is still encrypted until you unlock them.)

        • winterpeacock
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          Maybe there are other system files required that are encrypted with the primary user credentials

          • MishaalRahman@lemdro.idOP
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            There might be, though I couldn’t find any. I poked around /data on a rooted Pixel that had just booted but hadn’t had its primary user unlocked yet, and I was able to access most files in /data/system still.

      • someone_secret@burggit.moe
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Pretty much my thoughts, yes.

        In order for the FDE to have any usefulness, the key has to be derived from a secret that only the user of phone knows (I.e. a secret PIN, password or pattern)