How do I fingerprint-lock or hide an app from the GrapheneOS launcher?

published Jan 12, 2022, last modified Jan 15, 2022

This question stems from a misguided model of how your phone works.

You don't want other people to access the app when the phone is unlocked? Then don't unlock the phone for them.

You absolutely need others to use your phone?  Deploy a guest user, and give them access to that, instead of your main profile.

You want the app or its data to be hidden against forensic investigators? Hiding it from the launcher, or interposing a fingerprint check (if it was possible), is not going to accomplish that.  Forensic investigators have other, fully automated ways to get to the data they want — your only defense to that is a strong passphrase and, for added security, shutting the phone off or entering Lockdown mode.

Your main phone user profile is a single security compartment.  Once the measures to defeat entry to the compartment are no longer in place — in plain English, your phone is unlocked — anyone with physical access can and will get access to what they want.  They may not use the launcher to find an app, but they can open the Apps page of the Settings app and, bam, the app will be listed and launchable.

Apps have strong isolation between each other, bud they largely don't have isolation from a person using an unlocked device.  That is so, because the threat model contemplates malicious apps, but does not contemplate a malicious user with unlocked access — if the phone is unlocked, it is game over.

How can the phone, after all, know if the user holding it is malicious or not?  Well, that's why it asks the password or PIN or fingerprint.  Once the user correctly authenticates, the only reasonable assumption is that the user is benign.

The only exceptions to this rule are secrets and destructive actions protected by the security chip that require strong authentication (like factory-resetting the phone, or changing its PIN).  Launching and visibility of apps do not fall under that category.