[It turns out the dialog to separately toggle biometric usage for the lock screen and in apps is unique to CalyxOS, and possibly Graphene.]
biometric_keyguard_enabled isn’t a system property that lives in the getprop/setprop namespace.
It’s a Secure Settings key that Android stores in the Settings.Secure table (the same place where things like “stay‑on‑while‑plugged‑in” or “show‑password‑characters” live).
Because of that:
adb shell getprop won’t list it – getprop only shows properties that are part of the Android property service.
setprop can only touch properties that are declared as writable for the shell user. biometric_keyguard_enabled isn’t on that whitelist, so the kernel logs a failure (the “see dmesg” line) and you get the “Permission denied” when you try to read the log without root.
How to change it without rooting
The shell user (the one you get when you run adb shell) does have permission to modify many Secure Settings keys via the settings command. Try the following:
Check the current value (0 = disabled, 1 = enabled)
adb shell settings get secure biometric_keyguard_enabled
Disable the biometric keyguard
adb shell settings put secure biometric_keyguard_enabled 0
Re‑enable it later if you wish
adb shell settings put secure biometric_keyguard_enabled 1
A few notes:
Value semantics – The setting expects an integer (0 or 1). Using false/true will be rejected.
Immediate effect – Most Secure Settings changes take effect right away, but some UI components may cache the old value until you lock/unlock the device or restart the System UI. If you don’t see the change instantly, try toggling the screen off/on or issuing adb shell am restart (which restarts the activity manager).
Device‑specific behavior – LineageOS may expose additional safeguards or UI toggles for this feature. If the command returns “null” or “SecurityException”, the build you’re using might have removed the key entirely. In that case the setting can’t be altered via settings.
No root needed – Because you’re using the settings tool as the shell user, you don’t need root access. The only thing you can’t do without root is edit the underlying property service (setprop) for keys that aren’t whitelisted.
Why dmesg is blocked
On a non‑rooted device the shell user isn’t allowed to read the kernel log (klogctl). That’s why adb shell dmesg prints “Permission denied”. It’s unrelated to the setting itself; it’s just a security measure to prevent ordinary users from snooping on kernel messages.
TL;DR
What you triedWhy it failedWhat to do insteadadb shell getprop / setprop biometric_keyguard_enabled …Not a system property; not writable for shellUse the settings command on the secure namespaceadb shell dmesgKernel log is restricted to rootNo need to view it; the failure reason is already reported by setprop
Give the settings commands a try and you should be able to toggle the biometric keyguard without needing root. If you encounter a “SecurityException” or the key isn’t present, the particular LineageOS build you’re on simply doesn’t expose that setting. In that case you’d need to rely on the UI toggle (if any) or flash a custom build that includes the option.
Privacy-friendly selection of apps We have preinstalled for you a selection of privacy-friendly apps, listed below. It is to be noted that we also have made the uninstallation of preinstalled apps possible with iodéOS! iodé The place to control and visualize the data transmissions from your phone.
OnePlus 9
Pixel 5, 6...
Fairphone
Xperia 1V, 5V: firmware not included
Hide My Email is the best Apple product you're probably not using. Here's how it can start shielding your inbox and your privacy now, for just 99 cents.
privacy-first AI chatbot
The City of Portland released a report on how bureaus use surveillance technologies, highlighting efforts to increase transparency and accountability. Phase II will expand data collection and public engagement to build a citywide open data inventory by early 2026.
stretch your dollar with suma Technology barriers hinder financial independence and quality of life for low-income individuals, people of color, adults with disabilities, and other frontline communities. Suma’s community-driven tech solution removes these barriers, making essential goods and services more affordable. join the suma app today events Farmers Market Match Starting May 3rd, buy $2 … Continue reading home
Ubuntu Touch or AOSP
Similar products with hardware switches for privacy:
Purism Librem - also USA-made $2k version
Furi Labs FLX
Other open-source-friendly phones
Murena, /e/OS
- HIROH phone - expensive
Fairphone - direct and Murena sales include /e/OS, also compatible with CalyxOS (but not GrapheneOS)
PinePhone
Hijack-resistant:
Efani is $99/month! They have a vulnerability checker for your phone number, which requires OTP verification and email... should use a public throwaway redirector
Cloaked Wireless starts at $25/month, strong 2FA
Anonymity-friendly:
carriers not requiring Know Your Customer PII
- Mint (and conceivably Ultra), from T-Mobile
- Visible, from Verizon
...
Tracfone [incl. Total Wireless, Straight Talk, Simple (WalMart), Net10], now owned by Verizon
H2O?
Phreeli - starts at $25
Lyca requires KYC
Yes, you can still use it as a mobile hotspot with service, and that can be useful.
Rayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out cell-site simulators (CSS) around the world.
We’re on a journey to advance and democratize artificial intelligence through open source and open science.
Transform your clinical workflow with intelligent medical documentation and charting assistance.
On October 25, 2025, I gave the BSidesPDX keynote talk, Mercenary Spyware, Device Searches, and App Censorship: Practical Defenses Against Technofascism. Here are links to my sources. Mercenary Spyware Forbidden Stories: About the Pegasus Project All-Source Intelligence: Exclusive: ICE reactivated its $2 million contract with Israeli spyware firm Paragon, following