Before the days of fingerprint sensors and face unlocking, the only way into our phones was with a PIN or password. That’s why the addition of smart lock back in Android Lollipop was so appreciated. Recently, though, we’ve become aware of a smart lock flaw on Android that leaves your device unlocked for longer than it should. Here’s what you need to know.
The best gifts for Android users
Android Smart Lock has four current methods to unlock your device with Trusted Places, Trusted Devices, Voice Match (which is being replaced), and On-body detection. The flaw we’ve recently exposed only affects on-body detection.
That feature, when enabled, is designed to leave your device unlocked as long as it’s in your possession. While it’s in your hand or pocket, the device remains unlockable without a PIN, password, or fingerprint. Once you put the device down on a table, however, it’s supposed to relock pretty much immediately. However, that doesn’t happen when the device is plugged into a physical charger.
As a tipster pointed out to us this week, plugging in your device with on-body detection enabled through Android Smart Lock leaves the device unlocked for a longer period of time. We’ve not been able to determine the exact period of time that the device remains unlocked, but in some cases as much as a few minutes can pass with the device charging and resting on a still table where it remains unlocked when picked back up.
Android Smart Lock on-body detection
Generally, the device does eventually relock, but the security implications here should be obvious. If you’re out in public and leave your phone unattended for a moment while charging, someone could easily get into your device because of this flaw. We were able to replicate this problem on multiple Pixel 3 devices on both Android Pie and Q, as well as a Razer Phone 2 on Pie.
Google has confirmed that they are aware of this issue and is working on a fix. Currently, it’s unclear when this fix will roll out, so we’d recommend turning off on-body detection in the meantime.
More on Android:
Check out 9to5Google on YouTube for more news: