Skip to content

Privacy and Android – The Lockscreen

Published by dbof on April 15, 2017

With the uprise of smart phones in general, and more specific Android phones, we as users give our most personal data to private companies like Google. Also, we carry our data with us, risking the theft of what is most precious to us: intimate photos, banking information, passwords and more.

But there are a few measures one can take to minimize the damage of theft and protect your personal data from naughty apps.

This post is Part 1 of a series on privacy tips for Android devices.

The Lockscreen

Enabling the lock screen can discourage curious friends from checking your phone. It can also help deterring less professional thieves from accessing your data. It adds just a little amount of privacy against prying eyes, but it is one of the easiest measures. Here is how to do it:

  1. Enter the settings menu of your Android phone

    2. There is usually an app called “Settings” in your apps drawer.

  2. Scroll down and select “Security”.

    3. The menu point could also be called “Lock screen” on some devices.

  3. Selecting “Screen Security” and then “Screen lock”, you can choose which type of security you want to have.

All of these have pros and cons, and some of these might not be available on your device:

  • Slide (to unlock)

    • This adds exactly no security, but is the most easy-to-use, as you do not have to enter anything. Not recommended.

  • Face Unlock

    • Face Unlock is less secure than any other option (except Slide), and it may not be reliable at all. You can unlock your phone using a photo or even less. But it is easy to use, since you probably look at your phone when you want to use it.

    Still, not recommended.

  • Pattern

    • This is one of the more popular solutions. It is easy to use, you have to remember a unique pattern, which is probably easier than remembering a text password. Also, it has decent security, as you have only a limited number of tries, after that you have to wait a few seconds or minutes to try again. Some phones have the option to get a bigger grid (mostly alternative Android OSes), so the bigger the better the security of your pattern.

    The most secure pattern
    A secure pattern, but mostly unusable

    Also, select a pattern which is not too obvious. Popular patterns are “Z”, “L” and consecutive patterns (like a snake). There is some research on this (Arstechnica article), and the results are surprising.
    Weak android lock patterns(Source: Marte Løge)

    If you try to avoid these, a pattern is safe to use.

  • Pin

    • A pin is a combination of numbers, and this security measure has existed for years on dumb phones. There is only one thing to say about pin numbers: The longer the sequence, the better the pin.

    As always, try to avoid obvious numbers such as 1234. Avoid repeating numbers like 0000. Also avoid using birthday dates. Except for the bigger effort to unlock your phone, there is no real downside to this method, as you will remember even bigger combinations after having to unlock your phones a few times per day. So, it is mostly a safe option, if you follow the rules above.

    An in-depth analysis of the security of PINs is found here: http://www.datagenetics.com/blog/september32012/

  • Password

    • A password is probably the best option for your device. Except, it is not. Having to input a text multiple times a day on a tiny phone keyboard is tedious. So, from a usability aspect, it is the worst option.
    The tips for safely using this method is the same as always for passwords:
    1. Do not use the same password twice
    2. Use a mix of letters, numbers and special characters
    3. A longer password (like a complete sentence) can still be memorable
    4. Do not use the most used passwords: password, 123456, qwerty and more…

    This method is great for tablets or devices with a hardware keyboard, or for rarely used devices. If you do not want to input long texts, but still want to be safe, it is better to use one of the other options instead of using a shorter password.

  • Gestures

    • Gestures are very similar to patterns, but I still consider them less safe. Like patterns, using common shapes (circles, hearts, stars) is considered unsafe. Also, since the position of a gesture is not saved, drawing a square on the left side of the field is equal to a square on the right.

    Also, in my tests, a square was recognized as a circle gesture, and some more complex patterns were easy enough to circumvent using nearly random movements. So, try it yourself, but it seems mostly unsafe to me.

One last advice: Wipe your screen after entering a PIN, password or gesture. The fat from your fingers will reveal your secret.

That was the first step towards an improved privacy on your Android device. But there is more you can do. Part 2 on device encryption is available!

Published inAndroidIT-Security

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *