Android's Smart Lock Won't Ask You For a Password Until You Set Your Phone Down

← Back to Stories (view on slashdot.org)

Android's Smart Lock Won't Ask You For a Password Until You Set Your Phone Down

Posted by samzenpus on Monday March 23, 2015 @12:52AM from the staying-on dept.

jfruh writes Nothing confronts you with how addicted you are to your phone more than constantly taking it out of your pocket and entering your passcode over and over again to unlock. But without fanfare, Google is releasing an Android update that might solve the problem: a "smart lock" that can figure out if your phone has been set down since the last time you unlocked it. As long as it stays on your person, you won't need to re-enter your password.

127 comments

Min score:

Reason:

Sort:

Sooo .. by OzPeter · 2015-03-23 00:55 · Score: 4, Informative

If your are carrying your unlocked phone, and you get mugged and hand over your phone, then the mugger now doesn't have to enter a passcode until he/she puts it down.
Q. If your Android phone is unlocked, how easy is it to change the passcode?

--
I am Slashdot. Are you Slashdot as well?
1. Re: Sooo .. by Anonymous Coward · 2015-03-23 00:58 · Score: 0
  
  You worry too much. With two factor authentication in place there's no chance the theif will be able to get the verification code!
2. Re:Sooo .. by Thanshin · 2015-03-23 01:00 · Score: 3, Insightful
  
  It's rather worse if it gets stolen from your pocket.
  What situation would make you hand over your phone but not your pass?
3. Re:Sooo .. by amck · 2015-03-23 01:07 · Score: 3, Informative
  
  Typically the power button automatically locks the phone, making it trivial to lock the phone in a hurry.
  
  --
  Anyone who believes exponential growth can go on forever in a finite world is either a madman or an economist
4. Re:Sooo .. by XxtraLarGe · 2015-03-23 01:09 · Score: 5, Informative
  
  Q. If your Android phone is unlocked, how easy is it to change the passcode?
  You have to enter the old passcode before entering a new one, same thing to disable it altogether.
  
  --
  Taking guns away from the 99% gives the 1% 100% of the power.
5. Re:Sooo .. by barlevg · 2015-03-23 01:14 · Score: 1
  
  I assume this feature is optional. If not, there's always Cyanogenmod!
6. Re:Sooo .. by TuringTest · 2015-03-23 01:16 · Score: 2
  
  Q. If your Android phone is unlocked, how easy is it to change the passcode?
  You have to enter the old passcode before entering a new one, same thing to disable it altogether.
  But it's more than enough time to access all the services to which you're logged in in your browser, and possibly change your password in them.
  
  --
  Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
7. Re: Sooo .. by Melbourne+Pete · 2015-03-23 01:19 · Score: 5, Informative
  
  I was moving at speed in a tuk tuk in Phnom Penh when my phone was stolen out of my hands by two guys on a scooter. Not sure how likely that is for most people, but you did ask.
8. Re:Sooo .. by Anonymous Coward · 2015-03-23 01:20 · Score: 0
  
  Not always.
9. Re: Sooo .. by Plumpaquatsch · 2015-03-23 01:21 · Score: 1
  
  You worry too much. With two factor authentication in place there's no chance the theif will be able to get the verification code!
  So? That means he can't get your data "in the cloud" - but the phone is his to use
  
  --
  Of course news about a fake are Fake News.
10. Re:Sooo .. by Plumpaquatsch · 2015-03-23 01:23 · Score: 1
  
  It's rather worse if it gets stolen from your pocket.
  What situation would make you hand over your phone but not your pass?
  Snap and run?
  
  --
  Of course news about a fake are Fake News.
11. Re: Sooo .. by hsmith · 2015-03-23 01:29 · Score: 1
  
  Especially now that Google uses your SMS as your two factor. So, even if the phone was locked - all you have to do is pop the SIM in another phone and boom, you have the persons 2nd factor.
12. Re:Sooo .. by Anonymous Coward · 2015-03-23 01:31 · Score: 1
  
  There are six methods for locking your screen on my version of Android, and it is old enough to not have this Smart Lock. Which is to say, it is unclear why you go straight to Cyanogenmod before even knowing what exists in the OS as is.
13. Re:Sooo .. by tbuddy · 2015-03-23 01:37 · Score: 1
  
  Only reason I can think to stick with your stock firmware is that you have to (not available for phone, on a CDMA network where you need to update with a proprietary software item that doesn't work on third party firmwares). I have seven unlock options on my GS3 and prefer to use the "None" option.
14. Re:Sooo .. by Anonymous Coward · 2015-03-23 01:38 · Score: 0
  
  If you use a site/app/service that doesnt ask for the old password/code before changing, you should really stop using it.
15. Re:Sooo .. by Anonymous Coward · 2015-03-23 01:40 · Score: 0
  
  When asks, drop your phone
16. Re:Sooo .. by Thanshin · 2015-03-23 01:40 · Score: 1
  
  That's not a mugging. Without violence it's not mugging, it's just theft.
  You don't "hand over" something to someone who snaps it from your hands.
  My point being that if the guy has a knife/gun on you and tells you "give me that phone", he could just as well say "password?".
  However, they don't really care, as stolen phones are sold en masse to people who don't need the pass to resell them.
17. Re:Sooo .. by AmiMoJo · 2015-03-23 01:45 · Score: 1
  
  I imagine the feature is smarter than TFA suggests. Phones can easily tell if they are in your pocket or bag with the same proximity sensor they use to disable the screen when you hold them to your ear. This feature probably works like a smart watch, turning the screen on when you raise the phone up to look at it if it has been in your hand since last unlocked.
  They do mention that the smart unlocking feature also supports location awareness. No need for a password if the phone is connected to your home wifi or car's Bluetooth, for example. I wouldn't use it but it seems like a reasonable compromise for people who are only worried about theft.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
18. Re:Sooo .. by Anonymous Coward · 2015-03-23 01:53 · Score: 1
  
  FTFA, the device displays this message when the feature is activated:
  “If you unlock your device and hand it to someone else, your device also stays unlocked as long as the other person continues to hold or carry it,”
19. Re:Sooo .. by F.Ultra · 2015-03-23 01:55 · Score: 1
  
  Of course he could say "hand over the password" but the difference is that I could refuse to do so. With this new locking scheme I no longer have that option. Yes I might be stupid to not hand over the password at gun point, but at least I have the choice.
20. Re:Sooo .. by brunes69 · 2015-03-23 01:55 · Score: 2
  
  Couple of mitigations
  - You can disable this feature if you want
  - You can also enable SmartLock which will lock the phone as soon as it gets out of range of another bluetooth device (smart watch or key fob)
  - Use android device manager to lock and/or remote wipe the phone as soon as possible after the theft. My wife has the ability to lock and remote wipe my phone from her phone using Android Device Manager, and I can do the same to hers.. you should set this up.
  - You could simply hold the power button in while handing over the phone, forcing a reboot and lock
  - You could get a dimple.io NFC button that lets you password lock your phone with a keypress
21. Re:Sooo .. by TuringTest · 2015-03-23 02:09 · Score: 3, Informative
  
  So, you've never encountered a site with a "I've forgotten my password" option that sends you a mail to log in?
  Anyway, it's bad enough that a thief can access all data in the logged in service even if they can't change the password.
  
  --
  Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
22. Re: Sooo .. by Anonymous Coward · 2015-03-23 02:15 · Score: 5, Informative
  
  I've seen phones snatched out of people's hands by passing cyclists a good number of times where I live.
  Phone theft may sound rare, but it isn't uncommon, and thieves know that they can just grab the phone, stuff it in a tinfoil envelope, let it sit for a week or two until the battery dies, disassemble it, then sell the screen, case, and other parts for a good amount of cash. Same thing happens with bicycles. The thieves know not to sell the bike. Instead, they disassemble it, then haul the pieces to another city or state to sell. That Shimano Dura-Ace shifting set doesn't have any serial numbers, and a lot of cyclists will buy it without asking any questions if the price is right.
23. Re: Sooo .. by Afty0r · 2015-03-23 02:28 · Score: 5, Informative
  
  This is one of the most common forms of phone theft these days - not the traditional "violent mugging" but the most basic form of physical robbery - grab it quickly out of someone's unsuspecting hand as they walk down the street focussed on their phone and not the world around them. Then run or bike away. I haven't known someone have their phone stolen in a "mugging-style" robbery in many years, but I personally know of four people (in London) who have had their phone stolen by this method recently.
24. Re:Sooo .. by mlts · 2015-03-23 02:41 · Score: 1
  
  Those are some good suggestions. I might add a few myself:
  1: If your device is rooted, you can separate the password that unlocks the /data partition from the PIN that unlocks the screen. This way, you have 4-5 digits that are quickly typed in... but if a thief decides to reboot the phone or power it off, they are facing the 20-30+ character passphrase... and most newer Android ROMs only allow 30 guesses before they do an erase.
  2: Enable encryption of the /data partition. This is worth mentioning.
  3: There is an app that will detect if the power button is pressed six times quickly, and send out a duress code. Forgot the name, but might be worth having.
  4: Some ROMs will do some form of encryption on the SD card. If not, you can get an EncFS app, or BoxCryptor (which is a commercial/subscription version that uses EncFS as its base.)
  5: Consider a backup program like Titanium Backup which uses a very reliable encryption mechanism (it uses a passphrase for a private key, and uses a public key for backups), and can save the encrypted backups to a cloud provider.
  6: Consider a utility that requires a PIN to access some apps. For example, the app for a terminal and other rooted apps on my Android phone is PIN protected, FB and other apps are under another PIN, etc... so if a bad guy gets the phone while its unlocked, they might have access to the Web browser, but not the other parts. If they reboot the phone, they are faced with a very long /data encryption password as stated in #1.
25. Re:Sooo .. by Anonymous Coward · 2015-03-23 02:45 · Score: 0
  
  Is it really worth worrying about such an unlikely event? In the UK - population around 65 million - there are a few hundred muggings a year.
26. Re: Sooo .. by Anonymous Coward · 2015-03-23 02:46 · Score: 0
  
  Or you could just give the wrong one. I seriously doubt a mugger is going to stick around to try unlocking it with the password you just gave him in the middle of a mugging. Never mind that he would have to take his eyes off you to do so.
  Just give him a really long complicated fake passcode and you can be even more sure.
27. Re: Sooo .. by David_W · 2015-03-23 02:51 · Score: 2
  
  You may have been "Woosh!"ed here... doesn't two-factor auth usually send the verification code to your phone?
28. Re:Sooo .. by gl4ss · 2015-03-23 02:55 · Score: 1
  
  it also functions as the keylock/screenlock shortcut, so it's not going to be any use for this. otherwise the usability would be pretty poor, as you do want the screen to turn off and lock from input when you place the phone in your pocket, unless you enjoy random stuff happening.
  this lock is separate from that. meaning that you can just open the screen and start doing whatever it was you were doing.
  now, with these phones it would be nice to have separate real lock button.
  
  --
  world was created 5 seconds before this post as it is.
29. Re:Sooo .. by beh · 2015-03-23 02:57 · Score: 3, Funny
  
  So, if a pickpocket picks it from your trouser pocket while you're walking along the street you quickly and easily dash after him to press the lock button on the phone while he's trying to make a getaway?
30. Re:Sooo .. by Eloking · 2015-03-23 03:06 · Score: 1
  
  If your are carrying your unlocked phone, and you get mugged and hand over your phone, then the mugger now doesn't have to enter a passcode until he/she puts it down.
  My thought exactly!
  The only way to avoid entering your password too often but force it when an unauthorized person want to access your cellphone is if the cellphone can "efficiently" recognize you. The closest tech I've heard about this is Microsoft new Windows Hello system : http://tech.slashdot.org/story...
  
  --
  Elok
31. Re:Sooo .. by JTsyo · 2015-03-23 03:08 · Score: 1
  
  Forget thieves, how about when cops take your phone.
32. Re:Sooo .. by Anonymous Coward · 2015-03-23 03:08 · Score: 0
  
  Q. If your Android phone is unlocked, how easy is it to change the passcode?
  You need to enter the passcode to change/disable it.
33. Re: Sooo .. by Anonymous Coward · 2015-03-23 03:11 · Score: 0
  
  u r this dum
34. Re: Sooo .. by rotaryexpress · 2015-03-23 03:18 · Score: 1
  
  Depends on which method you use: SMS based, yes. Google Authenticator (well, they already have access to your phone), no. Yubikey, no.
35. Re:Sooo .. by swillden · 2015-03-23 03:27 · Score: 1
  
  you do want the screen to turn off and lock from input when you place the phone in your pocket, unless you enjoy random stuff happening.
  The proximity sensor (same one that prevents you from hitting buttons with your cheek while talking on the phone) should turn the screen off and disable input without locking the screen when it senses your leg/hip.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
36. Re:Sooo .. by jbmartin6 · 2015-03-23 03:43 · Score: 4, Funny
  
  you should set this up
  Why the hell would I want to give your wife the ability to erase my phone?
  
  --
  This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
37. Re:Sooo .. by brunes69 · 2015-03-23 03:51 · Score: 1
  
  Do you have any links to how to do #1? I have never heard of this before.
38. Re:Sooo .. by swillden · 2015-03-23 04:08 · Score: 1
  
  I've been using this feature for a few months now (I work for Google) and I think on balance it significantly improves my security. It means that I can set my phone to lock instantly on display timeout, with a one-minute timeout, lock instantly on power button press, and use a long, complex password... and not be inconvenienced by having to constantly re-enter a long password. This is a security win, because if I did have to enter a long password two dozen times per day, I wouldn't do it; I'd choose a simpler password and settings that lock my device less aggressively. Even better, I find myself subtly encouraged by the phone to keep it in my pocket, rather than setting it down on tables, desks, etc., because if I put it down somewhere I'll have to re-enter my password.
  If I were mugged, I'd just hit the power button as I remove the phone from my pocket. Actually, what I'd really like to do in that case is to power it down, but I'm not sure I could get away with that, since it requires holding the power button for a couple of seconds, then tapping the confirmation dialog. Since my phone is encrypted, getting it into a powered-down state makes my data quite secure. Not that the lockscreen is necessarily easy to bypass, but it's part of a large, complex system, which means there's a lot of attack surface. Once the device is powered down, the risk model is very simple and well-understood: If the attacker can't guess my password, he can't get at my data. Thanks to the hardware-backed encryption used in Lollipop, password guessing is rate-limited by the hardware to a level that would require, on average, about 70 years of continuous trials. Even if the attacker were that patient (a) nothing on my phone would be worth anything after a decade or so and (b) I doubt the device would last that long. Mobile devices aren't built to run flat out for years.
  I've also used the bluetooth proximity Smart Lock, paired to a smartwatch, but I've decided I like the "Trusted behavior" feature better, so I've stopped trusting proximity to my watch. The range on bluetooth is large enough that I can set my phone down and be far enough away that someone could use it but still within range for keeping unlocked. Plus, I really like the encouragement to keep the device on my body. In the long run, that user training will, I think, do more for my device security than anything else.
  I do still use bluetooth, but paired to my car's bluetooth, so I can put the phone in a cradle or on the center console and have it stay unlocked. I also set the phone to trust proximity to the bluetooth headset I use when cycling, because I put the phone in a cradle mounted on the handlebars and want it to stay unlocked as I use it to track my ride.
  The discussion on this thread about phones being snatched from hands, though, makes me think that perhaps I should re-enable trust of my smartwatch. That would address high-speed theft pretty well. I just tested and taking the phone out of range of my smartwatch does lock the phone, even if it's in my pocket. So a thief couldn't just grab it from my hands and drop it in their pocket to keep it unlocked.
  However, this means I lose the on-body self-training. I suppose if I turn the smartwatch linkage on only when I'm outside my home or office, I'd get the on-body training most of the time but the smartwatch linkage all of the rest. Hmm... I wonder if I can create a Tasker profile to automate that...
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
39. Re: Sooo .. by gnasher719 · 2015-03-23 04:09 · Score: 3, Insightful
  
  This is one of the most common forms of phone theft these days - not the traditional "violent mugging" but the most basic form of physical robbery - grab it quickly out of someone's unsuspecting hand as they walk down the street focussed on their phone and not the world around them. Then run or bike away. I haven't known someone have their phone stolen in a "mugging-style" robbery in many years, but I personally know of four people (in London) who have had their phone stolen by this method recently.
  It's all about risk and reward. The maximum reward is the same: One phone. The risk is much bigger for a violent crime. It takes longer. Someone might come and help the victim. The police might actually care and come after a thief who draws a knife or hits someone. The punishment is a lot higher, armed robbery + assault instead of theft.
40. Re:Sooo .. by swillden · 2015-03-23 04:15 · Score: 1
  
  I wonder if I can create a Tasker profile to automate that
  Uh, no, this can't work. Security settings changes require password authentication, and there probably isn't an app API to change them anyway (for good reasons).
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
41. Re:Sooo .. by Anonymous Coward · 2015-03-23 04:20 · Score: 0
  
  The article was light on details, but it would seem logical that this function could be tuned a bit. So you could configure the device to lock 2 minutes after I set it down, but keep it unlocked for up to 10 minutes if I am carrying it. Muggings, and other thefts of phones are not all that common, and it is difficult to code a solution for all situations where the phone is taken from it user. This would be a good balance between convenience and security.
42. Re: Sooo .. by sexconker · 2015-03-23 04:28 · Score: 1
  
  99% of all Google Authenticator use is via the app on the fucking phone.
43. Re:Sooo .. by sexconker · 2015-03-23 04:33 · Score: 1
  
  Typically the power button automatically locks the phone, making it trivial to lock the phone in a hurry.
  The whole fucking point of this feature is to "lock" the phone but not really lock it until the gyros determine the phone has been set down.
  Letting the phone time or hitting the power button will "soft lock" the phone. You won't need a pin/face/password to wake it up until the gyros determine the phone has been set down.
44. Re:Sooo .. by GIL_Dude · 2015-03-23 04:39 · Score: 1
  
  I've been using the bluetooth trusted device for several days now with a Microsoft Band device and it seems to work pretty well. I generally only need to use my pass code unlock once a day or so. As you said, the idea is that a thief (or border agent or police) can see it as unlocked and leave and it will lock right away when it gets out of BT range. Seems like a decent security usability trade off, but of course it isn't secure enough for everyone. Fortunately we have knobs and levers like this that allow people to customize the settings to ones that are secure enough for their needs, but usable enough as well. I thought about the "on body" detection, but I don't think it will work as well for me as the BT with the Band. It is nice to have the choices though!
45. Re: Sooo .. by Anonymous Coward · 2015-03-23 04:40 · Score: 0
  
  I've seen phones snatched out of people's hands by passing cyclists a good number of times where I live.
  Phone theft may sound rare, but it isn't uncommon
  Pretty common in third world countries, by the way.
  I haven't heard of it happen in New York, but in countries where electronic gadgets are still exclusive, people mug and kill on ocassion. My mother's phone conversation lamented one such killing yesterday, probably from something the other person had been watching on the news.
46. Re:Sooo .. by kenshin33 · 2015-03-23 04:42 · Score: 1
  
  except that polling it continuously will keep the device from going to sleep (have an impact on battery life).
47. Re:Sooo .. by kenshin33 · 2015-03-23 04:52 · Score: 1
  
  there's an app I saw on F-droid, that checks the device's accelerometer and locks it if it detects a sudden violent movement (snatched, falling ... etc) and locks it right away. It is availabale of course in google's play store. Pluck Lock (there are plenty others
  with that said this smart lock thing is very very bad -IMHO which is why I deactivated it completely-, it makes locking the phone a joke.
48. Re: Sooo .. by Anonymous Coward · 2015-03-23 04:52 · Score: 1
  
  Or you could just give the wrong one. I seriously doubt a mugger is going to stick around to try unlocking it with the password you just gave him in the middle of a mugging. Never mind that he would have to take his eyes off you to do so.
  Just give him a really long complicated fake passcode and you can be even more sure.
  Oh boy. If there's anything RISKIER than giving legal advise on slashdot, it's giving this kind actual life-threatening advise. Grain of salt recommended.
  Who will save you when the mugger DOES stay with you for the 3 seconds it takes to test your lie? Don't try to be a dead smart-alec. That's not how ATM pin muggings work, right? The mugger is not going to use pen and paper to write it down.
49. Re:Sooo .. by mu51c10rd · 2015-03-23 05:09 · Score: 1
  
  Why the hell would I want to give your wife the ability to erase my phone?
  To remove the evidence?
50. Re:Sooo .. by jareth-0205 · 2015-03-23 05:18 · Score: 1
  
  Only reason I can think to stick with your stock firmware is that you have to (not available for phone, on a CDMA network where you need to update with a proprietary software item that doesn't work on third party firmwares). I have seven unlock options on my GS3 and prefer to use the "None" option.
  Well off the top of my head I could add 'stock tends to be more reliable' and 'it's faff / risk of bricking your phone to replace the firmware'...
51. Re: Sooo .. by Anonymous Coward · 2015-03-23 05:28 · Score: 0
  
  I use a double tap home or power to wake, or single if it's been under 30 seconds.
52. Re:Sooo .. by OhSoLaMeow · 2015-03-23 05:31 · Score: 1
  
  you should set this up
  Why the hell would I want to give your wife the ability to erase my phone?
  Just in case the OP finds out about you and his wife.
  
  --
  They can take my LifeAlert pendant when they pry it from my cold dead fingers.
53. Re:Sooo .. by mlts · 2015-03-23 05:39 · Score: 1
  
  http://goo.gl/z8ti3D
  From a root command line, you can do:
  vdc cryptfs changepw newpass
  (where newpass is your new password for the dm-crypt volume... which is your /data partition.)
  There is also apps that do this as well, but you need root.
  Of course, when you change your screen lock PIN, it will change the boot password, but that is a given.
54. Re: Sooo .. by Obfuscant · 2015-03-23 05:59 · Score: 2
  
  and thieves know that they can just grab the phone, stuff it in a tinfoil envelope, let it sit for a week or two until the battery dies, disassemble it, then sell the screen, case, and other parts for a good amount of cash. Same thing happens with bicycles.
  I've heard that the batteries in a bike take much longer to run down, and it's hard to find a tinfoil bag big enough. But done right, yes, it's very effective.
55. Re:Sooo .. by Anonymous Coward · 2015-03-23 06:01 · Score: 0
  
  To change the passcode you need the current passcode, as has been the standard for changing passwords since... I can't think of a system I encountered that was not implemented this way, actually. So since computers started having passwords.
56. Re:Sooo .. by shadowrat · 2015-03-23 06:04 · Score: 1
  
  If your are carrying your unlocked phone, and you get mugged and hand over your phone, then the mugger now doesn't have to enter a passcode until he/she puts it down.
  What phone does protect against this? AFAIK all phones will remain unlocked as long as you keep using them. If a mugger grabs any phone right out of your hand, they are going to have access to your email long enough to change key passwords and get all your info.
57. Re:Sooo .. by Plumpaquatsch · 2015-03-23 06:14 · Score: 1
  
  That's not a mugging. Without violence it's not mugging, it's just theft.
  You don't "hand over" something to someone who snaps it from your hands.
  My point being that if the guy has a knife/gun on you and tells you "give me that phone", he could just as well say "password?".
  Or he could just take it, and commit a lesser crime that takes less time and thus has a lower chance to get caught.
  
  --
  Of course news about a fake are Fake News.
58. Re:Sooo .. by swillden · 2015-03-23 06:47 · Score: 1
  
  except that polling it continuously will keep the device from going to sleep (have an impact on battery life).
  It doesn't seem to have a significant impact, AFAICT. I haven't benchmarked with and without, but at leas on my Nexus 6 I didn't observe any obvious decrease in battery life when I turned it on.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
59. Re: Sooo .. by ottothecow · 2015-03-23 07:30 · Score: 1
  
  Although anyone who is mugging you is probably going to take your phone too. At least most of the crime reports I see say something like "suspect demanded victim's phone and wallet before fleeing the scene"
  
  --
  Bottles.
60. Re:Sooo .. by Anonymous Coward · 2015-03-23 08:17 · Score: 0
  
  Most of those will send an email link to the email address you had already registered with them.
  Can be a pain when you don't remember which one that was...
61. Re:Sooo .. by Anonymous Coward · 2015-03-23 08:54 · Score: 0
  
  Yes. Someone's point a gun at you and you're going to hand them the phone, but then when they ask for the password you're suddenly going to be a tough guy. Right?
62. Re:Sooo .. by TuringTest · 2015-03-23 09:15 · Score: 1
  
  Most of those will send an email link to the email address you had already registered with them.
  And thus comes the danger of having all your logged-in email addresses accessible to whomever steals you phone, which was my original point.
  
  --
  Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
63. Re: Sooo .. by mjwx · 2015-03-23 12:48 · Score: 1
  
  Phone theft may sound rare, but it isn't uncommon, and thieves know that they can just grab the phone, stuff it in a tinfoil envelope, let it sit for a week or two until the battery dies, disassemble it, then sell the screen, case, and other parts for a good amount of cash.
  If they're going to sell the phone for parts, why wait for the battery to die? Beyond this, why not simply just remove the SIM card instead. Like a lot of ./ers you're over-thinking things to the point where you've completely ignored the obvious solution, relevent XKCD
  
  Getting the phone wiped isn't a problem for a phone thief, they dont care about your personal data. They want to sell the hardware to make a buck. So they simply take it to a pawn shop run by someone who will get the phone wiped. They want a blank phone to sell.
  
  Even IMEI blocking is useless as you can just sell it over the border and anyone unscrupulous enough to steal a phone wont think twice at selling a phone that doesn't work (and no, there will never be a shortage of suckers).
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
64. Re:Sooo .. by mjwx · 2015-03-23 12:55 · Score: 1
  
  Couple of mitigations
  Which wont do a damn thing to prevent theft.
  
  The thief wants the hardware (which is valuable) not your personal information (which, lets face it, is completely worthless).
  
  The first thing a thief is going to do is sell it to someone who will first reset it to factory settings so they can sell it. Your data actually makes the device worth less than a blank one.
  
  I dont even have a password on my Android phone. The absolute worst thing a thief can do is spam from my Gmail account and Facebook. Seeing as I can simply go to the nearest Telstra shop and get my phone number back by flashing my drivers license, even if they reset my password it's only temporary. However chances are, they wont even bother looking at whats on there and just flog it.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
65. Re: Sooo .. by mjwx · 2015-03-23 13:14 · Score: 1
  
  I was moving at speed in a tuk tuk in Phnom Penh when my phone was stolen out of my hands by two guys on a scooter. Not sure how likely that is for most people, but you did ask.
  Its not exactly a secret that Cambodia is a poor nation with lots of opportunistic theives, what made you think it was safe to play with your smartphone in public.
  
  I've lived in Thailand and the Philippines which are pretty much the same, using a phone in the open is practically asking for it to be stolen.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
66. Re: Sooo .. by Obfuscant · 2015-03-23 13:43 · Score: 1
  
  If they're going to sell the phone for parts, why wait for the battery to die? Beyond this, why not simply just remove the SIM card instead.
  If the phone has a battery you can remove it. No need to wait. But some phones don't have removable batteries. And many phones don't have SIM cards. If you just put the phone in your pocket and take it home to dismantle it, PING, you're it. Go to Jail. If you put it in a bag before you get home, you know it can't ping no matter what it is.
  You're assuming the criminals are smart enough to know what a SIM is or know which phones have and have not removable batteries, or they will know for sure that the phone is off and not just put to sleep. Much safer to bag it and wait.
67. Re:Sooo .. by Obfuscant · 2015-03-23 13:59 · Score: 1
  
  The thief wants the hardware (which is valuable) not your personal information (which, lets face it, is completely worthless).
  Uhhh, what? People bank using their phones. They have online accounts for all kinds of things. Personal data is used to commit identity theft. They SHOULDN'T let the phone browser remember passwords for places like Amazon, but they DO.
  The data may be worthless to the street kid snatching the phone, but to others it can have a lot of value.
  For my latest phone, I'd say the equation you propose is exactly backwards. The phone cost $40. Were I to have actually put personal account data on it, I could be out more than $40 very quickly if the phone is stolen. I'm not treating this phone as my phone, I'm using it as a media device and practice in dealing with a rooted device. I went as far as to create a new Google Play account with no tied credit card data, but a regular user would have all that kind of data on it.
68. Re:Sooo .. by kenshin33 · 2015-03-23 16:12 · Score: 1
  
  I did notice partial a lot of wacklocks (Betterbattery stats) while keeping the phone in my pocket (Nexus 5, with Ambient display on and proximity check on).
69. Re:Sooo .. by exomondo · 2015-03-23 16:16 · Score: 1
  
  If your are carrying your unlocked phone, and you get mugged and hand over your phone, then the mugger now doesn't have to enter a passcode until he/she puts it down.
  So just drop it.
70. Re:Sooo .. by F.Ultra · 2015-03-23 23:14 · Score: 1
  
  What if you store some classified information on the phone that you know is secured by the password as long as the phone is locked. In that case you have no problem handing over the phone but might have a problem handing over the password.
  Or for whatever reason you might have, the important point here is that with the phone locked, YOU have a choice of giving away the password or not. With the phone unlocked you no longer have that choice. That's simply a fact of life and not the same as saying that this is highly important or not, just that it removes your choice.
71. Re: Sooo .. by Anonymous Coward · 2015-03-24 01:06 · Score: 0
  
  Although anyone who is mugging you is probably going to take your phone too. At least most of the crime reports I see say something like "suspect demanded victim's phone and wallet before fleeing the scene"
  If this is a standard mugging I would wager that taking the phone is more than likely used to slow down the victims ability to notify law enforcement than any value of the phone. Most muggers just want the untraceable cash in your wallet.
72. Re: Sooo .. by Hank+the+Lion · 2015-03-24 05:59 · Score: 1
  
  If you put the SIM in another phone (and, thus, cycle power of the SIM) you will have to enter the PIN code before it will register.
73. Re:Sooo .. by Anonymous Coward · 2015-03-24 20:14 · Score: 0
  
  >I have seven unlock options on my GS3 and prefer to use the "None" option.
  I suppose never unlocking the phone is quite secure.
74. Re:Sooo .. by Anonymous Coward · 2015-03-24 20:17 · Score: 0
  
  What's the difference?
75. Re: Sooo .. by Anonymous Coward · 2015-03-25 10:41 · Score: 0
  
  You are a lazy motherfucker. Spell proper words unless you're typing from a 10 year old Nokia. Jesus fucking Christ.
No Thanks by dreamchaser · 2015-03-23 00:57 · Score: 0

I'd rather make my own security decisions. I don't need the 'AI' in my phone deciding if it's me or not.
1. Re:No Thanks by lesincompetent · 2015-03-23 01:06 · Score: 1
  
  For as much as i can agree with you please note that we already delegate much of our security to some kind of 'AI'.
  Don't need to be grumpy about it.
2. Re:No Thanks by dreamchaser · 2015-03-23 01:16 · Score: 1
  
  Grumpy? Not at all. You wouldn't want to see that; nobody does :)
  It's just an example of a solution looking for a problem and thus opening the doors to more potential problems.
3. Re:No Thanks by Anonymous Coward · 2015-03-23 01:18 · Score: 0
  
  I'd rather make my own security decisions. I don't need the 'AI' in my phone deciding if it's me or not.
  How dare Google implement a feature not everybody wants to use?!? What happened to "Don't Be Evil", Google? CIA front operation. They'll probably cancel Android next week too.
4. Re:No Thanks by Billly+Gates · 2015-03-23 01:25 · Score: 1
  
  As opposed to A I now that considers you a new person every15 seconds?
  Very very annoying as my corporate policy is to lock my phone if I want access to their email. I unlock 4 to 5 times an hour!
  Why opposed to this option?
  
  --
  http://saveie6.com/
5. Re:No Thanks by Nukenbar · 2015-03-23 01:38 · Score: 1
  
  I seriously doubt that it is compulsory. I bet you can also turn it off like most new features.
6. Re:No Thanks by bill_mcgonigle · 2015-03-23 01:50 · Score: 5, Insightful
  
  It's just an example of a solution looking for a problem
  Is your claim that nobody is frustrated by having to frequently re-enter a passcode? You do realize that most people's "solution" to this problem is to have no passcode at all, right?
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
7. Re:No Thanks by Anonymous Coward · 2015-03-23 03:06 · Score: 0
  
  It's frustrating yes, but my solution is to use my phone less, because entering a 20 digit passcode every time is hell.
8. Re:No Thanks by houghi · 2015-03-23 03:13 · Score: 1
  
  This is my solution. I do have not any other password on it, so all I will loose is a maximum of 25EUR if I have just recharged the phone + the phone itself.
  
  --
  Don't fight for your country, if your country does not fight for you.
9. Re:No Thanks by amRadioHed · 2015-03-23 03:44 · Score: 1
  
  Obviously this is off by default, no one is trying to make any security decisions for you.
  
  --
  We hope your rules and wisdom choke you / Now we are one in everlasting peace
10. Re:No Thanks by jbmartin6 · 2015-03-23 03:44 · Score: 1
  
  An excellent exercise in risk management, illustrating how security measure are only appropriate when viewed in context with risk. If there's no risk, there is no value in security measures.
  
  --
  This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
11. Re:No Thanks by edtice1559 · 2015-03-23 03:50 · Score: 1
  
  Indeed. Most of us just aren't that important. In another post, I suggested a security measure that might work. In most cases, if you get out of a bad situation with only the loss of a piece of small electronics, you made out wonderfully. A low-tech security measure that would work would be to have a hole (like some laptops do) where you can attach a lock. Then you could handcuff the phone to your wrist. I don't suggest this. I once considered getting one of those brief cases that handcuff to your wrist so I could look cool and important. I decided against it. First, I might get the thing stuck in the door of a transit system. Second, it's an invitation to rob me for my otherwise low value stuff. Worse, once the person who robs me sees that I don't have anything of value, they might get so upset that they beat the snot out of me!
12. Re:No Thanks by gnasher719 · 2015-03-23 04:14 · Score: 1
  
  Worse, once the person who robs me sees that I don't have anything of value, they might get so upset that they beat the snot out of me!
  Just saying: If someone threatens to hit you, there may not be clear case who is stronger, but handing over your phone is less risky, and you might get hurt even if you win a fight, so you avoid it.
  
  But once attacked, you obviously fight back with all you have, and that may not be good news for the attacker. Average desperate druggie is not in good physical shape.
13. Re:No Thanks by Anonymous Coward · 2015-03-23 04:25 · Score: 0
  
  that may be useful if you were congested.
14. Re:No Thanks by Anonymous Coward · 2015-03-23 04:38 · Score: 0
  
  There is definitely a problem, although I'm not sure this is the solution. I currently have mine set up to only timeout->lock after some number of minutes (playing with duration) - and the side (power) button locks it. So if I think I'm done with it for a bit, I lock it, but if it's sitting next to me on my desk I don't have to unlock it to use it, but presumably it will lock after an idle period if I've forgotten about it. Best I've come up with for my security / usability balance.
  Of course, I don't access any services on my phone of great importance (finances, etc). I might lock it always in that case.
...and if someone robs me of my phone... by Anonymous Coward · 2015-03-23 01:00 · Score: 0

...when it's on my person, what then? Seems to me like it would be unlocked, ready for them to disable that feature (as well as any self-destruct mechanism, etc.). No thanks!
1. Re:...and if someone robs me of my phone... by doconnor · 2015-03-23 01:18 · Score: 1
  
  They'll have to enter current the code to disable to feature or change the passcode, just like you do now.
umm by Anonymous Coward · 2015-03-23 01:08 · Score: 1

So the locking in the pocket is stop pocket dialing.... Most of us want that feature.
1. Re:umm by masterofthumbs · 2015-03-24 00:14 · Score: 1
  
  Lock the phone as in require a password to unlock. My phone is "locked" in my pocket but not with a password, its a slide to unlock kind of thing.
horrible idea by slashmydots · 2015-03-23 01:16 · Score: 1

So in other words, you'll be pocket dialing EVERYONE because now you don't have the lock screen to protect you.
1. Re:horrible idea by tawt · 2015-03-23 01:25 · Score: 2
  
  You still have the lock screen, it's just not pin/swipe protected. You'd have to be doing some serious moves to swipe the lock screen away while it's in your pocket
2. Re:horrible idea by Anonymous Coward · 2015-03-23 01:25 · Score: 0
  
  Whereas, with the lock screen "protecting" you, you only pocket-dial 911.
  That, more than anything else, is why I don't use a passcode.
3. Re:horrible idea by Anonymous Coward · 2015-03-23 01:26 · Score: 1
  
  Oh no. Someone made an optional feature I don't like!
4. Re:horrible idea by 0123456 · 2015-03-23 02:37 · Score: 1
  
  Ditto. I had a passcode on my phone until I realized it enabled the retarded 'DIAL 9/11 WITH YOUR ASS!' feature.
No need to lock the phone anyway by Anonymous Coward · 2015-03-23 01:22 · Score: 0, Flamebait

Anybody who puts private information on an Android device is an idiot anyway, because half of the "apps" are malware and the OS can be pawned in no time.
1. Re:No need to lock the phone anyway by richy+freeway · 2015-03-23 01:41 · Score: 2
  
  because half of the "apps" are malware
  Thankfully, I only have the other half installed.
2. Re:No need to lock the phone anyway by BronsCon · 2015-03-23 07:32 · Score: 1
  
  Don't install the flashlight that needs access to your SD card and the internet and you'll be alright.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
How comforting by sTERNKERN · 2015-03-23 01:39 · Score: 2

"It can also recognize faces and remain unlocked when it sees a trusted face." I would choose that 2 seconds entering my pass over facial recognition anytime.
1. Re:How comforting by PPH · 2015-03-23 03:24 · Score: 1
  
  "Was this the face that launched a thousand apps?"
  
  --
  Have gnu, will travel.
Fanbois.... by Anonymous Coward · 2015-03-23 01:44 · Score: 0

...clearly none of you have used an android smartlock. It already has smartlocks, e.g. if its in presence of a paired Bluetooth device, it can be "configured" not to ask for password. If its in contact of an NFC, say that on a charging station or in a watch, it can be "configured" to not ask for a password.
I don't see why this will be a default, for those who want it, it could be "configured". I would want it.
I mean, imagine, a pedo steals it and makes a movie of children playing in the park... oh lord... think of the children.
On the Nexus anyway this is disabled by default by Chrisq · 2015-03-23 01:50 · Score: 2

On the Nexus (and possibly other phones) this is disabled by default. You need to go to Settings->Security then "Trusted Agents" in "advanced". It will then be enabled but still won't do anything until you go to "Smart lock" in the Settings->Security "Screen Security" section and enable one or more of "trusted places", "trusted devices", "trusted faces", and "on body detection". I think the "Trusted devices" will be useful to stop it locking when in my car and attached to the hands free.
1. Re:On the Nexus anyway this is disabled by default by Solandri · 2015-03-23 04:55 · Score: 1
  
  Smart lock is actually too lenient. It'll auto-unlock if it's in a trusted location or connected to a trusted device (e.g. bluetooth headset). The apps which provided similar functionality in Jelly Bean did it right. The first time you used the phone when connected to a trusted device or in a trusted location, you had to unlock it. After that, the app kept the phone unlocked until it left the trusted place or disconnected from the trusted device.
  
  Lollipop's smart lock will auto-unlock the moment the trusted conditions are met. That is, if you have your workplace set as a trusted place, a co-worker who stole your phone simply has to be at work to unlock your phone. There's no need to enter the unlock passcode the first time it transitions from a locked to an unlocked state. Simply satisfying the trusted conditions will clear the lock.
2. Re:On the Nexus anyway this is disabled by default by BronsCon · 2015-03-23 07:36 · Score: 1
  
  Not so. In fact, you can tap the unlocked lock icon on the lock screen to re-lock the phone, even if you're in a trusted location or connected to a trusted device. Leaving, then returning to that location does, in fact, not automatically unlock the phone; you still have to unlock it once, and you can still re-lock it if you so choose. I don't use trusted devices (the only one I'd use is my smartwatch, which someone can just steal along with my phone), so I can't speak for whether those auto-unlock or not, but I'd imagine them to be the same.
  
  Methinks someone is making shit up.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
3. Re:On the Nexus anyway this is disabled by default by jrumney · 2015-03-23 13:15 · Score: 1
  
  Trusted devices is useful for avoiding the driver distraction issue of having to enter my password when I want to read and post to Slashdot while I drive. Having it recognize my Home and Work Wifi networks would be far more useful than this body motion detection.
good idea by johnsmith2708 · 2015-03-23 02:17 · Score: 1

I think, it is a good idea, from google, because, I have a lot of troubles with my phone in the pocket
1. Re:good idea by Anonymous Coward · 2015-03-23 02:26 · Score: 0
  
  If you use it in your pocket you might need to train the face recognition to recognise your dick.
Fingerprint envy by Anonymous Coward · 2015-03-23 02:47 · Score: 0

This feature is totally unnecessary with good fingerprint detection like on iPhone.
False security by Overzeetop · 2015-03-23 02:51 · Score: 1

If it only takes you 2 seconds to enter your passcode, your passcode is insufficiently secure.

--
Is it just my observation, or are there way too many stupid people in the world?
Great Compromise Solution by edtice1559 · 2015-03-23 02:59 · Score: 1

Already most of the comments indicate that this is less secure than having to reenter a pass code after a half a second of inactivity. Different users have different levels of security needs. My guess is that most people don't even need a pass code. It really doesn't provide security against anything other than casual eavesdropping. If you have *real* security needs, you have to have tamper-reactive devices. What *would* be a good solution (probably effective against all but state actors) would be a way of detecting proximity to a smart watch. If the phone gets too far, it automatically shuts down. With full disk encryption (now optional but available) this would solve almost all cases. In a mugging you could also be required to hand over the watch, but that's easily solved too. If the watch is taken off, it has the same effect. No need for fancy biometrics. Just a watch band that conducts electricity when on the wrist. If the clasp is opened or the band is cut, same as the phone going out of range.
This is more secure for most people by Overzeetop · 2015-03-23 03:02 · Score: 1

I might actually consider a passcode if I had this feature. As it is, I don't have a passcode on my phone because it's too big of a hassle. Any passcode which is sufficiently secure will be simultaneously too complex to enter every time you unlock your phone. I struggle with this using my password manager. I had to simplify my master password just to make it usable on my phone since typing in a 24 character password with upper/lower/numerical/specials on a phone is annoying at best. I'm back down to a 10 character pw, and even that has some "patterns" in it to simply entry.

--
Is it just my observation, or are there way too many stupid people in the world?
1. Re:This is more secure for most people by jbmartin6 · 2015-03-23 03:51 · Score: 1
  
  Very true, I just went through this with my bank. They just switched everyone over to username/password only, and I had to downgrade my password so I could use it on the phone. I did the same with my home wifi passphrase. I wonder how much of the recent 'failure of passwords' is due to the limitations of password entry on mobile devices.
  
  --
  This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
I solved this problem 3 years ago with by DRAGONWEEZEL · 2015-03-23 03:35 · Score: 1

Tasker and Secure settings.
Tasker keeps my phone unlocked IFF I'm at home, or in my car. Once my phone leaves those areas, it automatically locks, it's super easy to program, and super easy to use (since I don't have to do anything at all).
I also have tasker shut the phone down at 7% energy if I don't push a special notification button, this way if I need to make a call, I still have enough juice to power up, and get 20 min. of talk time.

--
How much is your data worth? Back it up now.
1. Re:I solved this problem 3 years ago with by GuldKalle · 2015-03-23 03:48 · Score: 1
  
  So I just need to hold your phone outside your house to unlock it?
  I'd really like a variation of this where I only had to enter my password once when I get home, and then it stays unlocked until I leave the house again.
  
  --
  What?
Shake to unlock by Anonymous Coward · 2015-03-23 04:24 · Score: 0

Attention muggers! You are hereby instructed to shake the hell out of victim, before snatching phone
I see by nospam007 · 2015-03-23 04:54 · Score: 1

Hands up! And don't drop your phone!
Just a stopgap by GrahamJ · 2015-03-23 05:00 · Score: 1

Until every phone has a fingerprint sensor.
I would recommend SkipLock by Anonymous Coward · 2015-03-23 06:30 · Score: 0

If you don't want to have to always type know your pass code yet still need some security, I have yet to see a better solution that SkipLock. Simply set up one or more trusted wifi networks to keep your phone unlocked when within their range and your phone locked otherwise. Best investment made so far on the play store.
Android Unlocking Sucks by billstewart · 2015-03-23 08:34 · Score: 1

When I'm talking on the phone, the timer for the screen-lock should NOT be running. I frequently have calls that last more than 15 minutes, often set the phone down and use headphones during the call, and it's really annoying that after I hang up, the phone's locked. (If somebody else calls me when me phone's locked, locking when the call's done is fine, but not when I'm the one who made the call or the phone was unlocked when the call came in.)
I'm running 4.4.2 on a Samsung. The phone is provided by $DAYJOB, so they specify which locking options are available (face-unlock isn't), but otherwise it's pretty vanilla. The code used to require 8 digits, now it seems to be text-input instead; both require me to put on my reading glasses to unlock the phone, especially because the numerical unlocker was really bad at touch-screen control, so I had to look at every digit I pressed and count how many actually got detected. Keypress beeps help, unless you're trying to unlock the phone after silencing it, which I often do, but those have a non-zero time lag after the keypress before it notices it should beep, and you can't always tell 1 beep from N beeps. I can now use Swype, which I couldn't when the requirement was all-digits, but it's not much of an improvement since my password isn't a dictionary word, though I suppose I could set it to "qwertyuiop" or "asdfghjkl".

--

Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
NFC Unlock by Anonymous Coward · 2015-03-24 18:20 · Score: 0

Android Lollipop has a new SmartLock feature that bypasses the use of PINs and Pattern drawings. It uses the NFC which is so much easier.
All you need is a standard conventional wristwatch with an NFC coated sapphire glass like those now being used onf branded watches like Omega, Tag Heuer and such. If you do not have such a wristwatch, then you have to figure out a way to store your programmed NFC pairing with your Lollipop smartphone, onto something wearable.
I'm using this method with a cheaper wristwatch with NFC embedded. No more hassle with PINs, password or whatever. I just place my smartphone against my wristwatch, and voila!!