Galaxy S II

We love to think that once we set a pattern lock -- or any sort of lock -- on our beloved Android device that our information is safe, right? Well, the guys at BGR noticed that the information on the upcoming AT&T version of the Samsung Galaxy S II isn't so safe behind a once trusted pattern lock, and that it can quite simply be bypassed.

All you have to do to get around this is wake the device using the lock key, then let the screen time out, then wake it again with the lock key and you can access all the data. We have seen similar issues with Samsung in the past on the Fascinate, so maybe it is time they take a step back from all the added customizations. We can confirm that it happens on our review unit of the AT&T version, but the Sprint version does not suffer from the same issue.

Note that this indeed is a problem with all of the included locking mechanisms -- pattern, pin and password.

Hit the break check out a quick video of it in action and the official response from Samsung

Source: BGR


Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password – but the password is not actually necessary to unlock it.

Samsung and AT&T are investigating a permanent solution. In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the “immediately” setting. This is done by going to the Settings ->Location and Security->Screen unlock settings->Timeout->Immediately.

There are 27 comments

Cubfan says:

Wow, that's nasty. Then again, you can hold the phone at an angle and look for the swipe trail to unlock most others without this bug.

Does it work the same for the PIN unlock?

failmatic says:

Only if the person using the phone doesn't do anything else after the unlock. The chance of that is pretty slim if you just pick up a random phone. If you want to f with a friend, then its easier as you can clean the screen, have him unlock it and check the smudge pattern.

AdamW#AC says:

Holy cow. Is that the world's smallest phone, or the world's biggest hand?

icebike says:

How in god's name did this happen?

If it works on one SII, why would it fail with a different one?
What would the do on an AT&T version that they don't do for others?

And how did they get in front of basic Android Functionality like the lock screen?

Classic At&t trying to bring down samsung for apple nothing new here apple and at&t are losers...

likwidsoul says:

Biggest hand. He makes a dell streak look like an incredible. Lol

TheGame1083 says:

I have that same flaw on my Droid Inc 2, cause i have android 2.3.5 on mine and the flaw is on all versions

Go Android! says:

Not all. I'm running 2.3.5 on my Evo and don't have this flaw.

Whyzor says:

This doesn't happen with ALL android devices (just tried m LG Optimus V with CM7 ROM), and it stays pattern locked. So either AT&T or Samsung did something wrong here. This confirms my theory, the more bare Android, the better.

lips2286 says:

Dear ATT,

Stop f'ing with Android devices to make your Cr'Apple phones look better. Once again Apple fell behind the innovations and you and your half-baked network are scrambling to make it better. Maybe you should go back to carrying the iPhone exclusively. While you're at it, stop selling Android phones too. Blocking sideloading and hindering the capabilities of Android devices is a shady practice. Spend more money on the network and less on screwing your customers!

icebike says:

You give AT&T far too much credit.

They have no one competent to make any changes in Android on any device. They hire this work done by the manufacturer.

This babe lies directly at Samsung's door step. It isn't the first phone they screwed up.

For once AT&T is blameless, if only by virtue of being clueless.

I'm invoking Hanlon's razor here.

PRETTY sad how apple is doing anything they can to bring down samsung even using At&t should've been expected. Apple is so sad and so is at&t

squiddy20 says:

I knew you were stupid, but I had no idea you were THIS stupid. Did you even bother reading the article? It has absolutely nothing to do with Apple. Not one bit. Apple isn't mentioned anywhere but in the comments section by idiots like you. TRY reading the article for once in your life. You might grasp the situation better. "PRETTY sad how" much of a moron you are.

Makai5 says:

what a bummer. hope they fix this in an update SOON

I think a screen lock gives too many people a false sense of security. You have a mobile computing unit in your hand. Much like the computer you have at home (or in your backpack), it is prone to snoops and thieves. No manner of barrier you put up to prevent information from being obtained from your device will shield it 100%. If someone out there is desperate enough or just plain bored enough that they want to gain access to your computing device (hello PSN?!), it'll be done.
I see this as a minor thing that I'm sure Samsung will fix in some update, but putting your eggs in the basket of the lock screen is simply not wise.

icebike says:


jjetson says:

Idiotic response for lacking Android device and OS security. Check!

roflitsowens says:

This is why Samsung should stop being a proud creature and spending so much time on TouchWiz. Sure, it's neat, but for the average consumer, if all manufacturers ran the basic interface that Google provided with the Android code, people wouldn't have to learn a new Android phone after using their last one. Not only that, but as you can see, a manufacturer messed with standard Android code and messed something up in the process. AOSP. Nuff said.

dalvik says:

Atrix FTW! :)

Taz89 says:

Seems to be an issue with 2.3.5...just tried it on my European gs2 which has same issue sadly

onsightit says:

There is an even bigger security flaw on all phones using pattern locking. Cubfan mentioned it. Hold the phone at an angle and the smudge pattern is usually obvious. I've seen it on my phone. The smudge is obvious because most actions after unlocking the phone are touches, not swipes. I use a pin now. I used to use my fingerprint reader, but it was only 25% usable most of the time (buggy Atrix).

ItsaRaid says:

hey the AT&T SG-S2 has no LED Notification, any work arounds for this that anyone knows to exist?

hmmm says:

You can use an app from the market like missed message flasher. It will quickly flash the screen on then off. I haven't used it personally but would look to something like that if I had a phone without a light. There is also an intriguing looking app called NoLed that will flash a simple icon on your screen like a mail envelope or whatever. Looks kind of neat. Probably really looks good on super amoled screens due to their nice black levels.

hmmm says:

Now we will see how long it takes Samsung to support updates on their new devices. Hope it's better than the Samsung updates of the past.

DWR_31 says:

When using pattern unlock use all the dots and at points make sure to crisscross paths.

mrbizzy72 says:

Typical Samsung... Always something!

The myTouch 4G did something like this. But you have to had entered the unlock pattern then let it timeout. Once you hit the power button again it would just unlock.