Locked

We've talked before about how to set up your Android phone with a secure lockscreen, and today we're going to talk about why you should do it. We're all concerned about our privacy and security when it comes to our smartphones and connected devices, and the first step is to take whatever measures are available to us and put them to good use. It's not very wise to sit back and complain about the security issues if we're not willing to take any steps ourselves to keep things private. Ultimately, we as users are responsible for security and privacy on our phones. 

A rally against an application, or our carriers, for privacy concerns is all well and good. It's something we all need to concern ourselves with, and be armed with as much information as possible. But in the end, we have to make the final decisions about what we feel is secure and what isn't. A good start is to keep your private information safe in the event that you lose your phone or it gets stolen. It happens -- it's happened to me, it's likely happened to more than a few of you. You either leave your phone behind somewhere and it's gone when you go looking for it, or some unsavory type takes it upon himself to make your property disappear. A couple years back I was relieved of my laptop and briefcase containing two smartphones in a parking garage, and after the initial period of anger and shock I instantly worried about the fellow having access to my information -- not the equipment itself. Luckily, everything was password locked and I don't think any of my precious data made its way into someone else's hands. The laptop and phones were replaced, and all was well.

That scenario would have played out a good bit differently had the phones been left unprotected. Besides my personal information (which I certainly don't want anyone to have access to) I had business contacts, documents that were covered under an NDA, and other information that would have caused quite a stir if it had ended up in the wrong hands. Companies -- even and especially the one you work for -- take that sort of thing pretty damn seriously, and they should. That means you should. Whether it's some sort of trade secrets, sensitive financial data, or just information about your family, you don't want someone getting hold of it. Would you want someone horrible enough to steal your phone knowing which school your kids attend, or your Mom's address? What about your banking information, or your work email? Just because you have nothing to hide doesn't mean you shouldn't care. If you think cancelling and replacing credit cards and your drivers license is a pain when you lose your wallet, imagine what it's like trying to fix things when your Google account has been compromised. Or your PayPal account. Or even Facebook. 

Yes, it's inconvenient to have to type in a PIN or passcode every time you unlock your phone. It's also inconvenient to pay your car insurance every month. But when the time comes that you need either, you'll be glad you did.

 

Reader comments

Why to use a secure lockscreen [security and privacy]

36 Comments

Great post. My girlfriend learned a very hard lesson almost a year ago when her Droid X was stolen in NY. She had no protection, just a simple slide lock, and we had to live with the fact that someone out there had access to her pictures, text messages and contact lists. It was a terrible thing to deal with and she now has her phone set to pin lock the moment the screen goes off.

It's very important in this day and age where your phone isn't just a mobile phone number and a dialpad, but instead a portal to your identity and personal affects, to have these devices heavily locked down in a reasonably manageable manner. Punching in a 10 character password everytime your screen times out is a pain, but leaving it open for the world to access is a lot more frustrating when that bad day comes.

is the pattern lock any less or more inherently secure vs. a numeric 4 digit PIN?

i do the pattern but i would consider the PIN but i don't like the fact that Android makes you hit "ENTER" after entering the PIN.

theoretically the pattern lock is more secure because there is a larger range of possible patterns. Obviously more points of contact makes it harder to guess

Pattern lock is LESS secure than pin, since it has a smaller range of patterns. At most, you have 9 different points to choose from, whereas PIN has up to 17 digits and can have repeating numbers. Pattern is more convenient though

Thats not true as you can repeat points in the pattern so you always have 9 points on your first pick and then 8 options for each additional pick, They are both equally secure. However sometimes smudges give away easy swipe codes.

Does anyone use encryption feature available in the galaxy nexus?

The 4 digit pin lock has 10,000 combinations (10x10x10x10). I doubt there are than many pattern combinations. Had this happen to a friend a year ago who lost their phone. What a mess. I have used a PIN lock since.

Gee, I hope my phone doesn't fall into the hands of a criminally inclined MIT mathematician. We're talking about keeping miscreants out of your phone, not Stephen Hawking.

The pattern is more than secure enough if you use a complex pattern. Furthermore, your really sensitive data should be protected by a password saving encryption program.

The face-recognition thing is a joke.

The 3x3 pattern lock grid has about 9! (362,880) possible combinations, assuming you use all 9 positions for every pattern; even more if you count shorter patterns. But knowing how many possible patterns there are doesn't help unlock it, unless you're going to identify and systematically try all of them. Either method is enough to slow down any phone-stealing miscreant trying to unlock your phone - enough that they'll lose interest long before unlocking it, unless they already know something valuable is inside.

Neither will protect data on a removable memory card.

It doesn't take a mathematician to break a pattern lock. The smudges are easily visible on phones. I know plenty of people with average to below average intelligence taht can break pattern unlocks

Like my wallet, my phone never leaves my site - ever. The chances of someone stealing it while I sleep or snatching it from my firm grip are something I can live with!

Same here. I'll admit I'm not immune to having bad things happen, but I'm very protective of my phone. I'm more than comfortable with not having any kind of lock on my phone. That said, a security measure I would consider would be a remote lock/wipe app - none of the inconvenience and almost all the protection of a secure lock screen.

Great reminder.

I also will put in a plug for using Cerberus as well. This allows you to lock your screen remotely from the web, and has a host of other cool features you can do remotely like snap a picture, video, or record sound from your missing phone. I highly recommend this if you value your the data on your phone.

Jerry, you're the voice of reason at AC. I bet a lot of people get upset by some of your straightforward, but truthful, comments on the topic of security. I especially like your opinions about Google's new privacy policy. People need to accept the responsibility that comes with the convenience of having Facebook, your email, bank account info, etc at your fingertips and that is securing your phone and using the stock tools that Android gives you to keep that personal information from unwanted and prying eyes. Who have you got to blame but yourself? it can happen to anyone so keep yourself, your family, and your employers from outsiders who want to take advantage. Nice job, Jerry. Keep it up.

I tend to use the pin lock most. I was using the pattern lock but I've had friends "break" into my phone when I used the pattern lock and the reason they give on how they knew the pattern was the fact that my phone had and finger print slide mark on it.

Hmmm, that does seem to be a fly in the ointment considering I wipe my screen clean frequently.

Just changed to PIN.

I'm with Technomom regarding Cerebus. Of all the security apps out there, this is the one that feels most completely and God knows it's easy to use. One page, everything right there in a pull down box, and the app pretty much handles everything.
I've started using the PIN whenever I go out. The whole "the phone never leaves my sight" rationale just doesn't stand up to the uncertainties of the world. If all you had to do is keep an eye on things to ensure you never lose them, we'd never lose our jobs, our girlfriends, our minds, etc. Stuff vanishes all the time. In fact, I wouldn't be surprised to see the second half of this sentence just disa

A work-around is you can get the app Smart App Protector. With it, you can pick and choose which apps to protect with passwords. Thus, you do not need to be inconvenienced with entering a password every time you want to access something on your phone. I think the free version allows you to lock five apps. The full version, for a few dollars, allows you to lock an unlimited number of apps. It works great for me, and I don't lock the "phone" function itself, so I don't need to enter a password every time I want to make a phone call.

Another to consider is App Lock. I've been using that as it allows you to lock, well, what looks to be unlimited. It's free and even has a widget that you can use to turn all your locks on and off with one click.

To everyone recommending Cerberus, thank you very much! This is the exact app I have been looking for. Funny that it never seemed to turn up in my search for a remote wipe application for android. I call on Jerry to do a review of this app ASAP! (please?)

I still think that anyone that has physical access to your device owns it. Pin/password or not, if they really want the data, they will find a way. Not that a pin/password/pattern is useless, as it serves the purpose of keeping the random thief heading strait to the pawn shop from getting at your data. But for true piece of mind, I think you need to find a way to kill the data before they have a chance to get at it.

As an aside, I was very surprised when trying ICS that they made me set a full on phone lock password when I wanted to store the security certificate for the enterprise wireless network I was connecting to. Seems that Google is pushing this way as well. It probably wouldn't be a bad idea for them to make it available to application developers (you must have security set to install this app) if they have not already.

I recently relocated to a particular country, which I won't name (but here's a hint... drones are always flying across our borders). It hasn't happened to me *yet* (knocks on wood), but most of my family and friends here say you're not really a local until someone on a motorcycle has pulled up along side your car and demanded your wallet and phone.

Anybody knows how the PIN lock works? I mean it will prevent you from entering combinations after 10 failed attempts? I remember the iphone will do something like this and even wipe the phone after a number of failed attempts.
Also my Photon has an encryption option. Why would I need that? Is there a way to access the internal memory when encryption would be helpful?

I remember with my old OG MileStone , When you enter the PIN wrong multiple times , It locks it self & asks you enter the GMAIL account you signed in with it the first time you used it
Never tried on my ATRIX though , Since I'm using the fingerprint scanner since day one

Good write up Jerry , On point as always

Personally , Im still a collage student & I got nothing to hide in my phone (All I've is Music ,Videos -music videos & car videos mainly Cadillacs & BMWs- & random Pictures) , but that doesn't mean I don't use lock it with a code

For my Phone :
I've a Fingerprint identification (I've an Atrix) coupled with a Random\Meaningless PIN-code for the LockScreen & I use ZDBox Pattern Lock for the Apps

For my Laptop :
I've a 16 Digit Password

For my iPod Touch :
Back in the day when I'd one (Gave it to my brother) , I'd a Pattern Lock (& a smudge-proof screen protecter) for it , No one touches an iPod thinking it will have a Pattern Lock

One thing you should mention Jerry :

People Do NOT use predictable PIN locks , such as Birthday dates & Graduation dates !!! They are the most predictable PINs !!!!!
The same goes with the Credit cards !!!!

EDIT :
Motorola were kind enough to offer Secure , Locate & Wipe as a part of their MotoBlur \ PhilBlur \ MAP UI

i flirt with lockscreen pins and patterns now and then, but inevitably switch back to a simple slide lock.
this article is a good reminder of why it's important, even if it seems like it isn't. i'm back to a PIN lock now - let's see how long i keep it ;)

I've read all the post and must say that am a cerberus user and I love it....caught the wife trying to go thru the phone while slept and picture was taken upon wrong password. But it's a must you use whatever security options are available

There's one good reason not to use an unlock PIN/pattern. If your phone is lost, the person finding it can't get into your phone to find out how to contact you. That's one of the reasons I don't lock my phone. I also use Cerebus so if it is stolen I can try to recover it and/or remotely wipe it. I've even installed it using ClockworkMod which makes it immune to a simple data wipe.

Your faith in humanity is admirable, and I'd like to be able to agree with you here but I suspect the truth is most lost phones don't find themselves in the hands of good people.
I think a lock is invaluable to prevent other people accessing your data, and a remote wipe tool is also useful if you can't recover the phone.

In the situation that a good person finds the phone but can't unlock it, couldn't you just call the phone and talk to the person who has it?