aboutabout_customblogCreated with Sketch.blog_customcameraclosedocumenteditelieCreated with Sketch.menumessagenotepadpen_toolphotoCreated with Sketch.photos_custompublicationsCreated with Sketch.publications_customsearchCreated with Sketch.search_newsmileuserCreated with Sketch.videoCreated with Sketch.video_newvideos_custom
downloadfacebookgoogleinstagramlinkedinlocationmailredditCreated with Sketch.tagtwitteryoutube

Survey: Most people don’t lock their Android phones — but should

Half of Android users don’t bother to lock their phones, despite having the choice of using patterns, passwords, PINs, and even their faces to secure their devices. This contrasts starkly with a report from the Federal Communications Commission warning that up to 40 percent of robberies in major cities involve cell phones.

More precisely, over 52 percent of people who responded to the Google Consumer Survey I conducted of 1,500 Android users said they prefer to leave their phones unlocked. I conducted this survey using Google Consumer Surveys on Android via the Opinion Reward app.

While entering a PIN code is reported as annoying by the people who responded to my survey, Android does offer a safer and easier alternative called a lock pattern. It provides more possible combinations than a password — a 9-point unlock pattern has a 389,112 possible patterns. Compare that to only 10,000 combinations for a standard four-digit PIN code.

So not only are patterns faster, but they're also safer! And the FBI has said in court documents that they were unable to bypass the lock screen and access the contents of a Samsung phone.

That said, no security is perfect. Both lock patterns and PIN codes can be vulnerable to smudge attacks, as a 2010 Usenix paper illustrates. (See screenshot above.) So whether you use a PIN or a pattern you should change it from time to time. You might also want to go to your phone’s options screen and disable the display of the pattern so people can’t “shouldersurf” it.

Click on the link above to discuss this post on your favorite social network.

Elie Bursztein

I lead Google's anti-abuse research team, which invents ways to protect users against cyber-criminal activities and Internet threats. I blog about web performance and security.

Read next

Elie Bursztein © 2015
Papers
Blog
Photos
About Me

Recent entries