PSA: 34% of you aren’t even using a lockscreen password

by: Rob TriggsJanuary 21, 2016
996

lock screen lockscreen security

Android doesn’t have the best track record when it comes to software security. From Stagefright to root exploits, there always seems to be something that could be better. After some pressure, Google is now busy patching away exploits as they appear. But it all might be for naught, as a large number of Android users appear to be failing to use even the most basic levels of security. It’s us at fault this time.

According to data from Duo Labs, which was collected from users who make use of its two-factor authentication system, 1-in-3 Android smartphones aren’t even secured with a lockscreen passcode, which really is the most basic level of protection that everyone should consider.

Although there’s clearly a distinction to be made with elaborate exploits used to gain remote access to your device, smartphone theft is still a major crime statistic across the globe. There’s no easier way to gain access to some of your personal data than by actually having full access to your unlocked phone. Not to mention that today’s smartphones are used for a range of financial transactions and even direct access to bank accounts. We really shouldn’t be making it that easy for criminal types. Collectively, a larger percentage of locked devices makes stealing phones much less appealing too, so we’re in this together.

There are some other rather interesting statistics buried away here too. Android users are much more likely to root their phones than iOS customers. 1 in every 20 Android phones in rooted, while only 1 to 250 iPhone users bother with jailbreaking. While rooting has its benefits when you are watching over it, many malicious bits of software are also looking for ways to gain and exploit root access to bury themselves deep.

Google Play passwordRead more: Are you using one of 2015’s worst passwords? Find out here12

Furthermore, 92 percent of us don’t bother with pre-boot encryption either. While perhaps it might be a little overkill for most users, encrypting your phone is the best way to prevent access to your data, even if someone attempts to factory reset the phone. The group’s data also reaffirms complaints that the vast majority of Android users aren’t receiving the latest and most secure builds of Android, with 32 percent of phones still running Android 4.0 and below.

If you’re unsure how to set a password, just head on over to settings -> lock screen and then pick your preferred method and password. If you’re fortunate, you can even use a fancy technique like your fingerprint or a “knock code” to secure your phone. Come the remaining one third of you, at the very least protect your phone with a lockscreen password or simple PIN.

  • pospolity.janusz

    Yea, sure. Every time after screen awake to typo a pin…. everybodys dream.

    My device don’t have any PIN.

    Its not such easy to steal device from me when i always keep it in my pocket and most the time i drive in a car. Anyway, when i go to the party or something, the smartphone wait for me in my house. Because its a dumb idea to take 600$ device to a party. I always go with the cheap, basic phone (10$ phone).

    And IMO only fingerprint sensor make any sens to secure the smartphone – its very, very fast and very easy to use.

    • Steve Brain

      I suppose it takes someone with who’d write such sentences as “My device don’t have any PIN” to not utilise the most basic security feature on their smart phone. But hey, the guy or girl who steals your phone will forever thank you afterwards.

      • But, it’s not like he/she will return phone to me if they cannot unlock and factory reset it – so why bother?

        • neonix

          Oh, but your precious datas will be safe!

      • JJameson

        My phone stays with me just as my wallet and keys do. If you try to take it from me I will, quite frankly, kill you. My cc gun is a P220 carry and I promise you I won’t miss. I’m not a particularly weak person either with various martial arts and boxing training so even if I’m not carrying, you aren’t going to get away without injury. Of course, being from the south, I always have a pocket knife on me as well so there’s that too. If I ever do something so stupid as to forget my phone somewhere, I’ll just use Android Device Manager to factory reset it. Any banking app requires sign in and I don’t store any other important personal information on my phone. I am finishing my masters in CS this year and I am experienced enough to know what should and should not be on my phone. I get where this article is coming from, but it comes off at elitist and an attempt at shaming people into using a “security” mechanism. Instead of assuming people are too stupid to know or too lazy to care, why not question why people are not using lock screen security? A lot of answers have credence and may actually surprise you. Also, another option is to educate people on Smart Lock and it’s benefits, a good 30+% of android users have access to this feature yet few actually use it. It’s been a fantastic addition to android and one that should be utilized. It’s easily been my favorite, most used, and most recommended android feature over the last year.

        • resource

          i truly hope someone robs you.

          • JJameson

            Good for you, I guess. Thieves are generally going to go for the lowest hanging fruit. The best ways to protect your stuff are to protect yourself and to simply seem more difficult to rob than the people around you. My intention was not to come off as some macho jackass but there really isn’t a way to describe that kind of personal protection without coming off that way. This article was written from the standpoint of,”everyone who doesn’t do this is an idiot and I know better than you so do what I say.” It’s in poor form. It would be more effective to make this into a poll and try to discern the reasoning behind people’s motivations and what holds people back from using said security features. But nope, not a chance, Mr. Triggs was not having that today instead relying on facile arguments to support his point.

        • Brandon

          lol

    • saksham

      i have to touch the home button every time in the lock screen …. too lazy to do dat

  • Joshua Miller

    And if you’re rooted or have an unlocked bootloader, your password and lockscreen can be erased via custom recovery. Just one more thing to throw on top of your phone

    • Steve Brain

      Did you not word your comment correctly? Having a rooted device seems entirely unrelated to having a custom recovery.
      Probably the only thing I like about Samsung phones is the same feature that iPhone’s have.. Locking the device down until you’re able to log in to your Samsung account. Basically a “Go fuck yourself thief” :-)

      • EasyCare

        I’ve never heard of people that don’t root when they have custom recovery.

        • balcobomber25

          I have heard of the opposite, people that root without a custom recovery.

      • balcobomber25

        You don’t need a Samsung device for that, there are dozens of apps you can download that do this same thing.

    • Nathan Borup

      unless you use pre-boot encryption

  • Daniel D

    I use Bitdefender app. If anyone steals my phone I immediately Lock the phone just by sending a message from another phone.

  • kelpa32

    iOS implementation of passcode unlock is way better than Android as it unlock once right id key-in, less one step to press enter.

    • balcobomber25

      My Android phone has that same feature…..

      • tiger

        But iOS has encryption built into hardware and software without user even lifting a finger.

        • balcobomber25

          My Meizu MX5 as soon as I type in the last character of my password it unlocks, don’t even have to move my finger.

          • tiger

            I am talking about true encryption that prevents recovery of data by any means. This requires hardware processor with proper encryption protocol and software.

            Most if not all Android data can be recovered by thieves EVEN AFTER you encrypt your phone and lock your phone via device manager. I don’t know if this applies to 6.0. But anything before 6.0 is vulnerable to a clever thief.

          • balcobomber25

            That has nothing to to do with the OP’s original post about “one less step to enter”.

          • VapinGamer

            Lol, your post is incorrect sir. In order to bypass apple’s sophisticated security and encryption you remove the Sim from said locked phone and insert Sim into new unlocked phone. Go to settings and sync sim. No passwords required and all cloud data downloads instantly.

            I deal with this daily with my nitwit iOS users at work.

            Android is simple, log into account on Web and unlock device.

          • tiger

            Nope. You have to log into Apple services with your Apple ID and password.

  • saksham

    im in school right now and authorities have 0 tolerance if they see som1 with a phone in school so I it mostly sits at home therefore i dont need a lock pin

  • Cakefish

    I’m using the fingerprint scanner on my Xperia Z5 Compact. I’m doing my bit for the cause!

  • McLaren F1P1

    Notification drawer not accessible with secured lock screen! How you turn silent on quickly on the phone then or read some notifications or use IR Remote control?

  • TheGCU

    I have no lockscreen securoty on my phone, amd here’s why. There’s nothing in my phone I worry about someone else getting. No girlfriend to hide stuff from. Nothing I don’t want a cop seeing. And here’s the real, big reason: I don’t want to deal with a stupid code every time I want to use my phone. I want to pick it up and start using it.

    And can we finally stop about phone thieves wanting your data? Phone thieves want YOUR PHONE! Locked or not, they’ll just reflash the stock factory software, and all your ‘security’ won’t matter.

    Let’s be real, the vast majority of phones are lost, not stolen, through carelessness. Do people get held up for their phones? Yes. But it’s not the epidemic that it’s made out to be.

  • Ridge

    I’m surprised this made it as an article. People can do what they want with their phones, and honestly, unless a phone has a fingerprint reader or knock code, a password/pin/pattern is annoying as hell.

    Most of us aren’t secret agents, and if we were, i guarantee they have more sophisticated protection than a password.

  • TheDude

    I don’t use a password/pin because I don’t need one, I have no sensitive data on my phone.

    The only important thing on my phone is a list of all my passwords, but it’s encrypted using SHA-256, so I’m good.

  • Dale King

    It always comes down to the tension between security and convenience. If security is too inconvenient people won’t use it (and for the record I don’t lock my phone and the requirement of locking your phone with the new Android pay is why I don’t use Android pay any more).

    Fingerprint scanning is pretty much the only way that is convenient enough, but having to buy a new phone to get it is too inconvenient. The ability to bypass the lock under certain conditions (forget the name) is a nice idea but I found it extremely unreliable and Android pay still asked me to unlock (usually multiple times).