Motorola worked to recreate the unlock scenario seen in the video and found that it appears to be caused by an Android setting called Smart Lock, which allows the device to remain unlocked via body detection. This Smart Lock feature works as designed across Android phones and is completely separate from the lockscreen offers and ads experience on Prime Exclusive Phones.
On-body detection is a smart lock feature introduced with Android Lollipop that aims to reduce the time a user spends unlocking their device. It uses a smartphone’s accelerometer to detect if the handset is still being carried/used by the person who last unlocked it. This feature was seemingly enabled for the user who was able to bypass the lock screen, so the device’s security and advertising features were working as intended. The user maintains that they didn’t activate it manually, however.
Amazon launched its Prime Exclusive phones service in 2016, offering Prime subscribers a chance to get Android phones from major OEMs at discounted prices. The catch was that the phones would also come with Amazon advertising. We wrote about the savings you can make with these devices just yesterday, but a subsequent development might make you think twice before picking one up.
Twitter user @jaraszski recently uploaded a video earlier this week (caught earlier today by Android Police) that shows how the Moto G5 Plus Prime Exclusive can be bypassed with a rather simple workaround. In the video, the user taps the fingerprint sensor button—which says “not recognized”—then hits the power button, before tapping on the Amazon lock screen ad that pops up to gain full access to the device.
Hey @amazon @MotorolaUS. I found a security flaw in my Amazon motot g5. Hit fingerprint sensor (it says fingerprint not recognized), then press power button, then click view ad on the lockscreen. This gives you 100% access to the phone. pic.twitter.com/eqLWLn34pD— Jaraszski Colliefox (@jaraszski) January 22, 2018
What’s more, this doesn’t appear to be an isolated incident, as a second video has also been uploaded displaying the same problem.
With smartphones being home to so much of our personal information, being able to hypothetically unlock another person’s device in such a simple manner is alarming. But it seems that not all users can recreate this workaround, while others say that it happens to them only if they have already unlocked the device within the last 30 seconds or so.
It’s certainly something that should be investigated, but it might still be too early to say this is a gaping security issue: perhaps it’s related to a rogue bug or something that certain users have (inadvertently) installed/changed. I’ve reached out to Amazon regarding the matter and will update this story when I hear back; let us know in the comments if you’ve experienced this or something similar.