2

Imagine the following case. Some lock screen application installed and configured on Android phone. Some pin or password set up. The app configured to be auto run after boot.

I checked this on Android 10. After phone reboot there is time window when OS loaded but lock screen app is not yet run. During this time phone is unlocked and can be normally used. In this period it is possible to just remove lock screen application and reboot without it and phone will be unlocked. When the lock screen app is started the screen gets locked (the time window is about 30 secs - 1 minute). I made 3 mins video with illustration of this behavior.

Is it possible to fix this because as I see all similar apps have such vulnerability? Or only stock Android screen lock setting is recommended to be used as reliable phone security lock?

I assume that this should be fixed on OS level by means of:

  • Setting/option that will allow user to enter to the system after its reboot (swipe slider on first boot screen) only after all apps in the system will be run (when system and all its apps are fully started).

Am I right that such setting now is not exist? Are there some custom work arounds? Is it possible to prohibit removing some app (the lock screen app) or at least to hide it shortcut from desktop?

Update 1. I have checked with another lock screen app ("Lock screen passcode" by "kunkun apps") on clean Android 7 on "Nexus 5" emulator. Got the same result. 5-mins video with illustration is here.

Improve this question
8
  • 1
    your description looks like a HUGE bug in Android, which very, very should be reported and fixed, but... I doubt it exists. Would advice to check that in this 30sec-1min window you can really do any operation (like removing anoything), I very doubt... Even if some logs suggesting that device isn't secure or locking Activity is starting some time later doesn't mean that device isn't secure Commented Nov 2, 2022 at 20:16
  • 1
    @snachmsm I made 3 mins video with illustration of this - youtube.com/watch?v=YiE-beNGRp8 - yes, it is possible to remove anything during this time window. I think this is not Android bug because stock lock screen does not have such problem. This seems is a huge security hole of all such screen lock apps developers of which had not considered current Android's architecture. Commented Nov 2, 2022 at 20:57
  • 1
    have you checked with other OS modifications? not MUI, but e.g. Samsung, Huawei, maybe some "clean" mods like Pixel/Nokia/Sony? imho this should be reported somewhere, but not shure where: Android or MIUI team Commented Nov 3, 2022 at 9:49
  • 1
    @snachmsm No, by now I checked only on Android with MUI. The first place to report about this bug is this 'lock screen' app with which this problem was revealed. To Android/MUI team we can also try to report this bug but most likely they say something about not proper understanding Android architecture and will recommend to use stock lock screen functionality. Also we can try to request to implement feature with some option that will allow to fix this bug. I will report when I have time. I will keep this question updated. Commented Nov 3, 2022 at 21:12
  • 1
    please check at first on different Android distributions, blindly I would blame MIUI (particular, older version?), just basing on my experience... there is a chance for some wrong implementation in one or two apps (still, this "mistake" shouldn't be possible, so Android bug), but if this occurs in many of them - popular, long-living in store and trusted - I would blame OS Commented Nov 3, 2022 at 22:39
Related questions
4
Customizing Android Lock Screen functionality?
4
Personalized lock screen for Android
80
Android Lock Screen Widget
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.