Mobility

How to secure Android Lollipop's Guest mode

If you happen to have a Lollipop-flavored device that includes multi-user support, Jack Wallen offers some advice on how to make it more secure.

Guest mode

One of those "about time" features found in Lollipop is multi-user mode. By default, you'll find an Owner and Guest user. The Guest user is there so you can hand over your device to another user without them gaining access to your personal data. Out of the box, the Guest mode has no credentials—it can even switch back to the Owner user and place calls with your device. Fortunately, I have a few suggestions on securing the Guest mode on Android Lollipop.

I should preface this by saying that not all iterations of Android Lollipop are equal. For example, the HTC M8, the LG G3, and the Samsung Galaxy S4 upgrades to Lollipop do not even have the multi-user feature. In fact, the only way to gain multi-user support on these devices is to load a custom ROM. If, however, you own a Nexus or other device that offers a more pure Android operating system, you're in luck. How do you know if your device supports multi-user mode? Easy. Pull down the notification tray. If you see the multi-user icon in the upper right-hand corner (Figure A), then your device offers multiple users.

Figure A

Figure A

Guest mode icon on a Verizon-branded Nexus 6.

Once you know, for sure, that your device offers this outstanding feature, let me offer up a few tips to help make it secure.

Lock it down

Out of the box, your lock screen has no protection. This means that you can switch back and forth between Guest mode and Owner at will. Switch your device over to Guest, hand it to someone, and they can easily switch it back to Owner and gain access to your data. To that end, you must set up a PIN, password, or pattern for your Owner account (this should be one of the first things you do when you get a new device anyway).

To set up the lock screen, tap Settings | Security | Screen lock, and then select the type of lock you want (Figure B). You'll be prompted to enter (or draw) the PIN, password, or pattern twice.

Figure B

Figure B

Setting up lock screen security.

Once it's set, you'll have to enter your PIN, password, or pattern every time you switch from Guest to Owner.

You can also add lock screen security to the Guest account. However, there's a nifty feature for Guest mode that allows the Guest user to "start over," thereby erasing all settings from the previous Guest user. If this is chosen, the lock screen security will be removed. Because of this, I often recommend (to those who have a more serious take on security) deleting the Guest user and adding a new user to the system. With the new user added, you can set up the entire environment how you want it, which includes lock screen security. The caveat to removing the Guest user is that a full-blown user doesn't get the option to "start over" with a clean slate every time you switch from Owner.

Adding a new user

You don't have to get rid of the Guest user. You can always add a new user and not make use of the Guest account (unless you want to allow someone to use your device without the ability to place calls).

Only the Owner can add a new user. Here's how:

  1. Pull down the notification bar
  2. Tap on the User icon
  3. Tap the Add user button (Figure C)
  4. Tap OK
  5. Walk through the Android setup process for the new user

Figure C

Figure C

Adding a new user.

Enable user phone calls and SMS

By default, new users (and the Guest user) are unable to place calls on your device. This should remain in-as for the Guest user. However, if you create a new user on the device and want to let that person place calls, do the following:

  1. Pull down the notification bar
  2. Tap on the User icon
  3. Tap MORE SETTINGS
  4. Tap the gear icon for the user in question
  5. Tap the switch for Allow phone calls and SMS until it's enabled (Figure D)

Figure D

Figure D

I would recommend only enabling this for trusted users.

A caveat for all

One important thing to know is that all users can install apps (if the user is associated with a Google account). Even the Guest user can open up the Google Play Store, add their Google account, and install apps on the device (a security issue Google should probably consider addressing). If you have a full-blown user setup (with an included Google account), they can install apps that will only be available to that particular user. Each user can only update the apps they've installed (not system or default apps).

The Lollipop multi-user mode is a very welcome feature for a lot of different types of users and environments. Whether you're a parent wanting to allow you kid to use your device or a company who needs to be able to shift devices around, Lollipop has you covered.

Have you tried multi-user mode on Android Lollipop, or do you have a device that offers a watered-down Lollipop experience? Share your experience in the discussion thread below.

Also see

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks

Free Newsletters, In your Inbox