A recent update to Android Lollipop added yet another Smart lock feature to the system. This new addition allows you to enable Smart lock for when your device is on body. In other words, when you've unlocked your device, and Android detects you're carrying said device, it will remain unlocked. At first blush, this seems like a really keen idea. You're carrying the Android smartphone, so why should it lock? It makes the daily grind of in and out of the device much easier.
Similar to location-based Smart lock or even trusted devices-based Smart lock, "on body" Smart lock allows you to completely bypass your lock screen... effectively bypassing your first means of security on your device.
That's all fine and good, as long as Android knows, for sure, that you are the one carrying your device. What happens if an unlocked device is carried by another user? It remains unlocked and vulnerable.
Personally, I think this is not a good idea. Efficient? Yes. Secure? Not so much.
Don't get me wrong, I get where Google is going with this; they want to make the Android experience as user-friendly and easy as possible. That is a noble, but lofty, ambition... one that needs a bit more consideration.
What's right with Smart lock?
No one truly wants to have to go through the process of entering their PIN/Pattern/Password throughout the day. With Smart lock, that annoyance is circumvented... as long as the conditions are met.
However, circumvention is the problem.
What's wrong with Smart lock?
The answer to this question is simple. Although the system works quite well, the margin of error is far too great. Consider this scenario:
- You have a trusted device (say a Bluetooth speaker) set up with your Android smartphone
- A person of questionable intent knows you've set this up
- The person in question walks away with both your phone and your speaker
- Said person now has access to your data
When making use of Smart lock, you circumvent the security of your device. This makes it easier for anyone to get to your data. To that end, can anything be done to make this system not only improve the user experience but retain the necessary level of security?
Here's my suggestion... at least on a user level. If you want to use Smart lock to be able to gain quick and easy access to certain aspects of your device (such as the phone), but keep a modicum of security on other aspects (such as email, messages, etc), employ an app locker app (such as AppLock) to lock down the applications that require security.
Truth be told, anything that circumvents security on a mobile device shouldn't really be considered an option by most users, especially those that have sensitive data. But an even clearer truth is this—users tend to be lazy and want the easiest route to success (even if only in the form of getting to their mobile apps). But when handing over ease of use brings a level of insecurity to a device, then that should be considered poor planning.
Don't get me wrong, I actually like the idea of Smart lock. In fact, on a couple of my Android devices, I use the system (location-based only). I believe Smart lock is something Google should continue to develop, but with a bit more concern for security. Maybe this means implementing a built-in app lock system that requires users (upon setting up smart lock) to lock down particular apps with an app password (at a minimum).
Even if you are obsessively careful with your device, life happens. You could leave your phone behind, drop it out of your pocket... who knows. Because chaos is a part of the universe, you never know when it'll strike your Android device, and you'll be left scrambling to locate it before your data is breached. If you have Smart lock enabled, and the conditions are right, your data may as well be considered exposed.
Smart lock is something that can be used successfully, if used wisely. Security of your mobile data should always be at the front of your mind. Don't let ease of access cause you to fall victim to the loss of sensitive data.
Do you make use of Smart lock, or do you prefer a higher level of security on your mobile devices? Let us know your preference in the discussion thread below.
- Pro tip: Bypass your Android security lock with your face
- Keep your Chromebook unlocked with Lollipop Smart Lock
- Disable notification content on Lollipop lock screen for better privacy
- 10 things you can do to make Android more secure
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.