Yesterday, we told you about the Amazon Moto G5 that easily bypasses lock screen security. It is said to be experienced by several Moto G5 and G5 Plus phone owners. What happens is the that when the Android phone is unlocked, an ad shows up, and then when you click on the ad, you will be directed to a web browser that then takes you inside a security lock. It shouldn’t be happening because it means anyone can easily get inside your phone and bypass security.
Apparently, there is a worthwhile explanation. Of course, we’re only expecting for a solution but a certain Jaraszski Colliefox shared the reason could be this: on-body detection. It is a feature that needs to be disabled for the issue to be fixed.
This security flaw is non-existent but it goes away when you turn off the on-body detection feature in Smart Lock. We’re not sure why this is enabled though in some Android devices because those who experienced the “problem” claimed to have never enabled the on-body detection. It gets a bit confusing but we learned about this feature three years ago.
So if you’re one of those complaining about the lock screen being easily bypassed, simply turned off on-body detection in Smart Lock.
Mystery sloved! There is a feature called "on-body detection". If this is disabled it fixes this issue. I never turned it on so it must be on by default I assume.
— Jaraszski Colliefox (@jaraszski) January 25, 2018
VIA: jaraszski
Thank you for issuing a full retraction. Most the sources merely added an update to their original story. This is the only full retraction I have seen.
I must say though that this doesn’t really speak well of the tech press. A tweet and a Youtube video started this whole mess–I think Android Police may have picked it up first. Then 10+ other sites picked up the same story.
Given the multitude of different setting possible on an Android phone the Tweet and Youtube video should have been suspect, especially since the initial reports were that it couldn’t be replicated on all G5 + Amazon devices. I suspect you could replicate this on any Android phone with a fingerprint scanner–but of course you’d need to either swipe up or hit another lock screen notification rather than an ad. A user did report the same issue on a Samsung device. And it’s not like it was even a critical flaw given you’d need to get local control of the device within about 30 seconds. There are other Android settings that could lead to similar “risks.” In the future a bit more investigation prior to reporting would be in order for something that is not a critical risk.