Bad news, Droid owners. Android OS version 2.0.1, which all up-to-date Droids are running, has a bug that makes it fairly easy to bypass the phone’s screen-lock security mechanism. The security feature, when working, requires users to input a pattern using onscreen dots before they can access most of the phone’s features (the iPhone offers a similar option).
Exploiting the bug is fairly simple: while receiving an incoming call on a Droid that has its Lock screen activated, you can simply hit the dedicated ‘Back’ button to bypass the lock and jump to the homescreen. This, of course, gives access to the owner’s Email account, cookied web pages, phone directory, and everything else stored on the phone. You can take a tiny bit of solace in the fact that the thief would have to know your phone number or wait for someone to call your phone to exploit the bug, but that’s not particularly reassuring. The issue was first reported earlier today by The Assurer, which says that it is apparently only affecting Android version 2.0.1 on the Droid (which already represents a large chunk of Android’s userbase).
We reached out to Google about the issue, and a Google spokesperson gave us the following statement:
“We are aware of the issue and we’re working to deliver a fix to Motorola Droids shortly.”
Android isn’t the first smartphone OS to fall prey to security bugs like this. In August 2008 a similar flaw with the iPhone allowed people to easily bypass the phone’s lock screen.