Android Security Tech News

New Research Proves Android Unlock Patterns Suck

Dave Parrack 30-09-2017

If you unlock your Android handset using a pattern, you should consider using a PIN code instead. Because new research shows that Android unlock patterns are really not secure. If no one sees you swiping your finger over your screen then you may be OK, but how many of us even try to hide it?


There are various ways of stopping people from accessing your phone. Apple has been innovating with biometrics, first with Touch ID, and now, with the iPhone X, Face ID Buying an iPhone X? Face ID Might Make You Reconsider The iPhone X's most notable feature is the Face ID device unlock system. But how secure is it? Will Apple have access to a huge database of everyone's faces? Read More . But Android users tend to be stuck choosing between a pattern and a PIN. Only one of which is up to the task.

Android Unlock Patterns Are Useless

Android unlock patterns are, according to a joint study by security researchers at the US Naval Academy and the University of Maryland Baltimore County, really easy to crack. And all it takes is for someone to see you unlocking your phone. After which they can break into it without even trying.

The research paper, titled, “Towards Baselines for Shoulder Surfing on Mobile Authentication” compared the effectiveness of patterns and PIN codes. To test both methods, 1,173 subjects from Amazon’s Mechanical Turk were shown videos of people unlocking their phones using both methods.

The subjects were then asked to guess the unlock pattern or PIN. After just one viewing, 64% of subjects could guess a six-point pattern, rising to 80% after two viewings. In contrast, just 11% of subjects could guess a six-digit PIN after one viewing, rising to 27% after two viewings.

This is clear evidence that unlock patterns are easier for snoopers to both see and remember. Which makes it a lot easier for an opportunistic thief to spy over your shoulder until you unlock your phone, then snatch it, and gain access to everything. Using a PIN makes that scenario less likely.


Switch From Using a Pattern to a PIN

This new research backs up previous research suggesting 95% of unlock patterns can be cracked within five attempts Pattern Locks Are NOT Secure on Android Devices Android's pattern lock isn't the best method for securing your device. Recent research has found that patterns are even easier to crack than before. Read More . So, by all means carry on using a pattern to unlock your phone, just don’t blame us when someone else figures it out. The rest of you may want to switch to using a PIN.

Do you use a pattern or a PIN to unlock your phone? Do you hide your pattern or PIN when unlocking your phone? Or do you tend to do it in full view of snoopers? What do you make of the research? Will it change your behavior? Please let us know in the comments below!

Image Credit: Chilanga Cement via Flickr

Related topics: Biometrics, Face Recognition, Smartphone Security, Touch ID.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Scott Sanders
    October 1, 2017 at 12:49 am

    As the previous commenter mentioned, saying Apple is innovating with FaceID and that Android users are stuck is deceiving. Android has had face unlock for at least 5 years. And my Galaxy S8 gives me the choice of pattern, pin, face unlock, fingerprint, and even iris scanning. The latter 3 are biometric innovations and choices that are just as secure on Android.

    • vferg
      October 1, 2017 at 10:36 am

      Yeah, wow I am also shocked by that comment... Completely dismissed Android as the 1st phone to use face biometrics. I had the Note 7 with Iris scan, and the S8, and now the Note 8. They all have it. I guess well find out if apple truly did do it right though once its released. My guess is probably not and they are just trying to sell everyone on it as much as possible since they were not able to complete the under the glass fingerprint scanner leaving them with only this method to unlock it. Ill be the first to admit its garbage on the android devices for the 1 reason it takes to much effort to unlock the phone. I will always pick fingerprint because of that.

  2. Gazoo
    October 1, 2017 at 12:31 am

    > This is clear evidence that unlock patterns are easier for snoopers to both see and remember.

    Our brains process graphics much more naturally than words and numbers. I can't tell you how often I can see an image of a face (famous or not) and not remember the name; a scene from a movie but not the movie's title.

    Another thing about unlock patterns is that you need to wipe the screen constantly. The pattern itself leaves a smudgy imprint on the screen.

    The thing about FaceID, aside from obvious security issues on the phone... is that it *may* eventually take the place of two-factor auth, web signups/logins (like facebook), bank auth, etc... In fact, given the lack of protection for the consumer re: privacy... the need for sites/gov to collect data -- I wouldn't be surprised to see a bigger push for this.

    Personally, I obscure my phone, use pattern and wipe screen. It works best for me for everyday usage. Not interested in touch/faceID but I can see the alternate arguments. To each their own.