Android lock patterns same as having ‘password’ as your password

24 Aug 2015

Using the Android lock patterns feature. Image via Luke Maxwell

Users of the Android lock patterns security feature are unwittingly leaving themselves open to having their phone accessed due to the predictability of the average phone user, a new study shows.

Launched back in 2008 with the first phones to feature the operating system, the Android lock patterns (ALPs) security measure was introduced as an alternative to the PIN entry at a time when people were accessing their phones multiple times throughout the day.

The now-familiar security feature requires the user to swipe their finger across a number of nodes in a 4×4 block to leave a distinctive pattern that, when entered, unlocks the phone.

And while significantly faster than entering in a PIN each time, a new study appears to show that using this security method is equivalent to making your password ‘password’, according to Ars Technica.

The study conducted by Marte Løge, a graduate student from the Norwegian University of Science and Technology, collated more than 4,000 ALPs created by Android users and began noticing some pretty shocking levels of similarities between them.

ALP complexity

A series of complex patterns suggested by Marte Løge. Image via Marte Løge

For example, she found that nearly half (44pc) of all those surveyed began their ALP in the top left-hand corner of the screen while just over two-thirds (77pc) started their pattern in one of the four corners.

Crucially, most users are using the minimum of four-node entries, which drastically reduces the number of potential combinations from a possible 26,016 with a six-node entry, compared with just 1,624 with a four-node entry.

Likewise, Marte found that the patterns people entered into phones were largely uncomplicated and, in 10pc of cases, were in the shape of a letter of the alphabet typically referring to the name of someone they are close to.

This behaviour could give someone attempting to access the phone a potential one-in-10 chance of gaining access.

Speaking to Ars Technica, Marte said: “Humans are predictable. We’re seeing the same aspects used when creating a pattern locks [as are used in] pin codes and alphanumeric passwords.”

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com