Skip to main content

PSA: Smart Lock on-body detection leaves your Android device unlocked longer while charging

Avatar for Ben Schoon  | Mar 15 2019 - 1:59 pm PT
0 Comments
android on-body detection

Before the days of fingerprint sensors and face unlocking, the only way into our phones was with a PIN or password. That’s why the addition of smart lock back in Android Lollipop was so appreciated. Recently, though, we’ve become aware of a smart lock flaw on Android that leaves your device unlocked for longer than it should. Here’s what you need to know.

Android Smart Lock has four current methods to unlock your device with Trusted Places, Trusted Devices, Voice Match (which is being replaced), and On-body detection. The flaw we’ve recently exposed only affects on-body detection.

That feature, when enabled, is designed to leave your device unlocked as long as it’s in your possession. While it’s in your hand or pocket, the device remains unlockable without a PIN, password, or fingerprint. Once you put the device down on a table, however, it’s supposed to relock pretty much immediately. However, that doesn’t happen when the device is plugged into a physical charger.

As a tipster pointed out to us this week, plugging in your device with on-body detection enabled through Android Smart Lock leaves the device unlocked for a longer period of time. We’ve not been able to determine the exact period of time that the device remains unlocked, but in some cases as much as a few minutes can pass with the device charging and resting on a still table where it remains unlocked when picked back up.

Android Smart Lock on-body detection

Generally, the device does eventually relock, but the security implications here should be obvious. If you’re out in public and leave your phone unattended for a moment while charging, someone could easily get into your device because of this flaw. We were able to replicate this problem on multiple Pixel 3 devices on both Android Pie and Q, as well as a Razer Phone 2 on Pie.

Google has confirmed that they are aware of this issue and is working on a fix. Currently, it’s unclear when this fix will roll out, so we’d recommend turning off on-body detection in the meantime.

Thanks Troy!

More on Android:

Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Check out 9to5Google on YouTube for more news:

Comments

Guides

Android

Android

Breaking news for Android. Get the latest on app…
Smart Lock

Smart Lock

Author

Avatar for Ben Schoon Ben Schoon

Ben is a Senior Editor for 9to5Google.

Find him on Twitter @NexusBen. Send tips to schoon@9to5g.com or encrypted to benschoon@protonmail.com.

Ben Schoon's favorite gear

Google Pixel Watch 2

Ben's smartwatch of choice with his phone is the Google Pixel Watch 2.

samsung galaxy s24 ultra

Reserve Galaxy S24

Reserve the Galaxy S24 series for free and get a $50 credit, no obligation required.