Is Android's Password Screen Lock Enough Data Theft Protection?

No. The pattern/PIN screen lock is not sufficient to protect the data against sophisticated attackers. However, it might be good enough in practice for most users, if the data is not super high-value.

There are two cases, depending upon whether you enable encryption of internal storage or not.

If you do not enable encryption. In this case, the data is stored on your phone's internal storage in cleartext. In principle, a sufficiently sophisticated attacker, if he has access to your phone, can likely disassemble the phone, pull out the flash chips, and read off the data. However, this requires more sophistication than an ordinary thief is likely to have. It's not as simple as just plugging in a USB cable.

So, if you're primarily concerned with garden-variety thiefs, a lock pattern or PIN might be sufficient, if the lock pattern or PIN is long and strong enough. Some caution is required, because your fingers are greasy and leave smears on the phone, which are visible later. The thief might be able to figure out your lock pattern or PIN from these smudges. See, e.g., the following research paper:

  • Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith, Smudge Attacks on Smartphone Touch Screens, WOOT 2010.

I've summarized the findings of this paper elsewhere, but the short version is that smudges are a serious threat to security, and it's hard to say for sure that you will be safe.

If you do enable encryption. If you enable encryption, then all data on internal storage is encrypted using an encryption key derived from your lock pattern or PIN. In principle, you might imagine this would provide strong security, but in practice, it has several serious shortcomings:

  • Low entropy. There's just not enough entropy in a pattern or PIN to provide a strong encryption key. Others have calculated that there is a maximum of about 400,000 possible Android dot-patterns. That's only 19 bits of entropy, which is definitely not sufficient for an encryption key. (This is probably an overestimate, because not all patterns are equally likely; the short ones are probably far more likely. This makes the actual situation even worse than these numbers would indicate.) The number of possible PINs is comparable, or even lower, depending upon the length of your PIN.

    If a sophisticated attacker gains physical access to your phone, he can likely disassemble it, extract the flash chips, and read off the encrypted data. Then, he may be able to mount a simple brute-force search that tries all 400,000 possible lock patterns, deriving a candidate decryption key from each, and seeing which one works. A 19-bit cryptographic key is not sufficient security to prevent this kind of brute-force search. So I think it would be prudent to assume that if the attacker has enough sophistication to disassemble the phone and read the flash chips, he may be able to get access to your data.

  • Smudge problems. In this scenario, the smudge attack is just as bad. If the thief can recover your unlock pattern or PIN using the smudges on your phone, then obviously the thief can gain access to all your data. See above for discussion of the smudge attack; the short version is that it's hard to say for sure that you will be safe.

Bottom line. If you just want to protect yourself from a thief who grabs your phone and runs, then an unlock pattern or PIN may be sufficient. Realistically, such a thief probably just wants a free phone of their own; they probably don't care about your data very much, or won't expend much effort to try to get to it. So, as long as there is no trivial way for them to gain access to your data, I'm guessing the average thief won't bother; they'll just reset your phone to factory defaults and then start using it.

On the other hand, if you have reason to think that you might be targeted by someone with an interest in the data on your phone, I don't think any of these methods are enough to provide strong protection. Turning on encryption helps a bit, but probably does not provide strong protection.

If you want to protect yourself from the smudge attack, you could get in the habit of wiping off the screen of your phone (this is far from perfect, but it may make the smudge attack harder or successful less often).

For more reading, see Are the iPhone “connect the dots” passwords secure?.

USB debugging. What about USB debugging, mentioned by others? Well, sure, if you enable USB debugging on your phone, then a thief who knows about this can just hook up a USB cable and dump your data. But very few end-users will ever enable USB debugging (and what fraction of ordinary street thieves are going to know about this, or bother trying it?), so this is probably not relevant to most Android users.


You can still install something like http://preyproject.com/ that will protect your phone in case of thief.

I was skeptic at first, but it doesn't only require to be connected to a data connection (wifi/3g) : You can also send an sms and trigger specific action like knowing where your phone is, deleting some data (like accounts, what you are asking for :)).

You should take a look ! :)


If USB debugging is turned on you can start an adb shell. So you can pull files from the phone even if it's locked. If the phone is rooted you can get to application databases and configuration files (/data folders are accessible).

Just like cx42net said, if you can guess the pattern then you're in. If you can't the only way (if configured I think) is to hook it up to a pc and log in to your google account. This unlocks the phone.

EDIT

Something I forgot, but was reminded by IMB's comment. I've used this for my own applications: it would be very easy to write an app that just copies every personal file to the SD card. If USB debugging is turned on you do not need to accept any permissions if you install the app from your IDE (eclipse for instance).

Tags:

Mobile

Android

Recent Posts