Hacking the Android Unlock Pattern
Ever since I discovered the Android Unlock Pattern, I’ve been trying to come up with a creative way to get around it. I’m sure there are plently of snazzy software ways to do this, but there’s an even easier one–use smudges.
Especially after you’ve made a call and held the G1 up to your face, some grime inevitably builds up on the screen (eww!). When you run your finger over the screen to unlock the phone, it ends up leaving a surprisingly clear fingerprint trail behind. If you hold the phone up to a light or a window and tilt it around enough, you can generally see the patterns of fingerprints on the screen. Unless the person using the phone did a lot of scrolling around after entering their unlock pattern, it’s also usually possible to clearly see their pattern as a nice little trail of disrupted grime on the screen.
Several people have pointed this out in forums, but I wanted to get a clear picture of the problem. Given the reflectiveness of the G1’s screen, however, this proved surprisingly hard to do. Eventually, I ended up placing the phone under a bright light and then photographing it with an SLR, which allowed me to selectively focus on the screen, and not focus on the reflection on the screen, as my point-and-shoot inevitably chose to do. I then made the resulting image negative in Photoshop, ran it through a high pass filter, and messed around a bit with the brightness and contrast.
The result is an image, on which I’ve overlayed the unlock “dots”:
It’s not hugely obvious at first, but if you look closely, you can see a line connecting the dots from the lower left to upper right corners (forming an L rotated clockwise), the correct pattern. It’s a lot of hassle to show something which is really obvious when you’re actually looking at the phone under a light, but you can see the idea.
This begs the question of how to protect your phone. The most obvious solution would be to wipe the screen after each use (or shower/wash your hands more often), but who wants to do that? Another idea is to create a pattern where you double back over lines you’ve already drawn, thus obscuring the actual pattern, even if someone should see its basic layout. The ease of doing this, however, suggests that maybe the unlock pattern isn’t all it’s cracked up to be–how about adding support for PIN entry in a future release, Google?