Be careful: your smartphone has a security flaw

android smartphone security flaw
ECOVACS

No, the title you read is not a clickbait: in all likelihood, your smartphone has one security flaw which, although it is not extremely serious, should not be underestimated. The idea for this "investigation" came to me after having wrote this article, in which I focused on a problem that jumped out of Xiaomi's MIUI. After dealing with the topic, I got curious and I also carried out ad hoc tests on smartphones of other brands. And what I discovered did not please me very much and probably will not do you either. I immediately state that it is a flaw that affects many smartphones, most of those we find on the shelves. Xiaomi, OPPO, OnePlus, Huawei, Honor, Realme, live and so on: all these brands are subject to it, but not only.

Almost all smartphones, not just Android, have a security flaw

Let's face it: the times when the smartphone was an accessory whose safety was important to us up to a certain point are long gone. This was already understood with the advent of the internet connection on the first predisposed phones, but today it is a full-blown reality. A large part of our life passes from the smartphone: personal relationships, biometric data, memories in the form of photos and videos. Not to mention our economy, including banking and payment apps, streaming services, but also the passwords of all our accounts. In short, today as never before, keeping your smartphone safe turns out to be something that can no longer be neglected.

Unfortunately, cyber security is still an aspect that is still taken lightly by most people today. Also for this reason, the theft or loss of your smartphone is becoming something much more harmful: in addition to having to buy it back, losing it means risking compromising your privacy and security. And that is why it is necessary that your phone protects us as much as possible, both via biometric unlocking and via software.

Protecting your smartphone means protecting yourself

And this is where I come back to talk about the security flaw unfortunately the protagonist of this article. I already anticipate that some of you may already be aware of it, but it seems so absurd that it is not mentioned that I have decided to do it too. As you well know, to access the smartphone you have to pass the controls imposed on the lock screen: on modern smartphones, unlocking with fingerprint and facial recognition are the masters. But there are also those who still rely on numeric PINs and geometric patterns, which can be used as an alternative to biometric unlocks. Only then can you open apps, consult menus and so on.

If you stay on the lock screen, what you can do is just see the time, the remaining battery, check the notifications that have arrived and at most use shortcuts for camera, flashlight and so on. But this is where the donkey falls: any Android smartphone gives free access to Quick Settings even from the lock screen. Just swipe from top to bottom and here are the shortcuts: Wi-Fi, Bluetooth, data network, but also and above all the Airplane mode. One click is enough to send the smartphone offline, with all the consequent disadvantages. But it doesn't stop there: every smartphone tested allows you to turn off the smartphone from the lock screen.

All this happens without requiring any kind of release, which I find is nonsense. I say this because my main smartphone is a Samsung Galaxy Note 10+ and I have always found that both access to Quick Settings and it shutdown smartphone from lock screen require PIN or biometric unlock. No unlock, no shutdown or logout. Obviously it is not a Samsung marked, but none of the other tested smartphones have the same degree of protection. Neither Xiaomi, nor OnePlus, nor OPPO, nor Realme, nor alive. The only partial exception is Huawei, which requires the PIN to access the Quick Settings but which actually allows it to be turned off without unlocking. For the record, Xiaomi is also releasing a similar update, but the problem remains of the possibility of being quietly turned off.

The problem appears to be Android

Given that among all these smartphones the common denominator is Android, it makes me think that this is a "flaw" in the Google OS that no one has really thought of. Or rather, only Samsung has put a really functional patch on it, but we are talking about only a portion of the billions of smartphones in the world.

The problem in all this is that if you lose your smartphone or it is stolen, it will only take a few seconds before the attacker turns it off. At that point, being disconnected from the network and GPS, you will not be able to use the Find Phone function from Google or the manufacturer of your smartphone. Also, once it is turned off it can force the formatting from Recovery mode, erasing the data and attempting to crack the memory encryption to erase the protections. Normally, in fact, after formatting, the PIN or password of the Google account present before formatting is requested. But on the net there are methods to bypass everything, even if these are procedures not really within the reach of any thief. Nonetheless, someone could steal your smartphone, fail to pierce the protection and throw it into a ditch in anger. The result is the same: your smartphone will be lost and you will have no way of knowing where it went.

Obviously, even in the case of Samsung, formatting has the same result, but you will understand that not being able to turn it off directly, everything turns out to be more difficult. The thug will necessarily have to wait for the battery to discharge in order to then act as above. But not even being able to disconnect it, you can take advantage of the wait for it to download to track it via GPS. In light of all this, I find it absurd that the developers of Android and all brands have not studied a method to solve and discourage possible thefts.

⭐️ Discover the GizChina Advent Calendar with 25 super offers to unveil every day until Christmas .
Honor