Facebook's Home Android app appears to disable PIN or pattern locks on the HTC First, the first phone to come with the app pre-installed.
We set our trial handset of the HTC First to use a PIN lock, then a pattern lock. We were able to completely bypass the lockscreen and get into the user's email and Gmail accounts immediately, and into other apps as well.
There do not appear to be any security options in Facebook Home's own settings.
The phone only asked for a PIN after we turned off the phone entirely and powered it back up again. After we entered the PIN upon initial bootup, the phone did not ask us for it again, even though the stock Android security settings were set to "Power button instantly locks."
We contacted representatives for Facebook and HTC, and they told us they were looking into the matter.
We were able to replicate the issue on two HTC First phones being used as floor demonstration units at the AT&T store up the street from our offices, but not on two other HTC Firsts. The issue was replicated on the first two Firsts only after we had logged into our Facebook accounts.
On one phone in the AT&T store, we were able to bypass a PIN lock, but not a pattern lock. When we reset the settings on that phone to use a PIN lock again, we were not able to bypass the PIN.
All the demonstration HTC Firsts in the AT&T appeared to have the Android and HTC software builds, and the same baseband firmware.
There do not appear to be any security options in Facebook Home's own settings, but HTC First users can sidestep the issue by changing Home's settings to uncheck "See Home When Screen Turns On."
We recommend that that anyone using Facebook Home on the HTC First do exactly that. The Facebook Home can also be disabled entirely.
We temporarily disabled Facebook Home on our review unit, and the phone prompted us for a PIN immediately after waking the screen. When we re-enabled Facebook Home, the PIN demand disappeared.
It's not clear whether the issue will appear on other Android models that install Facebook Home from Google Play, where the app launched Friday.
A colleague at TechNewsDaily installed Facebook Home on his Samsung Galaxy SIII and was not able to replicate the issue.
A Facebook spokesman told us last week that Facebook Home would be subordinate to stock Android lockscreen settings. That does not appear to always be the case.
Security experts recommend that users enable PIN, pattern or other locking features on smartphones at all times.
Smartphones contain a wealth of private user data that's valuable to identity thieves and common criminals, and locking the screen behind a passcode is the primary line of defense.
Follow Paul Wagenseil @snd_wagenseil. Follow us @TechNewsDaily, on Facebook or on Google+.
Copyright 2013 TechNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
world peace lakers colorectal cancer metta kashi neil diamond orange crush harden
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.