[4.0.1] Permanently locked device can still access Events view

HARDWARE (XA2, Xperia 10…): Jolla Tablet
REGRESSION: (compared to previous public release: Yes, No, ?): at least a bit

DESCRIPTION:

A device which is permanently locked after (supposedly) entering too many wrong pincodes still connects to WiFi and receives notifications for whatever accounts and services that are automatically started. More importantly, all of those notifications and even the user’s Twitter feed are also displayed if the user has allowed access to the Events view when the device is locked.

STEPS TO REPRODUCE:

  1. Enable access to Events when device is locked
  2. Enter too many wrong pincodes

EXPECTED RESULT:

Everything is sealed and inaccessible to the presumed thief.

ACTUAL RESULT:

Events view is accessible and all background services continue to function as normal.

2 Likes

not sure that i agree. What’s the difference between phone being locked and permanently locked in relation to a 3rd party with access to your phone being able to view your events screen if you allowed it?

I can see where you’re coming from, but they’re still slightly different, I think. The idea of a device being permanently locked is that someone with a lot of time on their hands can’t try all possible lock codes (or use a computer to do the job) to get access to your data, so a limit to the amount of failed attempts to unlock protects against a slightly different type of threat than a lock code with unlimited attempts.

Lock code without limit -> prevents the nosy colleague at work from looking at what you’re doing on your phone whilst you’re out of the room for a second - basically, the mere fact there there is a lock code already deters these minor threats
Lock code with limit -> prevents a thief with a lot of time from breaking in and finding out lots of information about you - the lock code itself doesn’t deter an intermediate threat, but the limit makes it almost impossible for the threat to get access to your data

Now, if you allow access to the Events view when locked, a minor threat will be able to see some information about you, but only for as long as you’re out of the room. An intermediate threat has all the time in the world to see the information about you flowing in in real time.

Regardless, I think it’s strange that a ‘permanently locked’ device, which even hides battery percentage and connection indicators, would still show more sensitive data.

1 Like