Security regression / device automatic locking disabled

After updating to SFOS 4.4.0.64 on a Xperia 10 II device, I noticed that the device locking is not active anymore. Disabling and enabling it in the system preferences does not make any difference. The device respectively the os can be access by anyone having physically access to it. That’s a huge problem here. Does someone else have the same regression? What can I do (CLI hack available?) … Thanks!

Works fine for me.
You should probably consider using the bug template.

1 Like

I rebooted the device now and the problem seems to be disappeared. Anyway, how could this happen? What layer (AlienDalvik, etc) can disable (temporarly) the device look? Thats a no-go as it is a security measure. It definitely a “bug” that should be found (as the OS is promoted as having security by design). Thoughts.

As @attah asked, please use the bug report template. I can help you if needed.

Consider that the Bug Coordination Team will look at your bug report last if it’s not well written. Using a template help us and Jolla to save a lot of time.

1 Like

As far as I’m aware, it’s not possible for sandboxed or non-root apps to disable the device lock (it is possible to block screen-blanking, but that’s separate).

Something could have gone wrong during the update, so if you can describe exactly the sequence you went through (to the best of your knowledge) that brought your device to this state, then that could be important. As others have already mentioned, using the bug template for this is likely to be helpful.

REPRODUCIBILITY: One-time (after update, one reboot by update process)
OS VERSION: SFOS 4.4.0.64
HARDWARE: Xperia 10 II
UI LANGUAGE: DE
REGRESSION: YES

DESCRIPTION:

After updating to SFOS 4.4.0.64 on a Xperia 10 II device, I noticed that the device locking is not active anymore. Disabling and enabling it in the system preferences does not make any difference. The device respectively the os can be access by anyone having physically access to it. That’s a huge problem here. Does someone else have the same regression? What can I do (CLI hack available?) … Thanks!

PRECONDITIONS:

SFOS 4.4.0.58 installed - update to 4.4.0.64

STEPS TO REPRODUCE:

  1. Follow UI (system preferences) to update to 4.4.0.64

EXPECTED RESULT:

Device lock working as configured (immediate locking without delay)

ACTUAL RESULT:

After device usage, the device turns off display, and the user has the expectation that it is locked.
Starting using the device again (swipe left or right in the UI), no device code request appears and
the main homescreen is showed.

MODIFICATIONS:

Mainly standard installation with a few apps from jolla store, and three from chum (manually installed without chum app). Three android apps, installed via apk manually.

ADDITIONAL INFORMATION:

After notice of this problem a manually triggered reboot seems to reestablishing the device look functionality. The cause is still unknown …

2 Likes

I remember that I once had a very similar problem on my J1. I can’t find it anymore, so I suspect it was in the old forum. I can’t remember any details, just that I have seen something like this before.