Google has silently started rolling out the “smart unlock” feature in android 5.1 rollouts. As it may be expected, this added feature is yet to reach all the markets and is being reported available only by some users. The reason this is getting so much limelight is that it is the most notable addition over the previous iteration of lollipop. This article tries to investigate as to how usable this feature actually is. So, read on as to what we found…
The feature can be used basically in 5 ways:
- Having a trusted device nearby(trusted Bluetooth or NFC tag)
- Unlocking using face recognition
- Having the device in a trusted location
- Unlocking the device by having it on your body
- Voice based unlocking, i.e. Using “OK Google” to unlock your device.
It is all good upto this point. The features are aimed at saving our time by allowing us to have the device locked only when it is an unknown location or with an unknown person. But what concerns us is that how effectively the smart lock will work under different scenarios. This is what is discussed in the following sections.
This works using the device’s accelerometer. The device will stay unlocked if it on your body, like, in your pocket, or your bag and so on. The accelerometer understands that the device is on the move and keeps the device unlocked. In cases where you may carry your phone in an airplane, this feature will not allow the device to be locked at all, so manual locking is the only option. Now, the biggest flaw here is that the phone cannot tell between whether it’s on your body or mine. So, if the phone is taken up by another person when it is unlocked, they may easily access the files on your device as the phone will stay unlocked until it is kept still for a certain amount of time. For eg.:
- A still phone will take 1 min to lock.
- A phone in a car may take 5-10 minutes to lock.
- Phone on a plane may need manual locking.
So, this may serve as a hindrance to everyday usage rather than an asset.
We tested this feature by turning on the On-body detection feature on our phone and conducted a simple experiment: I kept the phone on me and walked around with the feature turned on and was able to unlock the phone when I took it out of my pocket without having to face my usual pattern screen. Now, I kept the phone down which was immediately picked up by my colleague. The On-body feature turned on, the phone was still unlocked and my colleague was able to open the device with no problem at all. Now this is something that needs to be remembered the next time you use this.
This will be used when we search something using the Google search app and use the “OK Google” hotword, while the device is locked. When the voice unlocking feature is turned on, the device will be unlocked on the basis of your voice input. This input has to be taught to the Google search app manually when initially setting up Google Now. The feature allows the voice input to bypass any PIN and Pattern lock which may have been set up by the owner because the phone thinks that it’s you who is trying to unlock the phone/tablet with your voice.
But what if it is not you who is giving the voice input?
It may so happen that someone is trying to mimic your voice to fool the locking mechanism. This is very much possible as compared to facial recognition, which is difficult to crack as facial features are difficult to replicate. Thus, though it is a novelty feature, its effectiveness is not to be trusted always.
We tested this feature by first training Google Now with our voice which is stored on the Google servers. There is an option to retrain or delete our voice as can be seen in the attached image. Here we faced the first hurdle. The feature currently supports some languages including English (US) and when we tried to give input using English (India), our response was successfully recorded but the feature wasn’t enabled as the support for my set language was not available. When we set our language to English (US), my response was not recognised. So, if you cannot speak English in US accent, this feature was useless, at least for me. Also, with this feature set, somebody may unlock your phone trying to imitate your voice tone or a recording of your voice.
This feature uses the Bluetooth connection between the device and any other trusted device, like fitness tracker bands, smart watches and so on. This will allow the device to stay unlocked as long as the trusted device is in vicinity and the connection between them is maintained. Same analogy is applied to the NFC tags. Though this feature works well, there are a few problems to be focused upon:
- The case where you temporarily leave the device and assume that the Bluetooth connection with the trusted device is broken, maybe you take that fitness band with you. But if you are somewhere in the range, anyone can use your phone as it is in the unlocked state.
- Someone can imitate the Bluetooth connection of your trusted device to turn off the lock in your phone, when trusted devices feature is turned on.
- If you make poor choices regarding trusted devices, maybe pairing random phones as trusted devices or using common devices like Bluetooth speakers and keyboards as trusted devices, it may leave you in a lurch as someone can easily access your phone’s contents without you knowing.
We tested this feature with the Trusted device feature turned on and used fitness band, Mi Band as the trusted device. The band paired easily with the device and the feature worked, which means that my traditional locking mechanisms were bypassed as long as the device i.e., the band, was in the vicinity of my phone. But due to the large range of Bluetooth(Bluetooth can depict range of upto 100 meters) what we experienced is that even when the paired device was kept very far from the band, the phone was unlocked without a hitch.
Consider this: You are in your office and you left for the washroom with your trusted device on you(Maybe a fitness band, which is on your hand). Even after you have left the scene, your device may still be unlocked and can be used by anyone.
This allows you to keep your device unlocked when you are in a trusted location. Now, how will the phone detect that you are in a trusted location?? This is achieved gaining the location of your phone by arranging presence of an internet connection near the trusted location. Also, the location access will have to be activated by the user.
Though this works well in theory, problems arise because your definition of trusted location and Google’s definition of your trusted location may very well differ. The trusted location will not limit itself to the walls of your home but may extend outside, depending upon the accuracy of the location data received. According to the Google support page, this may keep your device unlocked in a range of about 80 meters. Caution needs to be exercised even from the user side, as they need to provide better and more accurate address for Trusted Locations, show that this feature can work better.
Also, there is always the possibility of someone trying to replicate location data matching your home location which may cause this feature to work, or maybe, not work.
With the trusted location feature turned on, we fed the home address location to the Google servers. The test condition used was this: data network used for providing the location, location services turned on in our phone. The result was that though this feature was working as advertised, the location accuracy could not distinguish between my home boundaries and the road outside, thus making this feayure a bit fuzzy as my phone was unlocked even when I was outside my “trusted” location. Another negative point I noticed was that my battery was draining at a faster pace owing to the running location services and data network.
In this feature your face is used as a password. The Trusted Face feature takes the image of the owner of the phone or any other trusted face which is recorded successfully only when the image is captured in a particular orientation to fulfill particular criteria. For eg., dimly lit environs will lead to the failure of the image capture for face unlock feature. When turned on, this feature will take your face as a pass key and bypass the traditional PIN or pattern based unlocking techniques. This feature has seen a fair degree of success and the feature can be continuously improved upon by providing the phone with more training so as to accurately recognize your face for the utilization of unlocking the phone, unlike other techniques mentioned above, which are limited by the current technology.
For this test I first set up the “face unlock” by turning it on and training the phone to recognize my face by following the training wizards instructions so that the phone could store my face data to allow the phone to unlock in the future if this feature is turned on. When utilized, I just had to stare at my lock screen for a few seconds and lo, the lock icon in the middle of the bottom part of my lock screen transformed into an unlocked icon. Nowhere the feature depicted that my face was being scanned using the front camera. This feature shows one limitation though, that it requires a good front camera for smooth functioning. When my colleague tried to unlock the phone by the same technique, the lock did not yield even in different conditions and camera angles. So, this feature was the most satisfactory among the lot.
Test Device: A One Plus One running CM 12 based on Android 5.1 was used for testing purposes.
So, all in all, though we always appreciate Google for bringing in these new and innovative features that make our mobile hardware alive, we also need to understand that every coin has two sides. Thus, these features need to be used carefully and with deliberate tweaking so that no one else can exploit the loopholes in the Smart Lock to gain access to your device. Google support page for the very topic also continuously prods the user to pay heed to many of the above explained flaws.
So, if these features are to be used or not? It is upto you, the reader to decide.