Security on Android 2.2

Some people are not aware of it, but security is always an issue when you use technology. When I bought the HTC Desire Z, I was a little bit confused about the screen locker. As you know, you are able to switch the display off and put in some sort of stand by mode in order to safe battery life or when you just don’t want to use it. When you wake it up again, you are asked to unlock the screen. As it turns out, you do not need to enter any code for unlocking, you simply slide the bar. For me, this is something completely unusual. Normally, when you possess a device which could be left out of sight for a few moments, you should be able to lock it with some security mechanism by default.

Think about it. When you leave your laptop for a while, it will go into energy saving mode after a while (at least that is the case by default) and when you switch it on, you need to enter your account data for unlocking it. It is the same with all the mobile phones I had so far. And, very ironic, it was also the case with Windows Mobile 6.5 on my last cell phone.

Well, at least you are able to download an app which helps you to lock the screen in such cases, but I keep on asking myself why this is not a default feature. A mobile phone contains so many sensitive information, especially when you link Android with your Google Mail and Facebook accounts.

Another security issue I encountered just yesterday was the fact, that I was able to see some stuff of the phone when I turned it on WITHOUT entering the PIN for the SIM card. Ehm. It worked like this: Turn on the phone, wait for the SIM lock input field, put it into standby, wake it up, unlock the screen by moving the bar and there it is: you are able to see the desktop for a second. It is not long, but when you use widgets which show e.g. your emails by default or some notes, an attacker would be able to see them without even having to enter the SIM unlock code.

Not a critical issue, but still something.

I somehow have the feeling that security has not a very high priority at Android, and the future will show if I am right here.