Something strange and unexpected has happened with my Nexus 5... Upon first setting up my device after unlocking it and rooting it, I encrypted the phone before ever adding any of my info or apps to it, full knowing that I would forever have to use a locked screen etc. To side step the annoyance and lack of security that Android has with having the Encrypted boot time password being the exact same as the lockscreen's password I used this app 'Cryptfs Password' to change the boot time password to something much more lengthy and secure, while allowing me to have a standard simplified passcode for simple screen unlocks.
As time went on I found myself in need to wipe the device to troubleshoot an issue I was having with my wifi and wireless tethering no longer functioning properly, I wished to go back to an initial factory state to begin doing restores from Titanium to find the culprit per say and figur eout where I went wrong and borked my ability to toggle wifi.
Upon wiping the phone in TWRP (standard dalvik, cache, and ROM - not system or data) I rebooted and flashed my Titanium Backup.zip and Super USer.zip and then proceeded to set up the device again when I noticed something very odd...
I still needed to enter my previously exact password upon booting the device, however the lock screen no longer any security of any kind!
When I checked in settings this is what I found:
https://i.imgur.com/RR2SFxL.png
Clearly you can see the device is still encrypted however the default "slide" screen lock is now able to be used? Whaaaaat?!?!
Opening the Screen Lock settings menu reveals:
https://i.imgur.com/FtOqUY5.png
I have not yet sleected to change it to a PIN or PASSWORD as I am home and wanted to see if I could gather any other information about this first. I have a feeling that upon changing to a PIN or PASSWORD that I would not be able to change it back again.
Is this a flaw or error of some kind? I do not see any huge security vulnerability, I mean even though this does allow you to bypass the lockscreen, you still need the password at boot to even get into the phone or any Recovery - but this is interesting nonetheless. I was under the impression that it was IMPOSSIBLE to have both device encryption and essential NO LOCK SCREEN?!?!
I have seen threads such as this one: http://xdaforums.com/showthread.php?t=1873700 where it is shown and discussed how to use the pattern lock for example, but this is obviously much different.
Can anyone else replicate this with their own android device?
EDIT:
Was able to find this thread https://groups.google.com/forum/#!topic/android-security-discuss/G4N5pBreyhM
where someone was able to essentially achieve a similar situation by using a 3rd party lock screen....
As time went on I found myself in need to wipe the device to troubleshoot an issue I was having with my wifi and wireless tethering no longer functioning properly, I wished to go back to an initial factory state to begin doing restores from Titanium to find the culprit per say and figur eout where I went wrong and borked my ability to toggle wifi.
Upon wiping the phone in TWRP (standard dalvik, cache, and ROM - not system or data) I rebooted and flashed my Titanium Backup.zip and Super USer.zip and then proceeded to set up the device again when I noticed something very odd...
I still needed to enter my previously exact password upon booting the device, however the lock screen no longer any security of any kind!
When I checked in settings this is what I found:
https://i.imgur.com/RR2SFxL.png
Clearly you can see the device is still encrypted however the default "slide" screen lock is now able to be used? Whaaaaat?!?!
Opening the Screen Lock settings menu reveals:
https://i.imgur.com/FtOqUY5.png
I have not yet sleected to change it to a PIN or PASSWORD as I am home and wanted to see if I could gather any other information about this first. I have a feeling that upon changing to a PIN or PASSWORD that I would not be able to change it back again.
Is this a flaw or error of some kind? I do not see any huge security vulnerability, I mean even though this does allow you to bypass the lockscreen, you still need the password at boot to even get into the phone or any Recovery - but this is interesting nonetheless. I was under the impression that it was IMPOSSIBLE to have both device encryption and essential NO LOCK SCREEN?!?!
I have seen threads such as this one: http://xdaforums.com/showthread.php?t=1873700 where it is shown and discussed how to use the pattern lock for example, but this is obviously much different.
Can anyone else replicate this with their own android device?
EDIT:
Was able to find this thread https://groups.google.com/forum/#!topic/android-security-discuss/G4N5pBreyhM
where someone was able to essentially achieve a similar situation by using a 3rd party lock screen....
Last edited:
