Friday, February 19, 2016

Using Locker on Android to Secure Your Device Against Excessive Lock Screen Password Attempts

Locker App Logo
With Apple vs the FBI in the news lately, I wanted to make this post to highlight an app on Android that I believe is easily overlooked, but is actually one of the better (non-root) tools available on Android today. That, my friends, is Locker. In 2 minutes or less, the security of your device can be increased immensely, depending on your preferences.


Locker's listing in the Play Store
The first step to obtaining locker is to download it from the Google Play Store. It's published by Zygote Labs. I've done some research on this developer, but I haven't really found much. They have a small list of apps in the Play Store, and their website is definitely not in English. Google Translate didn't get triggered when I visited the site in Chrome, so you're going to have to translate manually if you want to read the text. The site UI is great, though.

Anyways, I digress. After installing the app, tap the open button in the Play Store to begin.

First Open

Locker's initial screen when opening the app for the first time
When you first open the app, you're presented with this screen. It won't look exactly like this, though, if you're on a phone. I took all of the screenshots for this tutorial using my Samsung tablet, so that is something that can be improved in the app, as far as the UI is concerned.

Device Administrator

Locker works by becoming a device administrator on your physical device. This grants the app special permissions by the OS than what would be regularly provided to apps. This is why users should always exercise caution when enabling device administrator features from apps. A rogue app could easily wipe your device, for example.
Activate device administrator window
To enable administator features for Locker, just tap the empty check box next to "Admin Enabled". You'll then be taken over to a permission screen that shows what specifically Locker wants to do as a device administrator. If you agree, click "Activate".

Some of you folks might have noticed that in my Play Store screenshot, the button where "Uninstall" would usually be was replaced with "Deactivate". This is due to Locker being activated as a device administrator after taking that screenshot. You must deactivate an app's device administrator status before uninstalling it.

Setting Your Limit

Enable lock screen protection?
After activating device administrator features, you can then use the slider to adjust how many failed attempts you'd like to have on your lock screen before Locker's wipe function is irreversibly invoked.

After moving the slider to where you want it (I personally chose 10, which is what Apple uses if you enable that setting), tap the "Enable" button. You'll then be presented with a dialog box (as shown above) that gives you a fair warning about what you're trying to do.

It's quite clear: if the limit is tripped, the device will be wiped. It's as simple as it gets, really. As such, I wouldn't recommend allowing a child to use the device unknowingly. They could try to guess your pass code while you're not aware, and then all of a sudden you're stuck with a device who is going through factory setup.

Set and Forget

Well, after you confirm the previous dialog, you're all set! You're free to just leave the app and continue on about your daily routine. However, you now have a "hidden" weapon in case someone nefarious gets their hands on your device.

However, do remember what the app has warned! As a matter of principle, I recommend that all important data saved to the device should be saved in another location, off of device storage. If Locker is triggered, you cannot stop the wiping process.

I would love to test the effectiveness of the device wipe, but I personally do not have a spare Android 4.1+ device to test apps on, outside of my OnePlus One and my tablet. I use both of these devices daily, so experimenting with them for the sake of science isn't something that I think highly of.