Android Lock Patterns Too Predictable ? | Results from a Research Study

Posted on Aug 24 2015 - 12:20pm by Pavithra Manisha

Android Lock Patterns are up for a test.  The password alternative that Google introduced way back in the Android Mobile OS in 2008 is being stirred for the security options that it can offer. These style patterns turn out to be more predictable than we thought. It has been found that these Android Lock Patterns generally possess only a fraction of the complexity. According to a study fro research purpose on Android Lock Patterns (ALPs)  these patterns are comparatively miniscule than the anticipation. The study reveals that the patterns could be subjected to intensive attacks.

Android Lock Pattern

Android Lock Pattern

As a part of her study, Marte Løge a graduate at Norwegian University of Science and Technology has analysed over 4,000 ALPs  and found out that 44% of the ALPs started from the top-left node of the lock screen. She further concluded that Humans are Predictable!


Android Lock Patterns (ALPs)


With some of her findings that were presented at PasswordCon it is surprising that most of the passwords started from the corners. Also using as many nodes as possible helps the users to be safe. Creating longer and complex strings help in making the uncovering of passwords difficult. Though the idea is still not clear as to how widely people use the Android Pattern Locks, there is a risk of tendency to insecure passwords. So much so that the usage of Android Lock Patterns could nearly be pointless.

The studies discovered that most of the patterns coincided with life events and letter patterns of the first alphabet of their names. There will be a time like 1Password App suggesting lock patterns for you soon. May be if there is an app that contained all personal information  and knew to make Android Lock Patterns insecure, it suggested that it wouldn’t be that easy to be cracked.

Weak ALP

Weak ALP


ALPs Study Results


Android Pattern Locks can have a combination of four nodes to a maximum of nine nodes.  Thereby the combination of 389,112 are possible.

Length

No.of Combinations

4

1,624

5

7,152

6

26,016

7

72,912

8

140,704

9

140,704

In the study three apps were created. One imaginary shopping app, imaginary banking app and one app to unlock a smartphone. The study exposed that the minimum four node pattern that most widely created by both male and female followed five-ode APLs. Eight node patterns were least popular, and fewer for nine-node choices, though both offer same number of combinations.

The males chose long and complex Android Lock Patterns unlike the women. Below is an illustration of the choices made by men and women for the three apps respectively.

ALP -Study Report

ALP -Study Report

Also some details regarding the repeatedly chosen passwords showed “1234567”, “password” and “letmein” are some commonly used ones. These are the weakest links of choosing a password. With attackers building the Markov model for password attackers it is better to choose wisely.


Suggestions for Android Lock Patterns


  • First and foremost is to choose an Android Lock Pattern with more nodes that will have a  higher complexity score.
  • Incorporate crossovers as it is hard for an attacker to trace the sequence
  • Also change the setting in the Android Setting to turn off on the “Make Pattern Visible” option. This will prevent drawing of lines that connect to each pattern node
    Complex Android Lock Pattern

    Complex Android Lock Pattern


For your queries to be addressed regarding to the content of the article, comment in the section below. Your valuable feedback and comments are welcome. For daily updates on technology do visit us again. You can also catch us on our  Facebook,  Twitter,  Google+  and Pinterest for timely updates.

About the Author

Pavithra Manisha found her way to feed the readers with the latest happenings in the world of technology in terms of news updates. Now catch all the updates instantly and join the discussions to enlighten your knowledge.

2 Comments so far. Feel free to join this conversation.

  1. Carl October 13, 2015 at 3:48 pm - Reply

    Interesting study. So we the users of android should reconsider the lock screen patterns. Right…

  2. Romain R October 30, 2015 at 5:31 pm - Reply

    Of course!! I think it’s easy to predict passwords especially if you know them pretty well.

Leave A Response

*