Here’s how Android 15’s Failed Authentication Lock protects your sensitive data from thieves

1 month ago 16
Biometric Prompt dialog on Android 15

Mishaal Rahman / Android Authority

TL;DR

  • Android 15 introduces a new security feature called Failed Authentication Lock that locks down your device when the OS detects multiple failed login attempts.
  • Specifically, Android 15 locks your device when five failed attempts are made at unlocking an app through the BiometricPrompt API.
  • Failed Authentication Lock is a component of Android’s theft protection suite but is part of the OS rather than Google Play Services.

If you have an Android phone, you should enable the new theft protection feature right away. Theft protection is a suite of security features that’s aimed at deterring theft and protecting data. Most theft protection features are available globally on phones running Android version 10 or higher (excluding Android Go edition), but there’s one new feature that’s only available on the latest version of Android: Android 15.

Failed Authentication Lock is the name of the theft protection feature that locks down your device when Android detects there have been multiple failed login attempts, which could be a sign that a thief is trying to brute force your PIN, pattern, or password. It’s the only feature in Android’s theft protection suite that requires Android 15 to work, and the reason why is because it involves changes to a core framework feature: BiometricPrompt.

Failed Authentication Lock highlighted as Theft Protection feature

Mishaal Rahman / Android Authority

BiometricPrompt, if you aren’t aware, is an API that apps call to show a system-provided dialog that asks you to enter your screen lock or biometric. Many of the best Android apps use the BiometricPrompt API as an additional layer of security by blocking access to certain screens unless you authenticate. That way, even if someone snatches your phone while it’s unlocked, they can’t get access to your sensitive data within apps unless they also know your PIN, pattern, or password — or they clone your biometric.

The problem with BiometricPrompt, at least before Android 15, is that thieves can keep trying different PINs, patterns, or passwords until they’re able to unlock some of your apps. This is because there’s no limit on how many attempts you have to enter your screen lock in the BiometricPrompt dialog.

This issue can be mitigated somewhat if apps only allow biometrics and not your screen lock when calling the BiometricPrompt API, as biometric authentication can only be attempted five times before it’s locked out. However, the phone itself would still be unlocked even after biometric authentication failed five times, which means thieves could just open other unprotected apps or wait for sensitive notifications to come in.

Fortunately, Android 15 fixes this by locking the phone (but strangely not actually putting it into lockdown mode) if someone fails to enter the correct PIN, password, pattern, or biometric five times in a row when an app calls the BiometricPrompt API. This means that thieves only have five chances to correctly guess your phone’s screen lock or enter a valid clone of your biometric data, which is a huge step up from previous versions of Android where thieves had as many chances as they wanted to guess your phone’s screen lock. Plus, if you enable Android’s other theft protection features, thieves might not even get a chance to take a crack at guessing your screen lock.

If a thief peeks over your shoulder and memorizes your PIN, pattern, or password before stealing your phone, though, then Failed Authentication Lock won’t stop them from accessing apps that accept your screen lock through BiometricPrompt. However, Android’s upcoming Identity Check feature should help with that, as it’ll force apps to only accept biometrics when your phone is outside of a trusted location.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it's your choice.

Read Entire Article