splitbrain.org

electronic brain surgery since 2001

Lollipop Lockscreen Woes

Like every other fanboy I was eagerly waiting for the newest Android release, code named “Lollipop”, to become available for my phone. Finally the OTA update arrived yesterday. So far I couldn't spot any major improvements except for a few nice animations and the new material design. But at least everything is still running smooth.

However there is one sore spot that makes me regret updating: the new lock screen.

The lock screen serves threw purposes:

  1. secure the device against unintentional button presses while in your pocket
  2. optionally secure the device contents against unauthorized access when lost or unattended
  3. provide useful information at a glance with no interaction: eg. display the current time

Unfortunately Google crippled the lock screen usefulness a lot in Lollipop.


No Widgets

KitKat allowed to place widgets on the lock screen which catered to use case 3 mentioned above. Unfortunately Google completely removed this feature again in Lollipop.

Dash Clock Widget I was a huge fan of the Dash Clock Widget which provided additional info like the time to next meeting or the current weather as little icons next to a nice looking clock. A whole bunch of extensions for the widget allowed to customize it with all kinds of data.

A very useful customizing feature completely gone.

Swipe for Login

For use case 2 aka. protecting my data, I use a pin code to unlock the device. Entering the four numbers is in my muscle memory and it probably takes me less than a second to enter them. I do it dozens of times a day.

Have a look at how the default lockscreens differ (KitKat left, Lollipop right):

KitKat Lockscreen Lollipop Lockscreen

That's right. Kitkat used to display the keypad right after switching on the display. Lollipop requires an additional swipe action before displaying the keypad. No more sub-second unlocks!

Notification Mess

So why the additional swipe action above? To make room for notifications! Lollipop allows you to display notifications right on the lock screen. Which sounds like a good idea at first. No need to unlock the device to read a quick message…

Notification Settings But then someone at Google noticed that that might actually leak some information you might prefer to stay behind a login. So they introduced a setting to hide “sensitive” content or to show no notifications at all.

So how does the phone know what's sensitive? It doesn't of course. So everything that isn't explicitly marked insensitive by the application in question is sensitive and will be hidden. Not too bad? Well look how that plays out:

Show no notifications Don't show sensitive content Show all notifications

All three screenshots show my lock screens playing a song in PowerAmp and having some message in WhatsApp or Hangouts available.

The first screen has all notifications disabled. There is no way to control the music (not even with Google Music). Google got rid of the music control features from the lock screen and completely relies on notifications for that feature. As you can see there are also no little icons in the top status bar to indicate that there are waiting notifications (as there used to be in Kitkat). No notifications means absolutely no notifications at all! So this is probably the most useless setting.

On the second screen all “sensitive” content is hidden. Since PowerAmp did not mark its content as insensitive, there is still no way to control the music. However this works in Google Music at least, so I'm confident that will be fixed in PowerAmp soon. The Whatsapp notification is still completely useless. It does not even show whom the message is from or how many there are. A waste of space. The same information could easily be conveyed through a small icon.

The third options shows everything. Music controls work obviously. But my example “Banking TAN” message shows how enabling that option is a possible security risk. I wouldn't want to enable that option.

Verdict

The Lollipop lock screen is horrible. It complicates logging in to make room for useless notifications.

In fact it seems to promote less security by encouraging users to:

  • show all notifications
  • disable lock mechanisms to avoid the additional gesture

I'm really disappointed in this step backwards. I hope this will be fixed real soon, maybe by allowing custom lock screen apps.

Tags:
rant, android, lockscreen, security
Similar posts: