comments 2

Apple’s new Slide-To-Unlock patent : Why it doesn’t matter

Apple Slide to Unlock

Apple was just awarded a 3rd patent for it’s Slide-to-Unlock feature, and while the internet is still abuzz with it, I just fail to see any reason to get excited.

Yes, Apple looks to be greedy and is apparently more than happy competing with HTC and Samsung in courtrooms rather than the open market–but we all knew this already.

Yes, Apple is patenting something so generic it may apply to ALL slide gestures on an unlock screen? — but we all knew the patent system in the US is whacky and open to abuse.

Yes, Apple is protecting it’s patents and Android manufacturers are defending or at least responding. –nothing new here.

What’s more important is this — which idiot is using Slide-to-Unlock on his smart phone?

Why Slide to Unlock is a Bad Idea

If you have a smartphone like an iPhone (which you’ve spent a couple thousand ringgit on) you’re going to use that smartphone as more than just a phone. It will contain your emails (both personal and private), your browsing history, your contact information and most importantly–your high score to Angry Birds. Do you really want all of this data to be accessible to someone by simply ‘sliding’ their finger across your phone screen?

In the past, when phones were JUST phones, the biggest worry you had were losing your contact information and someone making long distance phone calls on your bill. Those days are LOOONG gone.

A smartphone has far more data on you than regular phone, because it has more services (facebook, Google..etc) and has more memory–therefore you don’t delete any data. Remember the days when your phone could only store 20 sms’s and you had to delete them. Your children will never experience the need to delete anything because they’re running out of ‘space’.

These days, your phone is almost an extension of you, on a regular iPhone you have nearly every personal and private detail of you:

1. Information of your contacts (including emails and phone numbers–possibly even photos)

2. Facebook, GMail, Twitter, LinkedIN and other social network login credentials (and all the information in them)

3. Your photos (some of which may be ‘very’ personal)

4. Your whatsapp and sms message trails (not such a big problem when all you could store on your phone were 20 sms, but when you store all messages to someone for a period of 2 years–that’s a lot of private information)

All this additional data requires additional security

That additional data requires additional security

In my opinion you require at the very least a 4-digit pin, and probably even a 6-digit pin for most people. This may not completely protect the data on your phone, but it does help slow the attacker down. No one can access your phone without expending some effort and time– and in that time:

1) You can attempt a remote wipe on your phone, wiping out all data;

2) You can call up your phone company and have them cancel the number and your sim card.

3) You can change your passwords to GMail, Facebook..etc, preventing the phone from accessing these social networks.

4) Change your Google Play/Amazon App Store/iTunes credentials so the attacker can’t buy apps and songs, sticking you with the Bill.

A 4-digit password entered by hand takes some time to brute force or guess, a 6-digit password would be completely unthinkable. I’m not sure of any hacks to bypass the Pin Entry, but even if such hacks exist they require time and effort, and that gives you enough time to limit the damage a lost phone can do.

Now if you don’t password protect your phone, but instead rely on Slide-to-Unlock, an attacker with your phone can easily access your GMail/Facebook logins and change the passwords–preventing YOU from accessing your own data. The attacker could begin a shopping spree on your iTunes account  footing you with the bill. The attacker could start posting stuff on Facebook/Twitter in your name, and if those were malicious and slanderous enough, get you in a lot of trouble.

Is it negligent to use Slide to Unlock only?

It is negligent to not protect your phone with at least a PIN, but from a legal perspective I believe it isn’t. Just like not protecting your Wi-Fi is not a good idea, but it isn’t exactly negligent either. We have to accept that smartphones and Wi-Fi connections have become a necessity for daily life for some, and most of those have no idea of good security practices and even technology in general.

That being said, while you can’t be held responsible for what someone else with your phone or Wi-Fi connection, rest assured that if you don’t take the neccessary steps to protect these things, someone will attack it, and you will be paying the price for it.

2 Comments

  1. Choon Siong Kang

    Do you want to key in password every time you use the phone?
    Every time could mean 1 minute for some users.
    iPhone allows you to slide-to-unlock with or without password depends on the timer you decide.

    • Thanks Siong Kang,

      Didn’t know that, I have a 6-digit pin for my phone that I have to enter everytime, and I must admit it’s a big pain sometimes, especially if it’s just a few seconds. However, I still believe you shouldn’t leave these things to chance, and just place a pin regardless of the duration of time.

#YourComment