Apple may be bringing a new unlock screen that uses gestures, similar to the 9-dot pattern available for Android users to unlock their devices rather than using a short 4-digit PIN or a longer alphanumeric passcode. The gesture-based system allows users to ‘connect’ the dots in a pattern to unlock their devices based on the saved pattern stored on the phone.
While Android’s functionality for unlocking is novel and adds some wow factor when it was released, more recently the gesture-based mechanism has been called into question by industry insiders and analysts. As smartphones with touchscreens–which would be required for gestures to work on–attract fingerprints, swipes on the phone may be picked up by others and provide clues to what the gesture is for unlocking the device. If the phone is found by an unauthorized user, that user can glance the screen from the fingerprints and oils left on the screen from when the original owner had swiped in their unlock gestures last. According to Adam J. Aviv, a doctoral candidate at the University of Pensylvannia who is researching the unlock gesture as a security mechanism, “The more I used the [Android] phone, the more I noticed you could see my pattern. I’d go to bed in the evening, wake up, and you could see my smudge.” Aviv adds, “The practice of entering sensitive information via touch screens needs careful analysis in light of our results. The Android password pattern, in particular, should be strengthened.” Report on Aviv’s study on security were reported by the Christian Science Monitor.
It’s unclear if Apple intends on commercializing its gesture-based lock screen, though 9to5 Mac reported that Apple has already deployed the lock screen for internal use. The lock screen could potentially be expanded to other internal use, including on apps for retail stores when employees use iPod Touch devices as a point-of-sale payment device to process credit cards for purchases.
While iOS has historically been seen as a consumer-grade operating system, Apple has also been making inroads with the enterprise market due in part to the ease of deploying apps as well as Apple’s support for Microsoft’s Exchange ActiveSync environment inside the iPhone. It’s unclear how IT managers may respond if Apple commercializes the gesture-based lock screen, especially in light of Aviv’s findings on the potential security risks left by smudges when gestures are used.