5

I recently installed Norton App Lock on my smartphone. It asks for a password pattern every time one tries to open an app. So, theoretically, it protects you in case someone is able to bypass your OS password pattern.

But it also hurts usability because I have to input these patterns frequently.

Do those kinds of app really improve security in anyway?

Anders
  • 64,406
  • 24
  • 178
  • 215
guest
  • 51
  • 2
  • 2
    check this link https://www.maketecheasier.com/how-secure-is-the-app-locker-for-android/ – Soufiane Tahiri May 22 '18 at 13:55
  • Perhaps this is the marketing fault. An app-locker main function is all about restricting app loading when your phone is out of your sight. The program should have some sort of "master lock" and "secondary lock" group. If you didn't group them properly, you will run into hassle of keep entering password for each of them. – mootmoot May 22 '18 at 14:46
  • 1
    Any applocker that isn't inbuilt is nearly useless. Just reboot in safe mode and punch in the device PIN. RIP applocker. Of course they have some value if your device is already unlocked and the attacker doesn't have the pin, but physical access is total access. I'd just enable ADB and either uninstall the app or launch the app directly. – thel3l May 22 '18 at 15:24

1 Answers1

1

TL;DR

They can in theory improve security a bit in general, but not if you are trying to protect from anyone you would actually call an attacker. In practice they can provide a bit more privacy in some situations, but then using your phone might become a hassle and in the end it might not be worth it.

Long version

If you use different passwords for each app, or at least different passwords for apps that are supposed to be accessed in different situations, then yes, I believe it can add some security, but it might not be worth the hassle.

I am thinking of this example: suppose you have three different passwords, one to unlock your device, one to unlock your email application that you only use for work, and one to unlock your picture gallery. Now, it's probably very easy to steal one of your passwords/pins/gestures by shoulder surfing, especially by people who are frequently around you like friends, partners, etc. When you are hanging out with friends the password you type most often is probably the one to unlock your device, then you might also type the one to unlock your picture gallery pretty often, and you probably won't type the password to access your work email at all. So a friend might grab your phone, unlock it, browse the gallery, but not read your work email. If you have a phone that requires your fingerprint to unlock the screen, then the above scenario only applies if somebody grabs your phone while it's unlocked.

So this was just to show that it can indeed add some security, and as usual it depends on the possible scenarios and possible "attackers". On the other hand, you will have to use several different passwords, enter them too often, and there are probably some applications containing potentially sensitive data that you need to access very frequently in a lot of different situations (whatsapp?), so protection becomes less effective even in the scenario I described above. I'm also not sure whether it can slow down a decent attacker (not your average friend, unless your friends are decent attackers), preventing them to access some of your application data at least for a while, at least until you discover your device has been stolen and maybe remotely wipe all your data, but the link provided in a comment to your question seems to imply that a decent attacker won't really be hampered by this application for long.

reed
  • 15,398
  • 6
  • 43
  • 64
  • I don't really agree with this - whilst I see your point of view, read thel3l's comment - if it's not built in there are plenty of ways to bypass it. Maybe it's worth adding a TLDR at the top? –  May 23 '18 at 07:14
  • 1
    @JoshJones, I added a TL;DR to clarify. I merely wrote this answer to give an example of how it *can* improve security. The question asks if it can improve security in any way, but didn't mention who the OP is protecting from. Of course I would expect this app was totally useless if we considered serious attacks. – reed May 23 '18 at 11:04