Does your phone have a lockscreen? If so, why?

Stupid question, right? Your phone has a lockscreen to protect your data, of course! Well, “protecting your data” is an idiot phrase. Catchy, easy to repeat and so abstract that it can mean everything, which in the end means nothing. Lockscreens don’t “protect your data”. That is not what they were invented for and certainly not what they have evolved into since.

When the GSM standard for mobile communication came into existence, it introduced the SIM card as a means to get access to the carrier’s network and to store your address book. The idea was simple: the handset was just dumb periphery. If it broke, you’d simply slot your SIM card into a replacement unit. In fact, the engineers, behind this approach probably still had the 1G phones in mind (bulky things with terrible battery life) which were only mobile in the sense that you could easily transport them in your car. The ability to carry “your phone” around in your wallet was a matter of convenience. If you needed to make a call, you could simply insert your SIM card into anyones handset.  This gave you access to your address book and, most importantly, you’d be charged to yourself. Why was that important? Well, back in the day you could have dinner for the cost of a single call. Your chances of someone else letting you use their phone were practically zero.

The SIM naturally made protection necessary. You neither wanted someone else to gain access to your address book (yes, privacy once mattered) and you certainly didn’t want anyone to make calls in your name. For that reason, you had to enter a PIN code whenever you wanted service from your SIM card. Without it, the SIM’s own processor stayed dead.

Back in the days, this was adequate protection. The average pickpocket did not have the equipment/skills to break into SIM and you wouldn’t continuously check your phone every 5 minutes for new messages. Entering 4 extra digits whenever you wanted to make a call was not very inconveniencing.

Today, the game has changed! Lockscreens are, for most people, little more than a ritual. A mindless task they perform in order to accomplish an abstract goal (“staying safe”) without understanding what they do or why it is pointless the way they are doing it. They simply “know” it has to be done, simply because it has always been this way. Of course, you can quest for a less bothersome method of gaining access, but even suggesting to do away with it entirely is utter heresy.

Now stop, think and wonder. If you are a typical smartphone user, then …

  • you upload your address book to your favorite social network
  • you sync your bookmarks, emails,… across devices (through 3rd party services)
  • you backup your device to the cloud
  • you store your photos on your (removable) SD card
  • you keep credentials for a multitude of internet services (including online banking) on your phone.
  • you have a flatrate for calls.

What the hell do you need a lockscreen for? The traditional reasons no longer apply. Phone bills no longer ruin you financially. Your address book is as unsafe as it can be.  Your “private data” can easily accessed by popping out the SD card and the treasure trove of other things you keep on your device even makes it worthwhile to actually make an effort to try to break into it. Face it: using a lockscreen with a modern day smartphone is akin to putting a $5 padlock on your steel reinforced front door while leaving the back entry wide open with a neon “welcome” sign above it.

If you want security and think that a lockscreen will provide, then you are doing it wrong. Period.

Posted in Security