AT&T’s flavor of Galaxy S II isn’t available until October 2, but a security hole has already been discovered. The user generated lock screen security features can be easily bypassed. It has been confirmed that this security hole is only on the AT&T version of the phone, and not on Sprint’s Epic 4G Touch.
When a person selects to have a lock screen on Android phones they have three options, a sliding pattern, a pin number, and a password and all of those lock screens can be bypassed on the AT&T Samsung Galaxy S II. It’s actually pretty surprising how easy it is to get around the lock screen, there are only two steps in the process. First you press the lock/unlock button to bring up the lock screen, then you wait until the screen turns black, and then you press the lock/unlock button again and the lock screen is gone.
The only way that the lock screen will be effective is if you happen to turn off your phone prior to losing it. When powered on the user will need to enter in the code, and there is no getting around that when rebooting. Hopefully Samsung will have a fix for this security hole quickly, but it is unlikely that it will be fixed prior to its October 2 launch.
It’s always best to have some kind of lock screen on your phone just in case you lose it. While some pattern lock screens can be picked it’s still better than nothing.
Update by Jeffrey Van Camp, 10-01-2011: Samsung has issued an official response to this bug, which is below.
Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password – but the password is not actually necessary to unlock it.
Samsung and AT&T are investigating a permanent solution. In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the “immediately” setting. This is done by going to the Settings->Location and Security->Screen unlock settings->Timeout->
There will likely be an update soon, but for those of you who feel crazy insecure without a password, you may want to check out another device or hold off. On the whole, this issue has a decent workaround already.