As I previously blogged, there is a serious security flaw in the way that the Android 2.2 OS is implemented, at least on the Motorola Droid 2. If you want to require a password to unlock the phone, and you hit the lock key, it takes at least two minutes before unlocking the phone will require a password.

To try to resolve the problem I decided to see if there might be an app on the Android Market that would allow me to lock my phone instantly and then require a password to unlock it. I went to the Android Market and searched for “screen lock”. The results were more than I expected.

One of the results was an app called “SexToyX Vibrate” for $1.99 US. Odd name for a screen lock utility, isn’t it? Then I read the description.

This software into the phone flirting tool.
You can sense vibration of variety to the new experience.
Show your mind.But do not make her angry.Good luck.
Men's necessary. Note Waterproof and Good luck.

So why did this app show up? Also in the description was the comment

Fixed Bug:
* Screen lock problem.

The app requires only one permission, it turns on the vibrator that is built into the phone. There was one comment about the app. Marilyn rates the app 1 star out of five and says “The vibration is weak where it counts!!”

Thanks Marilyn, but, umm, could I borrow somebody else’s phone?

I’ll let you all know if I find a solution for the phone lock or it gets fixed in the OS.

Randy Abrams
Director of Technical Education

Author , ESET

  • cowardly impersonator

    Nobody cares about your new phone… 3 blog posts now about trivial android security features ? No thanks….
    Plus.. everything you're talking about clearly demonstrates you don't know anything about the platform, it's permissions or security model… So maybe you shouldn't talk about it?
    this blog IS called "Threat Blog" right ?

    • Randy Abrams

      So, go ahead and back up your claims. Demonstrate that I don’t know anything about the security models or permissions. And, instead of impersonating me in your screen name, have a little guts and use your own name :)

      And yes, I changed your display name form “Randy Abrams” to something descriptive of your approach.

