In September, Google added it remote locking device in its management Android, allowing them users to lock their phone if it is stolen or lost.
The mechanism allows the user to bypass the existing device lock system and set a schematic system password for better security.
But recently, the Curesec, a research team from Germany has discover an interesting vulnerability ( CVE-2013-6271 ) on Android 4.3 which allows a rogue application toslowto all existing locks on the device that have been activated by its owner.
"There is a bug in "Com.android.settings.ChooseLockGeneric class". This category is used to allow the user to modify the type of mechanism lock that the device should have. ” says the CRT team on the blog post
Android OS has many mechanisms to lock and unlock the device such as PIN, Password, gesture, and even face recognition, though most of them half users do not use them. However, for each change in the password settings, the device asks the user to confirm the previous insurance.