Want a phone on the cheap? There are plenty of budget phones out there, but one of the features of Amazon’s Prime Exclusive program is that it takes those prices even lower. However in exchange for these low prices, Amazon will be preloading the phones with ads which are typically displayed on the lockscreen.
Unfortunately it seems that it has been discovered that there is a bit of a security vulnerability with these ads, where anyone can basically bypass the lockscreen even if they don’t authenticate themselves. This flaw was discovered by Twitter user Jaraszski Colliefox who posted about it on Twitter.
Hey @amazon @MotorolaUS. I found a security flaw in my Amazon motot g5. Hit fingerprint sensor (it says fingerprint not recognized), then press power button, then click view ad on the lockscreen. This gives you 100% access to the phone. pic.twitter.com/eqLWLn34pD
— Jaraszski Colliefox (@jaraszski) January 22, 2018
According to Colliefox’s discovery, “I found a security flaw in my Amazon motot g5. Hit fingerprint sensor (it says fingerprint not recognized), then press power button, then click view ad on the lockscreen. This gives you 100% access to the phone.” We don’t have the phone with us so we are unable to verify if it works, but posts on Reddit seem to confirm that it does exist and that the bypass method works.
Android Police did further testing with the Nokia 6 Prime Exclusive but were unable to replicate it, so it seems that it could be an issue with the Moto G5 Plus, rather than the lockscreen ads. Either way hopefully this is an issue that Amazon/Motorola will look into ASAP.