Pixel 9 lockscreen bypass on stock OS

dc32f0cfe84def651e0e

https://www.youtube.com/watch?v=SmZsfn69B7E

DeletedUser370

dc32f0cfe84def651e0e From what I'm gleaning at ₄:50, this is a glitch where the phone shows the Play Store entry for ChatGPT for a second before the phone returns to the lock screen. I'm personally not sure how much of a privacy problem this is. Unless the glitch can be reproduced by showing other apps than the Play Store for a second, such as a Signal chat containing sensitive conversations.

KleinesSinchen

If this is not a fake it is definitely not good. Surely not completely unexpected when exposing huge functionality ("Digital Assistant", "AI") on a locked device. Deactivating the "AI" should close the loophole.

DeletedUser370 where the phone shows the Play Store entry for ChatGPT for a second before the phone returns to the lock screen.

According to the video title they install ChatGPT from lockscreen and start the app afterwards – and finally unlock the screen the normal way to show the success (ChatGPT is started after unlock).
If I got this right, that would allow installing+starting any app from Play Store. Publishing an app into Play Store is not that big of a hurdle, there has been malware often enough. Don't know what an app can do without requesting dangerous permissions – This brief moment should not allow granting access to all files/phone/SMS/location or even device admin/accessibility.

ryrona

KleinesSinchen According to the video title they install ChatGPT from lockscreen and start the app afterwards

Yeah, from what I saw, it seems the issue is that they have access to a regular input box on the lock screen, where they can select text, and perform actions such as copy and paste. One of the actions that can be done when you have selected a URL is to open it in the web browser. Apparently that action works, and the URL they typed is opened in the web browser below the active lock screen. In this case, they used the fact that if you enter a Play Store URL into the web browser, it will redirect to the Play Store app instead. As I see it, this is the big issue. In no way should anyone be able to interact with apps, such as opening the web browser at specific sites, from the lock screen. An issue where you could open the Settings app by connecting a physical keyboard and pressing a certain key combination was recently patched. This seems to be a far more serious issue, as not only can the web browser be opened from the lock screen, but at any specific URL.

The glitch where they momentarily can interact with the launched app, in this case Play Store, is only what makes their bypass complete to actually install apps. But if they couldn't launch the app from the lock screen, this glitch would never occur anyway.

They can likely interact similarly with any other app that gets opened upon visiting specific URLs.

It is unclear if this applies to GrapheneOS. But at least it does not seem to affect GrapheneOS at default configuration, as there are no regular input box on the lock screen in GrapheneOS. Just the passphrase one, and that one does not support actions such as open, copy or paste.