ve3jlg
I have not seen Bluetooth-out-of-range auto-lock implemented on a phone before.
I have seen it on Windows Hello for Business. It works reasonably well.
I actually did a pen test on this.
I tested the function of the Multifactor Unlock "trusted signal" credential provider when Bluetooth is nearby, and found serious vulnerabilities.
For speed, Microsoft cannot wait for the full encrypted connection, but rather just uses the beacons.
I have some Ubertooth One dongles that were able to spoof the GATT attributes of a paired Bluetooth device. Windows Hello doesn’t do a full BT authentication during each unlock, there is room to own. Then there are possible vulnerabilities of attacking during registration process. Downgrade attacks and a few others. Microsoft is good with security, but so is Google, and we know what happened to their FIDO Titan Key with Bluetooth.
For auto-locking on an android phone, I can spoof my own signal with your device's GATT signature. So you'd have to design it for actually encrypted data. Possible, but not easy.