[Hack] Bypass Android lock applications
Every person with an Android has some sort of a lock application these days. Have you ever been challenged by anyone on bypassing it and you really wished you could ?
I got some help for you !
This post is for educational purpose only and this is purely out of my experience with quite a few of the most widely used apps out there ( AppLock, LOCX, SeramphimDroid).
What is the new buzz ?
Well, recently while playing around with one of the applications ( SeraphimDroid ) hoping for some bugs, I found out that the application was getting initiated with a lag on reboots. After reboot, the MainActivity was launching after sometime, as if it was waiting for some signal.
On further digging, I found out that the application was waiting for the ' BOOT_COMPLETED ' intent to be broadcast. The application would only start working on receiving this particular intent from the system.
The problem here is that, the BOOT_COMPLETED intent is sent by the system only after all the system services become active. But, the device, as a whole, becomes operational way before the intent is sent.
Generally, the MainActivity of these applications are their lock services ( i.e, their prime motive ). Until they are launched, these applications are just useless and can't even protect themselves !
Now, lets move on and see how this works !
Note :
1. If the lock application is registered as a Device Administrator, this very trick doesn't hold good. Some of the applications ( like PrivacyGuard ) in their latest releases have made it mandatory to register their apps as Device Administrators, which voids the working of this method.
2. Device's lock screen protection ( pattern / number lock ) is a pre-requisite.
Steps :
* Make sure the application is not a Device Administrator. ( Remove it from : Settings > Security > Device Administrators )
* Reboot the device.
* As soon as the device reboots, quickly go to settings > Apps and uninstall the lock application. The device will take around 10s - 20s to send the BOOT_COMPLETED intent. Uninstalling has to be done before that. This has been found to be working ( verified personally ) on most of the applications like AppLock, LOCX, SeraphimDroid. But, this should undoubtedly work on all the others too.
Simple as that !
Go check it out !