A bug in the Android OS version 2.0.1 can allow unauthorised access to your phone, bypassing the locking mechanism on the Motorola Droid (or Milestone in Europe and Australia), with a simple phone call to the device.
The Android OS has a unique way of locking the device. Instead of a PIN, you have an 3×3 grid of circles and you create a pattern of 4 to 9 circles. According to The Assurer, which broke the news of the leak, this results in 3,024 to 362,880 different combinations. It sounds secure, and it is – unless you have an incoming calls.
Unlike other devices, the Motorola Droid has a back button when you are asked to put in your pattern combination, and pressing that takes the user back to the Home screen without being asked for the pattern, allowing full access to applications and data. However, it will proceed to ask you to type in the pattern when the call ends.
This is, basically, the easiest way to steal someone’s personal data from the phone, and another person, if technically capable to do so, can access your e-mail messages and financial information, like your credit cards and e-statements from banks.
It is unknown if the Nexus One has this similar flaw, and it has not been tested since it uses Android OS version 2.1.
Google has acknowledge the problem and is looking on a fix. A spokeswoman told Techcrunch’s Jason Kincaid, “We are aware of the issue and we’re working to deliver a fix to Motorola Droids shortly.”