Implementing Risk Score to Protect from Android Pattern Lock Attacks


Yasir Al-Qaraghuli and Caroline Hillier, University of Guelph, Canada


Cyberattacks on Android devices have increased in frequency and commonly occur in physical settings with shoulder surfing and brute-force attacks. These attacks are most common with devices secured by the pattern lock mechanism. This work aims to investigate the various methods that increase the security of Android lock patterns. Research showed that these pattern lock screens are especially vulnerable due to users employing a set of common lock patterns. We propose a pattern-matching algorithm that recognizes these common lock patterns and increases the Risk Score if these passcodes are attempted. The blocking of common passcodes, and identification during the unlocking, reduces the risk of the aforementioned threats to device security. The algorithm we implemented succeeds in deterring users from configuring their devices with commonly used patterns. Overall, our algorithm achieves advanced security compared to current systems by detecting unusual inputs and locking the device when suspicious activity is detected. Our test results show 80% satisfaction from human test subjects when settings the passcode. The algorithm eliminates the use of commonly used patterns and 79% acceptance using our proposed algorithm and blocks access to the device depending on the accuracy score. The proposed algorithm shows remarkable success with limiting brute-force attacks as it proves effective in denying common passcodes.


Android device, Lock pattern, Brute-force, Shoulder-surfing, Pattern Recognition.

Full Text  Volume 12, Number 12