Think Outside The Box
I think some readers are missing the potential dangers of this design flaw. On Android versions 4.0 through 4.3, any application, without requiring permission to do so, can reset any lock mechanism back to the default swipe method. Someone can write an app, not even a rogue app, and have it take advantage of this vulnerability. Think Code Red with Nimda (on the rogue side of things). How about an application, such as one touting encryption with SMS and may in fact do as advertised but also allows for a crafted text string to unlock the device? Should said app gain popularity, easily bypassing lock features could be possible. How about this same concept done without your knowledge like the backlash of carriers leaving debug mode enabled on CarrierIQ? Do people often disable USB debugging when they're often doing things like rooting and modding their devices? Not to mention how this could play into the BYOD movement. These are things to consider.
Biting the hand that feeds IT
