3 min read

Should your voice be enough to unlock your Android phone? Google seems to think so


April 16, 2015

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Should your voice be enough to unlock your Android phone? Google seems to think so

According to media reports, some users of Android phones are beginning to see a new feature rolled-out to their devices.

And it could mean that all you may need to do to unlock your Android phone in future is murmur the words “Ok Google.”

This isn’t the first time Google has tried to give Android users methods to unlock their devices without having to go to all the “effort” of entering a PIN, swipeable pattern or password.

Android 5.0 Lollipop already has “Trusted Face” mode (which is supposed to recognise your face),
“Trusted Devices” (which means your Android will always be unlocked while it’s connected to a trusted Bluetooth device), and “Trusted Places” (which means your phone is always unlocked when you’re at home or office – which rather presumes you don’t have a jealous snooping partner or sneaky business rival).

Trusted Voice is the latest in Google’s line-up of smart locks, using voice recognition to check your identity.

If you enable Trusted Voice, then all you will have to do is issue the “Ok Google” command, and you won’t be pestered for a password or PIN on your device.

But there is an obvious security concern, of course, and even Google appear to be recognising it by displaying a warning whenever the “Trusted Voice” feature is enabled:

Should your voice be enough to unlock your Android phone? Google seems to think so

“Ok Google” Trusted Voice

Trusted voice is less secure than a pattern, PIN, or password. Someone with a similar voice or a recording of your voice could unlock your device.

Woah. No kidding it’s less secure. Frankly that kind of warning would have me running a mile.

Sure, it might feel all very Star Trek to have your Android unlock itself just at your voice command and I can imagine some nerds showing off the kewl feature to their friends, but it’s hardly Fort Knox-style security is it?

The fact of the matter is that our smartphones are these days where we keep our most precious photographs, our confidential work projects, our private communications… do we really want to make things easy for a determined attacker who might already have recorded our voice or learnt how to mimic it convincingly enough?

Furthermore, I can’t imagine many companies feeling comfortable with staff using a privacy-threatening feature like this and they are sure to try to lock down its use and impose their own security regime.

The truth is that “Trusted Voice” is nothing to do with security, and everything to do with convenience.

If it can’t adequately tell the difference between someone doing an impression of you or a recording of your voice (which it seems – from the warning message – that it cannot) then you should never turn on the option in the first place.

Mind you, perhaps the kind of people who would be attracted to the lazy “Trusted Voice” option of unlocking their phone are the very same ones who would never both to have a PIN or password because of the hassle involved in entering it. Maybe, for these people at least, “Trusted Voice” is better than nothing.

What do you think? Do you want to unlock your phone with your voice? Or do the security issues concern you? Leave a comment below and share your thoughts.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like