- A Twitter user has posted a video revealing how the Moto G5 Plus Prime Edition lock screen can be bypassed by tapping on an Amazon ad.
- This is said to provide full access to the device, and others have been able to recreate the flaw.
- The issue isn’t present for all users, however, and may be linked to specific behavior.
Amazon launched its Prime Exclusive phones service in 2016, offering Prime subscribers a chance to get Android phones from major OEMs at discounted prices. The catch was that the phones would also come with Amazon advertising. We wrote about the savings you can make with these devices just yesterday, but a subsequent development might make you think twice before picking one up.
Twitter user @jaraszski recently uploaded a video earlier this week (caught earlier today by Android Police) that shows how the Moto G5 Plus Prime Exclusive can be bypassed with a rather simple workaround. In the video, the user taps the fingerprint sensor button—which says “not recognized”—then hits the power button, before tapping on the Amazon lock screen ad that pops up to gain full access to the device.
Hey @amazon @MotorolaUS. I found a security flaw in my Amazon motot g5. Hit fingerprint sensor (it says fingerprint not recognized), then press power button, then click view ad on the lockscreen. This gives you 100% access to the phone. pic.twitter.com/eqLWLn34pD
— Jaraszski Colliefox (@jaraszski) January 22, 2018
What’s more, this doesn’t appear to be an isolated incident, as a second video has also been uploaded displaying the same problem.
With smartphones being home to so much of our personal information, being able to hypothetically unlock another person’s device in such a simple manner is alarming. But it seems that not all users can recreate this workaround, while others say that it happens to them only if they have already unlocked the device within the last 30 seconds or so.
It’s certainly something that should be investigated, but it might still be too early to say this is a gaping security issue: perhaps it’s related to a rogue bug or something that certain users have (inadvertently) installed/changed. I’ve reached out to Amazon regarding the matter and will update this story when I hear back; let us know in the comments if you’ve experienced this or something similar.