Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Android 10 "add users from lock screen" issue

Issue

On my Pixel 3 XL with new Android 10, even with "add users from lock screen" disabled, I discovered that I could reliably create a new user from the lock screen (swipe down the top menu, select blue user icon, and the "Add user" plus-sign icon is available).

I've posted this publicly - at first because I thought I must be mistaken, but then expanded later because the issue is not exploitable remotely, can only be carried out after authorized-equivalent access to the device has been achieved, is trivial to recreate with normal UI interaction, and would very likely have been disclosed by others in the very short term.

Status

Steps to recreate

  1. Settings -> System -> Advanced -> Multiple Users (enable this)
  2. Disable "Add users from lock screen"
  3. Lock device, and confirm it's locked by trying a non-instant unlocking activity (like swiping)
  4. Drag down the top menu
  5. Select "Add user" (if this does not appear, unlock device, lock device, verify lock, and try again)

Workaround

Disable the "multiple users" feature in Android (thanks to @raulsiles for the nudge!)

Nuances

  • It may not manifest immediately after setting, and also does not manifest immediately after reboot; locking, unlocking, locking, and then testing again appears to invoke the symptom.

  • I have my device set to lock immediately when the power button is pressed, which I can confirm by making sure that I'm prompted for fingerprint/password when trying to unlock. Under those circumstances, I am still able to add a new user, even with "add users from lock screen" disabled. I'm also not using Smart Lock.

PoC video

(Only the first few seconds actually matter): https://www.youtube.com/watch?v=E3JYZvDaHww

As shown in the video, the "Add users from lock screen" is disabled, and the screen is visibly locked (padlock at the top of the screen).

Android issue (not yet public)

https://issuetracker.google.com/issues/140447135

Confirmations by model

Many 10-eligible devices (2016-) in the Pixel family seems to be affected. Still looking for confirmation from other families.

  • Pixel 1 (sailfish) - confirmed

  • Pixel 1 XL (marlin) - ?

  • Pixel 2 (walleye) - confirmed

  • Pixel 2 XL (taimen) - confirmed

  • Pixel 3 (blueline) - confirmed

  • Pixel 3 XL (crosshatch) - confirmed (my device)

  • Pixel 3a (sargo) - ?

  • Pixel 3a XL (bonito) - ?

  • Pixel Slate (?) - ? (runs Chrome OS)

  • Essential Phone PH-1 - confirmed (one private report)

  • Redmi K20 Pro - ?

(But at this point, it appears to be likely that it is an Android-10-wide issue)

Public confirmations

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.