🚨 Easy App Lock Bypass

[junaidexe]

I found a simple bypass by accident.

Steps to reproduce:

1. Open a locked app so the lock screen shows
2. Turn off the screen
3. Turn it back on and unlock the phone
4. Go back to the app

Result:
The lock screen does not show again and the app is fully accessible.

Expected:
The app should ask for authentication again.

Details:

• Device: Galaxy S8+
• Android: 9
• Backend Implementation: Usage Statistics (not Shizuku)

This basically means anyone who knows the phone unlock password can access locked apps. Not sure if this is specific to the Usage Statistics backend, but it is consistently reproducible on my device.

Let me know if you want more info or testing.

[junaidexe]

junaidexe:
Device: Galaxy S8+
Android: 9
Backend Implementation: Usage Statistics (not Shizuku)

On a similar configuration: Samsung Galaxy S9 and Android 10, I am unable to reproduce your issue.

You need to meet these requirements to reproduce the issue:

• Backend Implementation (in App Lock settings): Usage Statistics
• Android 9/Galaxy S8+ (If the same issue isn't reproducible on other devices)

I have attached a screen recording for more clarity.

VN20260220_155001.mp4

[garry-ut99]

I confused Usage Statistics with Accessibility Service, yes after switching to the former, I now can reproduce the issue (on 2.2.2).

---

What is even more funny, App Lock - Xlock suffers the same.

[garry-ut99]

Confirmed - it's now fixed in 2.2.3 for me.