IssueTracker

It's tricky, since then we'd need to allow DNS packets to bypass the firewall before establishing the VPN.  (We'd need to carefully block any DNS requests from other apps to prevent leakage, and cross our fingers that the DNS client on the device doesn't have any vulns.)

[Comment deleted]

Any idea if this feature can be implemented?  It is better than no security at all!

Dear jshar...@android.com 

Sorry, but I can't follow to your argues in #c1. Yes it's correct, DNS Spoofing is a valid security issue and might harm the VPN security BUT
* in real life it's little to no attractive to emulate a widespread of VPN Servers, isn't it?
* if someone will do that, bypassing SSL certificates might simply be tracked down by using certificate pinning (what is a good idea, nevertheless)
* where is the "security difference" between a manual connect with DNS resolve where you can't check if it's the correct server and the desired auto-connect
* android would have a much better face getting more of these "make security functions convenient". Other third-party ROMs are shipping them continuously already!
* you might also track down the security risk by allowing auto-connect if a fixed DNS is used?! But still, this is even fixing the symptom. Someone might still route this to a poisoned DNS. Certificate pinning is your friend, validating if your VPN Server is really yours.
* regarding issue 36949180 this feature should be part of a set of "make unencrypted WiFi secure". Guest / Customer WiFi without encryption is unwillingly common practice.

Don't be evil, have some thoughts on it. It's possible if you want to add more security!!!

It's been almost 2 years and google still has nothing on this?
All VPNs today constantly rotate their IPs (due to blacklisting or load), so it is absolutely unfeasible to only use IPs.

It's getting very very annoying to do even the most basic tasks securely these days...

"where is the "security difference" between a manual connect with DNS resolve where you can't check if it's the correct server and the desired auto-connect"

This really ought to be an option.

In order to support global VPN solutions which provide GEO based closest VPN connection for performance reasons, not to mention HA capabilities where a failing Point Of Presence doesn't make an Always-On device completely useless, I strongly recommend you re-prioritise this capability.   The competition has moved on particularly in the Enterprise space.

It' more than 2 and a half years now. Google sucks at this.

I have same issue as my VPN provider doesn't have static IP's for its servers. I have to manually connect to my vpn everytime connection drops or i restart my data connection.

[Comment deleted]

What a SHAME on Android developers. Think about PRESHARED key. How do the attacker is supposed to know it. Think about cert validation. Just think and make it happen. This is a must be function. Wake up!!!!

Still waiting for a fix.

Thank you for your feedback. We have tried our best to address the issue reported, however our product team has shifted work priority which doesn't include this issue. For now, we will be closing the issue as "Won't Fix (Obsolete)". If this issue still currently exists, we request that you log a new issue along with the latest bug report here: https://goo.gl/TbMiIO and reference this bug for context.

I have the same issue with Nexus 4 5.0.1.

Has anyone found a work around without using root?

I have been experiencing this issue on my Nexus 7 but it wasn't until I found this thread that I realized it was due to using "Invisible Lock Widget" to lock the tablet.  Any idea if this will be fixed in a future update?  I'm on update 5.0.2

I am also affected by this issue as I am using N5.

Same problem here. Fix this bug!!!

Very very annoying bug.
Fix this or provide a new api.

News about this bug on Android 5.1?

[Comment deleted]

[Comment deleted]

 just checked with the updated emulator, and unfortunately the bug persists in 5.1. :(

Google, come on!

EDIT1: Is it possible to raise the priority of this issue?

EDIT2: Confirmed on actual device. Nexus 5, Android 5.1, bug is still there.

My Note 4 Lollipop also has this problem

As a screen off app user,the bug is really annoying.

On nexus 5, power button is really fragile.
So for me,trying to avoid using it is necessary!!! So I use third party screen off apps so please fix it!!!

I am having this issue on a N5 updated to OTA 5.1 rooted.  Smart lock will not unlock on location if I manually lock it or let the screen timeout on it's own.

Please fix!

Nexus 6, Location Based Smart Lock not working at all.
even with: GPS enabled, location mode High Accuracy, and simply press the power button to sleep the screen, the phone is immediately locked, and doesn't unlock based on location.  Also, why isn't it possible to DELETE the default trusted location, instead one may only "edit" it.

Same here, please fix it!! I use screen off and smart lock doesn´t work. :(

Same here with GravityScreen widget.

Smart lock worked very well (except after very long sleeps e.g. overnite).

I feel like it stopped working before I sideloaded a 5.1 OTA on my N5. On 5.1, I'm still experiencing difficulty. I feel like this is happening to me even when I manually lock or even let a screen timeout lock happen.

Very frustrating, as this feature was so good.

Worked (almost) perfectly fine week ago, but last few days it NEVER work on my home address (but worked fine at my parents' next house).

Super annoying.

uninstall google play-service update.

This bug drives me crazy.  My Sony Smartband is totally useless when I'm out and about and I have to constantly swipe my pattern...

Fix this please, since the 5.1 update I can no longer uninstall the Play Services updates as a temp fix.

Please fix this...

N4 running 5.1. Issue started on 5.01 after phone crashed and rebooted a few weeks ago. Worked great before then. Play Sevices version 7.0.99, uninstall updates is grayed out.

[Comment deleted]

On my Moto G (XT1032 (1st generation)) with 5.0.2, the flip cover behaves like the power button - it doesn't kill Smart lock (well, I actually don't have a flip cover, but I checked that by using a magnet).
However, screen-off apps don't allow me to use Smart lock, as described people above. It is very annoying.

Same problem on Xperia Z3 since it upgraded to Lollipop just recently :(

Same problem here.. Solution please... Thanks

Same problem xperia z1 compact

Same problem with LG G3 Android 5.0 .. been experiencing this issue with the recent release of Android Wear. The hardware on / off button solution appears to work.

On a whim I turned the smart lock location feature back on and it started working again.

Same problem with Sony Z1 :(

This issue made SmartLock feature useless bc I always use software to lock screen. Please fix!

Same here, please fix bugs faster, 5.0 is almost a year old, this is terrible customer support Google.

Bump, this affects me too, and I don't want to root my phone :(

Do you mean by that there is a resolution for this if your phone is rooted?

Yes, if you're rooted, you can install Xposed framework, and use GravityBox module. With this module, you can create a shortcut and assign "go to sleep" action to it. Smart lock doesn't seem to be affected by this, it's working fine for me now. If your lancher supports gestures (double tap, for example), you can assign the "go to sleep" action to this gesture as well.

However, this is of course only workaround, not a real fix.

Z3 compact here, 5.0.2. Same issue.

Same for my Samsung note 4 & the Sony Z3 compact.
I've to stop smartlock... because it's useless...

Smart app lock is not working in ma sony z2 since I updated software to 5.1 lollipop how can I fix dz issue??

Is this bug still there on 6.0?

Unfortunately, yes it does exist on Android M preview 3 running on my Nexus 6.😢

Here is what I observed. Smart Unlock works for me as long as I dont use the gmail app for Exchange ActiveSync. The moment I turn this on, SmartUnlock is completely disabled. @Google guys, I would have expected more QA and better understanding that the majority of the world uses Exchange as Enterprise email server. Can you please make sure that Smart Unlock works irrespective of the email account being used thru gmail widget?

Experiencing this issue with Nexus 6 on 5.1.1 and smart device (miband). Any word from google whether this will be addressed in Marshmallow?

HERE IS THE FIX....!!!!  download gravity screen from the play store.. I've been using it a year and love it... In the app settings check the smart lock feature box.. Home location works flawlessly now.. Hope this helps..

@58: Unfortunately, this is not a fix.

1. When unchecking the "Smart Lock feature" checkbox, as you proposed, the problem is obvious: Every time the phone is locked by this app (e.g. when placing it on a flat surface), the GoogleTrustAgent breaks and Smart Lock feature is disabled. When turning on for the next time, the PIN/pattern is required.

2. Checking the "Smart Lock feature" box uses a very simple workaround: Instead of turning the phone off (which would cause the bug and break Smart Lock) it simply turns the brightness down and shows a black screen. Then the phone is simply for the built-in timeout poweroff (e.g. 30 seconds), which does of course NOT break the Smart Lock feature.

It simply shows that the app developers are aware of the bug and use a (very basic) workaround. Still waiting for a fix.

I just got Android 6.0 on my Nexus 5.
I can (sadly) confirm that the issue is not solved yet :-(

Furthermore Trusted Devices does NOT work properly any more. I use a Moto 360 and normally don't have to enter my pincode, but after upgrading I have to enter the pincode all the time.

I am SO VERY disappointed :-(

Please repair it. Thanks

[Comment deleted]

Hi,

Please do provide full bugreport

Android bug report
After reproducing the issue, press the volume up, volume down, and power buttons simultaneously. This will capture a bug report on your device in the “bug reports” directory. Attach this file to this issue.

Note: Please upload the bug report and screenshot to google drive and share the folder to android-bugreport@google.com

Hope this helps.

You can easily reproduce the bug on any device running Android 5.0 - 6.0 though.

Hi,
We have passed this defect on to the development team and will update this issue with more information as it becomes available
Thanks

Hi,
thanks for finally addressing this bug! However I am not sure if this is in fact a duplicate, since I don't use MS exchange active sync at all. The bug occurs whenever the screen is turned off by an app, instead of the power button or screen time-out.

Same problem on Nexus 6p running Android 6.0

This app is working fine to turn screen off, and
is compatible with SmartLock.

https://play.google.com/store/apps/details?id=com.ryosoftware.screenoff

It requires root permissions.

Please note that this issue also prevents the fingerprint reader on Nexus 5X from unlocking the phone after it has been locked via an app. Scanning a fingerprint prompts the user to enter their password/pattern/pin.

Tested on Android 6.0 using Nexus 5X. App used to lock screen was "Screen Off and Lock" by Katecca.

Still broken in 6.0.1, unsurprisingly.

Confirmed: STILL broken on Nexus 5 Android 6.0.1

this bug is really annoying in imprint devices

hope google can change the priority to high

and fix it asap

[Comment deleted]

Finally! (Priority has been changed to "high")

Now wating for Status to change ;)

Cant wait for a fix.

I will say I have been using gravity screen with the gravity sensor setting to turn off the screen and it does not seem to interrupt the trusted lock settings

I use gravity screen. In both modes, gravity sensor and proximity sensor,
the result is the same, the smart lock collapses until I turn the phone in
stand by with the power button. Moto X play.
El ene. 8, 2016 4:01 PM, <android@googlecode.com> escribió:

According to the gravity screen FAQ [0] there is a non-perfect work-around for the fingerprint sensor and smart-lock support (question 23).

[0] http://forum.xda-developers.com/showpost.php?p=40102037&postcount=3

I apreciatte your help to fix the issue that no permit the correct function of screen block. I think is very important give it solution, because is a security subject. Thanks for you interest.

Smart screen on off will help you double tap screen off on all Lauchers
Check it out!
https://play.google.com/store/apps/details?id=dev.suriv.suscreen

When is this ging to het fixed? I dont want to root!!! (Imprint is useless with screen turned off with app!!!)

Very frustrating issue! Unable to use nexus for work is going to force me onto an iPhone ...

still affects nexus 5x with latest 6.0.1

Nexus 5x still has the issue.  Fingerprint unlock doesn't work if the screen locked via soft lock.

Problem affects also Nexus 6P.
When you bring out a new Phone with an old and known problem, you don't take your users serious :-(

This bug has been opened on 17 Nov 2014, today the issue is still there. How long we have to wait for a solution? It's really disappointing.

Problem affects Moto X (2014) with Android 6.0 too

More than a year and they have not bothered to fix this issue. I have started to like outlook app now. Dont think will switch back to using gmail.

the problem is also present in the xperia Z5 , something really very annoying

yes for me too. I have an Xperia Z5 with marshmallow and this Problem
is crazy. On LL 5.1.1 this Problem was not present.

I have same issue with new Samsung Galaxy S7 Edge.

I really don't want to have to root my device just to be able to use a screen off app and still have the FP work to turn it back on. Come on Google - please fix this now?

High priority but his bug hasn't been fixed in Android N Preview yet...

Just thought to share my story..

Originally I reported this issue while using Nexus 4 with Android 5.0, then I switched to Nexus 5 for short time and now using Nexus 6. All the way from Lollipop-Marshmallow and now N preview. But this issue is persistent across my usages. It looks like there's small set of people who is affected by this issue and so it is overlooked.

It is funny to realize that during Nexus 4 days I was using soft screen off button (and SecureSettings root app to unlock my device at home or BT connected to my pebble). But as Google introduced that feature in OS itself I stopped using SecureSettings and eventually stopped doing root. Due to this issue, in order to use the default smart lock feature I changed my habit of turning screen off from "software button" to "hardware button".

And every time I turn off my phone screen using power button, even today (after 1.5 years), my brain commands my hand to swipe up from home button (that's what I was used to while using Nexus 4 or before) first. I obviously no longer have this option set so I end up hitting power button to turn screen off.

I kept on waiting for this issue to be fixed so I refused to train my self to just rely on h/w power button. But in fact, I should have just ignored this and get used to h/w power button. Just like Appleish approach, use the device the way it is designed and not the way you want :)

Anyway, small thing but its the "hope" that kills!

Cheers!

I experience this issue with a Sony Xperia Z3C running their Concept software, which recently added "double tap to sleep" functionality to their home screen app. Now I have to disable this great feature. :-(

Please, Google solve this issue!

Just updated my OnePlus 2 with the marshmallow (oxygen 3) beta update and this is issue is again present. Can't use FP to unlock after using double tap through Nova Launcher to turn screen off. Only way past this problem is to run Nova in root mode,which,ironically, diminishes the security of the phone that FP was designed to achieve.However, given how long this thread has been going for,I wouldn't hold my breathe for Google to fix it.Is anyone from Google even reading this thread?

This bug also affects imprint (fingerprint) sensor on Nexus 5x. Any app that uses method DevicePolicyManager.lockNow() breaks fingerprint functionality - password prompt appears after using software lock.

Fix your shit.

Nexus 5x still has the issue.  Fingerprint unlock doesn't work if the screen locked via soft lock.

Galaxy S7 Edge affected as well after XXU1APD1 update. Fingerprint unlock doesn't work after DevicePolicyManager.lockNow()
Please fix it.

Galaxy S7 edge affected. Fingerprint lock does not work if the screen is locked using an app instead of power button.

Both Trusted devices (via bluetooth - worked for only once at the setup)  and Trusted places are not working on LG G4 - Android Version 6.0 . Both options are enabled but it is asking for security PIN nonetheless. It is a very annoying bug. Hope it is going to be fixed soon...  

Fix this please!! I can´t believe this is still happening

S6 Edge with 6.01; Please fix it

Samsung S6, this startet happening to me since last update to baseband version: G920FXXU3DPDP

This is intended behavior. There is no crash, DPM.lockNow intentionally
disables smartlock temporarily.

The short of it is lockNow() is supposed to put the device in the most
secure state, so we disable TrustAgents.

Developers shouldn't be using this for anything other than DeviceAdmin
security.

So this leaves us with the open question:
How can a user lock his phone without using the power button (through an app for example) and still be able to unlock it using fingerprint?
He simply can't? that does not make any sense and i would expect much more flexibility from android.. :(

@amruthav and that's the "intended behavior" because...? Is there a security reason/concern around this? A bit more openness in a open source project would really help...

"intended behavior". These things really affect us indie devs.

I understand the rationale given in #110 - but then I'd like to call for Google to provice another call that actually behaves exactly like the power button, that is, one that locks the device but keeps smartlocks and fingerprint sensors working.

Hi,

For the below queries you have asked response is shared here

1. How can a user lock his phone without using the power button (through an app for example) and still be able to unlock it using fingerprint?

 There's intentionally no API for apps to call to lock the device.

2. Is there a security reason/concern around this?

 Yes, there's a DOS (denial of service) concern if we allow apps to lock the device. Either intentional or accidental (app bug).

The exception to #1 is DevicePolicyManager API.  DeviceAdmins can call lockNow() once users grant permission. However,  this is purely a security function meant to lock down the device in case of emergency (lost/stolen phone).  The API is meant to lock the device in the most secure state (no fingerprint, no trust agents).  Any other use of this API contradicts the intended purpose.

Thanks for the clarification.

Obviously I differ strongly. I can accept that a mere permission is not enough for such a criticial operation. But you could well offer locking levels as an argument to lockNow(int level), and choose the maximum level as the default behavior.

There is definitely a significant amount of user demand for apps that allow to lock the device without using the power button. To name a few: broken buttons, with gloves badly accessible buttons, and hells yes, because you can! :-) Yet users want their trust agents to continue working!

I understand that historically lockNow() was before trust agents, and I understand that your default implementation is the safest possible one. But that doesn't rule out reasonable expansion, so I'd like to call out to you guys once more and plead for rethinking this!

I agree to #116

I'd like to add that my device is much less secure now, since instead of using fingerprint to unlock, I alsways get a foallback pattern unlock, which isn't very secure.
Why don't I use password? Because I cannot type password 100x a day.

Adding locking levels as a parameter to lockNow() would be a satisfactory solution for everyone. Please, be more flexible and try to fix this issue. I can also confirm, there are many users waiting for a solution. And what devs can offer now is only damaging the reputation of Android.

Also affected by this issue on my Galaxy S7. I'd like my screen to wake-up when I get a notification. Unfortunately, Android does not support this by default for all apps.

I'm using a very good app for this, called Glimpse. But due to the issue as described in this post, I run into this problem, which can't be solved by the author of the app, unless Google changes the default behavior of Android. My issue:

"installed Glimpse and it seems to do exactly what I want, but I run into two problems with it on my S7:

After displaying the notifications/turning on the screen, when it turns the screen back off, it locks my device.
That on itself is expected I guess, but on the S7 then the following happens:

1)      After Glimpse locks it, I can’t use my fingerprint anymore to unlock it, I can only unlock it with my PIN, and
2)      I have set-up Trusted locations on my device, which normally means I don’t have to use my fingerprint,
or PIN, to unlock, and it will stay unlocked at those locations. This also does not work anymore."

come on Google... any developer can solve this problem in 5 minutes

[Comment deleted]

Super annoying..if you think lockNow() should be used in a safe way, then why not provide a new api just for turn off the screen?

I have a solution for root users:
https://play.google.com/store/apps/details?id=nl.matthijsvh.screenoff

I use this method (requires root!):
try {
   Runtime.getRuntime().exec(new String[]{"su", "-c", "input keyevent 26"}).waitFor();
    } catch (IOException | InterruptedException e) {
}

I have the same issue and it makes the fingerprint totally useless of you use soft button luck screen apps. This is frustrating

Galaxy S7 edge affected. Fingerprint unlock does not work if the screen is locked using an app instead of power button.

I´ve tested it on my Nexus 5x with Android N Preview 5 and it has the same issue

Giving lockNow() different levels of security would be the perfect solution as #116 says

I also have this issue on my Nexus 5X when using "Screen Lock"

Check: https://play.google.com/store/apps/details?id=com.simi.screenlock

My friends say this is not a bug. That makes me very sad =(. But I'm glad I found people having the same issue. plzz google fix this naao. I also do have super cancer =(

Please google add different levels of security to lockNow(). All our applications for lock screens are being unuseful now.

So you say it's security concerns, Google? Well, this is the ONLY reason why I still keep root on my device. With root, I can still use a third party app to lock my device and keep Smart Lock working. However, my device is also a bit more vulnerable because of me keeping root (as you for sure know, judging from your attempts to improve SafetyNet and trying to reduce the number of people who still root their devices). With recent Android updates you guys pushed Android so far that I wouldn't need to keep root anymore, if it wasn't for this issue.

So please, as other already suggested, consider adding different levels of security to lockNow(). I understand that this isn't the intended use of the API, but it's extremely convenient. With many devices having power buttons on weird places (my phone has it on the back), it forces us to use third party apps so that we can comfortably lock the device without having to e.g. pick the phone up from a table. I'm using double tap on my launcher's home screen (Nova Launcher's gesture) to lock the phone. The original pre-installed OEM's launcher on my phone (I have an LG device) had this feature built-in, too - and it was actually working without root (perhaps because the launcher was a system app and had access to LG's framework, who knows). Since AOSP tends to "adapt" features from OEM stock ROMs, I expect Pixel/Nexus/GoogleNow Launcher to have double tap gesture to lock the device as well, sometime in the future. And when the Google Launcher teams decide to implement it, they would need an API for that. An API which can simply be there already, accessible for other launchers as well.

Again - please, just think about it for a moment. Although your intended purpose for the API was different, the Android users and app developers found another use for it. You have a perfect opportunity to implement something the users are asking for. I honestly don't see this as a security concern, since you could limit the use for a specific type of apps only (for launchers, e.g.). It's not a bad idea. Try to think outside the box for a while, and you might agree with us.

I completely agree with this comment (#131). I am in a very similar situation (used an LG G2 in the past that had this feature baked in) but I haven't gone as far to root my phone as that stops Android Pay, which I rely upon. Also too many hassles for too little reward these days, Android has advanced really well. Implementing this would definitely be another step in the right direction. I cannot see how it would weaken security...

Many smartphones have bad hardware buttons. Specially the nexus 5. Many people are facing a lot of problems with those. Please fix this. Believe this problem runs for 10s of thousands of people.

Same here, please fix it, Google

Please fix it, Google

same problem here

s.manat2527@gmail.comดีมากขอบคุณ

https://docs.google.com/forms/d/1DFARlatgNLRKaKWSodFe21zmohzrfeAVOPGpOJCafCQ/edit?usp=drive_web (ฟอร์มไม่มีชื่อ)

https://docs.google.com/spreadsheets/d/1QFhrK3XqfWEsG2cMA6xDSfRe-1XyR6mWvjZOPM5yWbM/edit?usp=drive_web (ฟอร์มไม่มีชื่อ)

Please fix, very annoying!

I have the same problem...

I just fixed this on my phone by uninstalling the Gmail app, which I don't use anyway.

What didn't work:  previously I followed some other site that recommended to disable Google Smart Lock in Security/Trust Agents, reboot to recovery and wipe the cache partition, reboot and enable Google Smart Lock. This did not fix the issue.

Still there..

5/22/2018 still waiting for a fix

In the present scenario, Can any one suggest an app (any app will do) which does a screen lock (after a screen timeout or no, is immaterial to me) and then i can unlock it using fingerprint scanner or using a trusted device (lets say a bluetooth headphone)?

If it matters then I have got an Android 7 on my Samsung A series device.

Frankly its a big headache to constantly draw a pattern every time to unlock it (which is what I must do currently) . I have tried so far several apps which assist in locking/blanking the phone in certain situations (e.g. pocket or flat on desk etc).


THis is true for every app that I have used on Android Lollipop

Gravity Screen, etc do NOT work as desired

Nova Launcher

I still Wish Google can provide one method to lock the screen but has no effects on smartlock.:)

I finally found a solution with this app: Screen Lock (one touch to lock screen) by Simi Studio. It works on Smasung's latest phones.

Android 9 finally added a solution for this (or a workaround, it depends on how you look at it). A new AccessibilityService global action was added for locking the device [1], [2]. Nova Launcher already has a screen lock method using this service action in the latest beta, and it allows for locking the device and keeping fingerprint unlock and SmartLock working.

What sucks, though, is that users of your app have to enable the accessibility service for your app. And having any accessibility service enabled breaks Snackbar animation [3] (it no longer slides on the screen, it just appears there without any animation).

[1] https://developer.android.com/about/versions/pie/android-9.0#a11y-convenience-actions
[2] https://developer.android.com/reference/android/accessibilityservice/AccessibilityService#GLOBAL_ACTION_LOCK_SCREEN
[3] https://issuetracker.google.com/issues/37092972

K1er33zaza@gmail. com

Smart sketc

سلام