Smartlock in Android Lollipop, Other Developers Can Improve It?

Recently I had everything you need to know about Smartlock in Android Lollipop, the smart unlock your Android device using devices, persons or trusted sites nearby. The curious thing is that the way in which it is implemented gap to think that other developers can expand their use.

The key is to Setup-> Security menu there is in going to trust agents and hence enable “Smartlock (Google)” in order to access these features. May a developer include your app in this list of trust agents? ¿Cómo?

Agents of trust, a private API

Seen that in trust agents is a list that we can enable them but only appears Smartlock (Google) the clear question is if we could create an application that embeds into the list so it give us alternative “Smartlocks”.

The answer is Yes but no. We will first explain what a trusted agent and how it works in Android. Everything is quite well documented in the official documentation of Android.

A trusted agent is a service that notifies the system about believes that the environment is trusted. The own agent is who defines what is “confidence”, the system simply believed that says this agent. When the agent determines that the environment is reliable it says the system with a call, and then the system relaxes security conditions. Today this means avoid the pattern, PIN or password unlock.

To accomplish all this, there is a specific API. But, and here the explanation of the “Yes but not”, It is not in the public part of the SDK. I.e., it is only available for applications of the system, trust agents have to be integrated in the system ROM.

It can be improved Smartlock?

This is the big question, do we need more things that do not have Google Smartlock? The response to my is clear, Yes. Google has made a good implementation of this security agent, we have removed the unlock if you are on Wifi, if we have a connected Bluetooth device, NFC, we are in a particular area or if recognize our voice or our face. But there are things that are outside.

The best example is that many devices Bluetooth LE do not maintain a permanent connection with our Android and can not be chosen as nearby security devices. There remain within Fitbit products, that is today a leader in wearables.

Other ideas that I can think of is the Elimination of the release of security when we are connected to a specific mobile phone base station, when we select a widget (for example with a time limit), when connected to a charger… ideas there are many better or worse, and it is clear that Google can not experience with all.

Here a good idea from Google would be to open this part of Android to third-party applications, showing a good warning of safety, and allow developers to implement their crazy ideas. Some could be good and work, others would perhaps be forgotten.

How could we see future alternatives to Smartlock?

What is clear is that Google has left space for alternative to Smartlock trust agents, we can see it clearly when see us a list which, at the moment, only contains an element. How could we see alternatives to Smartlock?

The first thing is in the ROMs. It is clear that trust agents are limited to system applications, but developers of ROMs do precisely that, System applications. They could implement in their ROMs complementary applications or alternatives to Smartlock without many problems. The only downside is that we would continue limited by the ROM we choose.

The second possibility is that Google will open the door to agents of trust in normal, and therefore downloadable applications on Google Play in future versions of Android. It is clear that in Lollipop, we only had a first version and have a list of these agents gives clues where Google shots could go. Are we seeing a movement in this sense today in the presentation of Android M? It would be nice.