Days since MCO

MCO started on Mar 18, 2020


Days till RMCO lifted

RMCO expected to lift on Aug 31, 2020


Our coverage on COVID‑19

We’ve broken the AppLock -Fingerprint- “encryption” and it wasn’t even that difficult


We’ve touched on how good the Nexus 6P’s fingerprint sensor is in the past with its quick unlock speed and high accuracy despite only needing six taps to register your finger. You can also use it to authenticate Google Play as well as Android Pay purchases, but we’ve always hoped it could do more especially since Google baked fingerprint support into Android 6.0 Marshmallow itself.

Thanks to the open API though, now you can use your fingerprint to lock specific apps in your phone — but there’s a catch.

App locking is no new concept. It simply allows you to lock specific applications, requiring either a password or pin to access that particular app. Let’s say, your friends are the nosy bunch and the moment they get their hands on your device, they like to head into the gallery to look at all your embarrassing failed selfie attempts. Thanks to an app locker, you can stop that by protecting access to that application with an app locker. Some devices even have that natively in their Android skin, while others even allow you to lock entire folders of applications.


Entering a password is so last century and developer SurpriseToYou have come up with AppLock -Fingerprint-, an app that lets you (if you’re on Android 6.0 Marshmallow) lock individual applications in your phone with your fingerprint. Although we must note the incredibly sketchy developer name. When I’m using a security app, I don’t really want it to surprise me. To use it, the app requires you to grant it three different levels of access — Apps with usage access, Draw over other apps, and Activate device administrator.


Once in, it’s a simple task of choosing which application you want locked by flicking the toggle next to that specific app. Once you launch the app that you’ve locked, the AppLock -Fingerprint- overlay will draw over the app and ask for your fingerprint.

But, true to the developer’s name, here’s the surprise — when that overlay pops up and “locks” your app, should you receive a banner notification from WhatsApp, the overlay drops and you have access to said “locked” app without ever inputting your fingerprint. What kind of security is this?!

While the fact that this app runs on ads without a way to disable it is a little annoying, I think the far more pressing issue is the fact that you can break the “encryption” with a single banner notification. If, however, that doesn’t bother you and you’re interested in this app, you can get it from the PlayStore. Just, erm I don’t know, turn off your banner notifications in the mean time?