Trivial to bypass lock

Today I learned just how trivial it is to unlock a phone that has been locked with this app.

When I try to use a locked phone it asks for the PIN but gives me the option of sending a request via SMS to the “friend” numbers.

Problem is, that generates a functional code that lasts for 30 minutes, and this code is sent via SMS, and it is visible in the SMS app.

You normally cant see that because the device is locked. But power off the phone and restart it and you have many (10 or more) seconds where you can access everything before the phone locks again. So immediately after rebooting, before the device locks, load the SMS app and view the last sent SMS, copy the temporary PIN and unlock the device.

if there was a way to turn off that “feature” then it would be probably be ok, otherwise its completely useless.

What AMS and Anti Theft version ?
It can be this behavior has changed in the latest version(s).

Well, according to the web dashboard, the mobile security version appears to be 4.0.8139 and the anti-theft version is “1.1 build 7863”

But if I open anti-theft on the device itself and view the “About” page, it says it’s version 3.1.7863

I have a premium license. I have three identical devices (ZTE Axon Pro - Android 5.1.1) plus a Galaxy S5 (also 5.1.1). All running the same versions of Avast.

“Enable support for Android 4.4” is enabled on each device.