URGENT Anti Theft bypassed by double tap (ie SWITCHES ANTI THEFT OFF!)

I have a NON rooted Samsung Galaxy S2 (i9100 running Android Ice Cream Sandwich 4.1.2 since August 2013) and have used AVAST ANTI THEFT SINCE SEPTEMBER 2012 without any problems,.

SGS 2 converts long SMS into MMS
Due to SMS free being converted into PAID MMS I downloaded both Handcent & GO SMS PRO on 12/02/2014

I haven’t sent any SMS at all; I just use SMS when I fail to contact the person
Handcent & GO SMS PRO have sat on SGS II for a week

Avast notified me of update today 19/02/2014 and prior to updating I wanted to switch Anti theft OFF to do the update

I then saw the issues re Handcent & GO SMS PRO and uninstalled both prior to the update

On the SGS 2 this is the procedure
Apps/ Avast mobile security (brings up the menu/ ANTI THEFT***/ OPEN AVAST ANTI THEFT/
At this stage you are prompted to enter Avast Pin… but

The phone did not respond when I touched the anti theft I hit it again

THIS IS THE PROBLEM I AM HAVING A DOUBLE TAP ANTI THEFT*** does not bring up the pin but the option to turn off the ANTI THEFT (up can see the yellow issue warning

A double tap ANTI THEFT*** after you exit and return to the same point then brings up the option to enable ANTI THEFT

Still having the problem a double tap on the ANTI THEFT*** toggles Anti Theft on and off WITHOUT entering the PIN
Issue will come up to show deactivation go into stealth mode to show activation

I can turn Anti theft on & off without entering my password
I have switched phone off and on many times but it’s still doing it.

A double tap is bypassing security which was discovered by accident and so disabling all the function that rely on ANTI THEFT being on

Again NON rooted phone did NOT use Handcent or GO SMS or send a text

One tap bring up enter Avast pin a double tap switches Avast Anti Theft off

I am not sure if Go SMS pro and Handcent are supported by message receiver. Anyway, can you please tell us step by step, what happened? I am a little bit lost in your post, thanks.

Hi,

yeah, we heard about this before. I think it’s more present on older (slower) devices, but it’s there, yes. We’ll try to fix it in one of the future updates.

Filip

Re handcent & Go SMS I thought that they were the problem so Avast said Uninstall and they were

On the SGS 2 this is the procedure
Apps/ Avast mobile security (brings up the menu)/ ANTI THEFT***/ OPEN AVAST ANTI THEFT/

At this stage you are prompted to enter Avast Pin… but if you double tap OPEN AVAST ANTI THEFT/ it does NOT bring up “enter Avast Pin”
It switches off anti theft and you can see the yellow issue warning

If you return to this point again you can activate anti theft

The point you need to enter the pin to disable or enable anti theft you bypass entirely with a double tap
A thief could deactivate anti theft by accident

Albeit “old” 1.2 Ghz Dual Core processor and I don’t see how that should bypass anti theft, are you saying that since september 2012 I was unprotected/

Hi,

depends on the definition of unprotected. But I think (and I don’t know that for sure) that the bug was there from the beginning.

Filip

I really want an answer or action to be taken not a debate on semantics

your first reply was rather dismissive and blamed the phone for problem
now another opinion/ guesstimate

Anti theft off means NO remote commands that follow on
NO marking as lost/ no lock phone if sim card change
NO SECURITY

1.2GHz Dual Core is medium to medium / high end and 3rd in Dual Core processors on phones
1.7GHz and 1.5GHz being higher

So if it affecting my SGS 2 it is affecting ALL SGS 2 and every phone whose phone is below 1.2 Ghz Dual Core processor

This is what it means in the real world

I activated GPS AND MAINTAINED A INTERNET CONNECTION
I deactivated ANTI THEFT

I logged onto my Avast account from PC ISSUED REMOTELY “marked my phone as lost” and “lock” device command
BOTH COMMANDS TIMED OUT

Has this affected anybody else? Give it a try now
What you did to resolve?
I don’t know if this is recent or since Semptember 2012

Hi,

if you classify a bug (that has been discovered by 2 from millions afaik) as “not protected” then I guess you in particular were not protected. But you won’t be protected by any piece of software because there are bugs in every complex software out there. If you have AAT and AMS since 2012 then I’m sure you read the information while deactivating PIN protection in AMS that your protection won’t be the same, but you still decided to deactivate it. Action has been taken already. I created a request to change the PIN behavior in all the apps, but noone will promise you when that will be done.

(By the way, for example Nexus 5 has quadcore 2.26GHz processor so I wouldn’t really classify any dual core as high end anymore.)

Filip

Well, it is kind of unusual behavior to tap very quick on the fragment; anyway, if you have mobile security protected with PIN too, this hardly would happen. Anyway, thank you for reporting the bug.