How Do You Lock Your Phone? Why It Matters — for Security and for Repair

Locking your phone — the first line of defense for your data

A dozen phones pass through our shop every day. Some come with cracked screens, some with worn-out batteries, and some — completely unlocked. No PIN, no fingerprint, no protection of any kind. The owner hands over the phone and says: "Eh, I don't use a lock, it annoys me."

And then I wonder — what would happen if that phone ended up in the hands of someone who is not a shop you trust? On your phone are your emails, photos, banking apps, passwords, private conversations. All of it sits behind a single swipe of a finger that takes you half a second. Or it sits behind nothing, if you have no lock.

In this article I go through all the phone-locking methods — from the weakest to the strongest — and explain why this matters not just for your security, but for the repair itself. Because the way you lock your phone directly affects how we prepare your device for a repair.

Pattern lock — popular, but far from secure

Let us start with what most Android users use — the pattern lock, that swipe of a finger across a grid of 9 dots. It looks intuitive, it is fast, and it gives you a feeling that you have "locked" the phone. The problem is that this sense of security is not justified.

Researchers from Lancaster University, the University of Bath and Northwest University in China demonstrated something alarming: an algorithm using a phone camera from a distance of 2.5 meters can guess 87.5% of Android patterns on the first attempt. Yes, you read that right — on the first attempt. For more complex patterns (which use more dots), the success rate rises to as much as 97.5% within the first five attempts.

How is that possible? The algorithm tracks the movements of your fingers while you unlock the phone. It does not even need to see the screen — it is enough to see how your hand moves. A camera from 2.5 meters is enough. In a checkout line, in a café, on a bus — someone behind you can record your pattern without you ever finding out.

Why are patterns so predictable?

The Android grid has 9 dots and theoretically offers around 389,112 possible combinations. But the average user does not use all 9 dots. Studies show that the average pattern uses only 5 dots, which brings the number of combinations down to about 7,000. For comparison, a four-digit PIN has 10,000 combinations.

But it is not just the number of dots that is the problem. There are clear patterns in how people choose their pattern:

• 44% of users start from the top-left corner — that is the first dot that comes to mind, isn't it?
• 77% start from one of the four corners — a corner is a natural starting point
• Most patterns go left to right and top to bottom — we follow the same pattern as when we read text
• People choose shapes that resemble letters (L, Z, N, M) because they are easier to remember

The result? If you know these statistical patterns, you can eliminate the vast majority of possible combinations and guess someone's pattern with relatively few attempts. Android allows 5 attempts before a temporary lockout — and with a good algorithm, 5 attempts is quite enough.

Smudge marks — the silent traitor

There is another problem people often forget: smudge marks on the screen. When you swipe your finger along the same pattern hundreds of times a day, a visible trace stays on the screen. It is enough to look at the screen at a certain angle of light and your pattern is literally drawn on the glass. This method is so reliable that researchers at the University of Pennsylvania formally documented it as a "smudge attack" back in 2010.

We see this in the shop every day. When a customer brings in a phone, we can often see the pattern on the screen before the customer tells us. Of course, we never use it — but imagine losing the phone on the street.

PIN — better than a pattern, but with its own flaws

A four-digit PIN offers 10,000 possible combinations (from 0000 to 9999). That is more than the average 5-dot pattern, but less than what you think is "secure".

The problem with PINs is human nature. We do not choose random numbers — we choose dates of birth, years, sequences that seem logical to us. And that makes us predictable.

The most common PINs — statistics that scare

An analysis of leaked databases shows dismal results:

• 10.7% of users use the PIN 1234 — one in ten people
• In second place is 1111 at 6.0%
• Followed by 0000 (1.9%), 1212 (1.2%), 7777 (0.7%)
• With just 61 combinations, an attacker can guess a third of all PINs
• The top 20 most common PINs cover nearly 27% of all users

Picture it this way: if you found 100 locked phones on the street and entered just "1234" on each, you would unlock about 11 of them. Add "1111" and "0000" and you have nearly 20 unlocked phones out of 100. With a phone that has banking apps, email and all your passwords — that is a frightening statistic.

A six-digit PIN — a significant improvement

Since iOS 9, Apple switched the default PIN from 4 to 6 digits. That sounds like a small change, but the math is dramatic: from 10,000 combinations you jump to 1,000,000 combinations. That is 100 times more possibilities.

Of course, the same rules apply here too — "123456" is the most common six-digit PIN, but the space for random combinations is incomparably larger. If you already use a PIN, switch to 6 digits. That one extra swipe of a finger drastically increases security.

Password — the most secure "classic" method

Both Android and iOS allow you to set an alphanumeric password instead of a PIN. This is by far the most secure option among the "something you know" locking methods. An 8-character password that combines lowercase and uppercase letters, numbers and special characters has over 6 trillion possible combinations.

The catch? No one will type an 8-character password every time they want to check a notification. That is why a password is best used in combination with biometric methods — set a strong password as a backup, and for daily unlocking use a fingerprint or face recognition.

Touch ID — the biometrics that changed the game

When Apple introduced Touch ID on the iPhone 5s in 2013, it was a turning point. Suddenly, locking your phone did not require remembering anything — just put your finger on the sensor and the phone is unlocked in under a second.

Touch ID uses a capacitive sensor that scans your fingerprint at a resolution of 500 pixels per inch. It scans the subdermal layer (not the surface of the skin), which makes it resistant to fake prints made from silicone or gelatin. Every time you put your finger on the sensor, Touch ID learns and improves its model of your print.

How secure is Touch ID?

Apple states there is a 1 in 50,000 chance that someone else's finger will unlock your phone. That sounds like a small number, but let us put it in context:

• 4-digit PIN: 1 in 10,000 (if random)
• Touch ID: 1 in 50,000
• Touch ID is therefore 5 times more secure than a random PIN

But realistically, Touch ID is far more secure than a PIN in practice, because PINs are never random. When you consider that 10.7% of people use "1234", Touch ID becomes an incomparably more secure option.

What a fingerprint has, and a PIN does not, is uniqueness. Your fingerprint has between 40 and 60 measurable characteristics (minutiae) — points where lines fork, where they end, loops, arches, whorls. Even identical twins do not have identical fingerprints.

Touch ID and phone service

Here is where this becomes relevant for us at the shop: the Touch ID sensor on the iPhone is paired with the Secure Enclave chip on the logic board. That means if you replace the Home button (on older models) or the Power button (on newer ones), Touch ID will not work with the new button unless Apple performs a calibration.

That is why we always recommend that customers keep their original button whenever possible. If only the screen glass is damaged and the Home button is fine, we carefully transfer it to the new screen. Touch ID keeps working without a problem.

Face ID — the future arrived in 2017

With the iPhone X, Apple removed the Home button and introduced Face ID — a face-recognition system that set a new standard in the industry. Face ID does not use an ordinary camera. It uses the TrueDepth system that projects 30,000 infrared dots onto your face and creates a precise 3D map.

Why does this matter? Because an ordinary 2D photo cannot fool Face ID. The system knows the difference between your real face and a photo, a mask, even a realistic 3D sculpture. The infrared dots measure depth — the distance between the nose and the cheek, the shape of the eye sockets, the contour of the jaw — things that cannot be replicated with a photo.

Numbers that impress

Face ID has a 1 in 1,000,000 chance that someone else will unlock your phone with their face. That is 20 times more secure than Touch ID and 100 times more secure than a random four-digit PIN.

Face ID also adapts. If you wear glasses, grow a beard, change your hairstyle — the system learns and adjusts gradually. Apple even added support for masks in iOS 15.4, using the area around the eyes for identification.

Face ID and screen replacement — you must know this

This is something every user should understand before going for a repair: Face ID depends on the TrueDepth camera that is integrated into the top of the screen. When you replace the screen on an iPhone with Face ID, that camera must be transferred and calibrated correctly.

At Viper we use Genuine Apple parts for the models where they are available. Why? Because cheap aftermarket screens can break Face ID. Apple's software checks component serialization — if the screen is not properly paired with the device, you get a warning in the settings, and in the worst case Face ID stops working.

With Genuine Apple screens, Face ID works without a problem after the replacement. Calibration is done through Apple's diagnostic tool, and the phone behaves as if it was never opened. That is the difference between a "cheap repair" that saves you 2,000 dinars and a quality repair that preserves the full functionality of your phone.

Optic ID — the latest generation of biometrics

With the Apple Vision Pro, Apple introduced Optic ID — an iris-recognition system that is currently the most secure biometric method on the market. The iris — the colored part of the eye around the pupil — has over 200 measurable characteristics. For comparison, a fingerprint has 40-60, and the face (for Face ID) uses around 30,000 infrared dots for 3D mapping.

Why is the iris so reliable? Because it forms in the prenatal period and remains unchanged throughout your life. Even identical twins do not have the same irises. The probability of a false match is 1 in 1,000,000, the same as Face ID, but with completely different biology as its basis.

Optic ID uses near-infrared LED light that is invisible and safe for the eye. The scan is instant and works even if you wear glasses or contact lenses. This is a technology that will probably come to the iPhone in the coming years, perhaps in combination with Face ID for multi-layered biometric authentication.

A side-by-side overview of all locking methods

Physical protection — just as important as digital

We talked about digital locking, but there is another dimension of protection people neglect: physical protection of the screen. Because what good is Face ID if your screen is cracked and the touchscreen does not respond?

At our shop we see a direct correlation: phones without a screen protector or a case come in for service significantly more often. One drop on concrete and the screen is done — and with it, often, the functionality of the biometrics.

That is why we recommend a hydrogel film as the minimum protection. At our shop it costs 1,000 RSD with any repair — that is less than the price of one coffee a day over a month, and it protects the screen from scratches and minor impacts. A hydrogel film has a self-healing property — minor scratches disappear on their own within 24-48 hours thanks to the elastic polyurethane material.

For maximum protection, combine a hydrogel film with a quality case. That is an investment of 2,000-3,000 dinars that can prevent a repair of 15,000-30,000 dinars.

How to prepare your phone for service — a practical guide

Now we come to the part directly tied to our daily work. The way you lock your phone affects how we approach the repair. Here is what you should do before you bring in the phone:

1. Back up your data

This is rule number one. Before any repair, make a backup:

• iPhone: iCloud backup (Settings → your name → iCloud → iCloud Backup) or a backup to a computer via iTunes/Finder
• Android: Google backup (Settings → System → Backup) or Samsung Cloud for Samsung devices

Why is this important? Because although we do everything to preserve your data, a repair involves opening the phone, handling components, and there is — however small — a risk. A backup is your insurance policy.

2. Turn off Find My iPhone / Find My Device

This is critical, especially for the iPhone. If Find My iPhone is on and the phone is linked to your Apple ID, we cannot perform certain diagnostic procedures. Apple's Activation Lock prevents anyone (including repair shops) from accessing certain functions without your Apple ID and password.

Before you bring in the phone:

• Go to Settings → your name → Find My → Find My iPhone → turn it off
• You will need your Apple ID password — remember it or write it down
• This does not delete your data, it only temporarily disables tracking

3. Remember your passwords

It sounds trivial, but it happens every day: a customer brings in a phone, we finish the repair, and they cannot log in because they forgot their Apple ID password. Or the PIN. Or the pattern.

Before the repair, check:

• Do you know your Apple ID and password?
• Do you know the PIN/password for the screen lock?
• Do you have access to the email tied to your Apple ID (for verification)?
• Do you know your Google account and password (for Android)?

4. Tell the shop about the lock status

When you bring in the phone, tell us:

• Which type of lock you use
• Whether Find My is turned off
• Whether the phone has an iCloud Lock or Google FRP (Factory Reset Protection)

If the phone is locked with an iCloud Lock, we cannot access diagnostics or finish the repair until the lock is removed. That is not a limitation of our shop — it is Apple's security measure designed to protect your data, and we respect it.

5. Your data is safe with us

I want to stress this: while you wait for a screen or battery replacement, your data is safe with us. Viper has been around for more than two decades, and our reputation is built on trust. We do not access your personal data, we do not look at your photos, we do not read your messages. The phone is used solely for diagnostics and testing after the repair.

But — and this is key — what about when you lose the phone on the street? What about when someone steals your bag on public transport? In that case, the only thing standing between a thief and your data is the screen lock. So please — set it up. Today. Right after reading this article.

Our recommendations for optimal locking

Based on everything we have gone through, here are our recommendations ranked by priority:

For iPhone users:

1. Use Face ID or Touch ID (depending on the model) — it is the fastest and most secure way
2. Set a six-digit PIN as a backup — avoid dates of birth and obvious sequences
3. Enable "Erase Data" — after 10 failed attempts, the phone wipes itself automatically (Settings → Face ID & Passcode)
4. Turn on Find My iPhone — if you lose the phone, you can locate it or wipe it remotely

For Android users:

1. Use a fingerprint if your phone has a sensor — rear, side or under-display, they all work reliably
2. Avoid pattern lock — if you already use a pattern, make it with at least 7 dots and do not start from a corner
3. Set a six-digit PIN as an alternative — same rule: no 123456 or dates of birth
4. Turn on Google Find My Device — a free service that allows locating and remote wiping

Frequently asked questions (FAQ)

Does Face ID work after a screen replacement?

Yes, but only if the replacement is done correctly. Face ID depends on the TrueDepth camera that must be carefully transferred from the old screen to the new one and calibrated. At Viper we use Genuine Apple parts and Apple's diagnostic tool for calibration, so Face ID works completely normally after the replacement. Cheaper aftermarket screens can break Face ID permanently — that is one of the situations where saving a couple of thousand dinars can cost you much more.

Can a shop unlock a phone without the password?

No, and that is intentional. Neither Apple nor Google allow shops to bypass the screen lock. It is a security measure that protects you — the user. If you have forgotten your password, the only option is resetting the phone to factory settings, which erases all data. That is why a backup before service is so important.

How do I prepare my phone for service?

Back up your data (iCloud or Google), turn off Find My iPhone/Find My Device, remember all passwords (Apple ID, PIN, Google account), and tell the shop about the lock status. If you have an iCloud Lock, the phone must be unlinked before service — otherwise we cannot access diagnostics.

Does Touch ID work with a new screen?

The Touch ID sensor is paired with the phone's logic board. As long as the original button (the Home or Power button, depending on the model) is properly transferred to the new screen, Touch ID will work normally. We always keep and transfer the original button unless it is physically damaged.

How secure is a 4-digit PIN really?

Theoretically it offers 10,000 combinations, but in practice it is much weaker. Statistics show that 10.7% of users use 1234, and with just 61 of the most common combinations you can guess a third of all PINs. We recommend switching to a six-digit PIN (1,000,000 combinations) or, even better, using biometric locking with a strong PIN as a backup.

Is face recognition on Android phones as secure as Face ID?

Mostly not. Most Android phones use 2D face recognition via the ordinary front camera, which is far less secure than Apple's Face ID system with 30,000 infrared dots and 3D mapping. The 2D system can be fooled by a photo in some cases. The exception is premium models like the Samsung Galaxy S24 Ultra that have more advanced depth detection, but even they do not reach the level of Face ID.

What happens if I forget my Apple ID password before service?

If you cannot turn off Find My iPhone because you forgot your Apple ID password, visit iforgot.apple.com to reset the password before you bring in the phone. Without that, the phone stays locked by Activation Lock and we cannot access diagnostics. This is a common problem and easily solved — you just need access to the email tied to your Apple ID.

Conclusion — the half a second that saves your digital life

Locking your phone is not complicated. Face ID, Touch ID, a fingerprint — all of it takes less than a second. And that second stands between your data and anyone who comes into possession of your phone.

We often get phones at the shop that have no protection at all — no screen lock, no screen protector. That is like leaving your car open with the key in the ignition. Yes, most of the time nothing will happen. But the day it does — you will regret it.

Set up a lock. Use biometrics. Add a strong PIN as a backup. And when you bring your phone in for service — make a backup, turn off Find My, and remember your passwords. That way you help us give you the best possible service, and you can be sure your data is protected at all times.

If you have any questions about locking your phone, preparing for service, or you want to book a repair — get in touch. We are here for you.