Device Lock Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android, iOS | MASVS-RESILIENCE-1 |
Overview
Device Lock Detection identifies when a device does not appear to have a secure lock screen configured. A missing PIN, password, pattern, or biometric-backed lock increases the risk that anyone with physical access to the device can open the app and view sensitive data.
When device lock risk is detected, AppTego applies your configured response.
When To Use It
Use this control for:
- Banking, payment, wallet, healthcare, identity, government, and enterprise apps.
- Apps that store or display sensitive local data.
- Password managers, authentication apps, secure messaging, or approval workflows.
- Compliance programs requiring baseline device security before access.
How It Works
The protected app uses platform-supported device-security signals to determine whether a secure device lock is configured. Public documentation does not expose exact API calls, scoring behavior, or monitoring details.
The control does not set a device lock for the user. It lets the app warn, log, restrict, redirect, or close according to your policy.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Device Policy Detection section. Under this section you will find the Device Lock Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"DeviceLockDetectionResponse": {
"protection": false,
"detection": true,
"action": "logout",
"title": "Device Lock Required",
"message": "Please enable a PIN, password, or biometric lock before using this app.",
"buttons": ["Enable Lock", "Exit App"],
"actions": ["redirect", "logout"],
"redirects": ["device_settings", ""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables device lock detection. |
protection | Included for schema consistency with other controls. |
action | Selects the response style, such as logout, restrict, alert, or log. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- Device lock state can differ across OS versions, OEM builds, and managed-device policies. Test with your target device fleet.
- Some test devices and emulators may not represent production lock behavior accurately.
- Device Lock Detection is not a root or jailbreak check. Pair it with Root Detection and Jailbreak Detection for device-integrity coverage.