With the Pixel 6a now in stores, some buyers have realized that any fingerprint can unlock their new phones in a rather worrying security lapse by Google.
Last weekend, two reports emerged from India about the Pixel 6a’s under-display fingerprint sensor (UDFPS) that allows anyone to unlock it. This includes people who did not register their fingerprints ahead of time.
Just today, after the launch of the Pixel 6a in 13 countries, there are, so far, six additional reports of this. They range from being able to unlock with a different finger that wasn’t registered to being able to unlock someone else’s 6th. One person said that the issue did not reoccur after removing all saved fingerprints and re-adding them.
Most buyers don’t seem to have this problem with the Pixel 6a. We thoroughly tested four Pixel 6a units and were unable to replicate the issue. This suggests that only some phones are affected and points to a hardware issue, with Google changing the sensor for the 6a.
The fact that this is happening to the actual units being shipped to customers is concerning. That said, the software (or hardware) between the review and retail units doesn’t seem to differ. Google released an update on Thursday that brings the Pixel 6a to the June security patch, since April. However, builds for manual installation are only available in Japan and for Verizon. As of Saturday, we’re still waiting for the global update and a version for AT&T and T-Mobile phones.
It’s unclear if this update will fix the problem or if there’s a deeper hardware issue in the affected phones. This could be a case of a bad batch of fingerprint sensors. If so, replacements will need to be sent. Hopefully, Google could proactively identify which devices are affected and automatically start the process. Meanwhile, a software bug would result in an easier fix for all parties involved.
As for a short-term workaround, those with this issue can turn off fingerprint unlock (Settings app > Security > Fingerprint unlock > remove) and only use PIN or password unlock . From what we can gather today, this problem doesn’t come out of the blue and you either have it or you don’t.
9to5Google reached out to Google for comment today, but did not hear back before publication.
Learn more about Pixel 6a:
FTC: We use automatic affiliate links to earn income. Month.
Check out 9to5Google on YouTube for more news: