With the Pixel 6a now available in stores, some buyers have noticed that any fingerprint is able to unlock their new phones in a rather worrying security lapse by Google.
Last weekend, two reports out of India emerged about the Pixel 6a’s under-display fingerprint sensor (UDFPS) allowing anyone to unlock. This includes people who did not register their fingerprints ahead of time.
Just today, following the Pixel 6a launch in 13 countries, there are — so far — six additional reports of this happening. They range from being able to unlock with a different finger that was not registered to being able to unlock another person’s 6a. One person said the issue did not occur again after removing all saved fingerprints and re-adding them.
The majority of buyers do not appear to have this issue with the Pixel 6a. We’ve thoroughly tested four Pixel 6a units and have been unable to replicate the problem. This suggests only some phones are affected and points to a hardware issue, with Google changing the sensor for the 6a.
The fact that this is occurring on actual units shipped to customers is concerning. That said, the software (or hardware) between review and retail units do not appear to differ. Google on Thursday released an update that brings the Pixel 6a to the June security patch, up from April’s. However, builds for manual installation are only available in Japan and for Verizon. As of Saturday, we’re still waiting for the global update and a version for AT&T and T-Mobile phones.
It’s unclear if that update will resolve the issue, or whether there’s a deeper hardware problem on affected phones. This could be a case of a bad batch of fingerprint sensors. If it’s indeed that, replacements will need to be sent out. Hopefully, Google would be able to proactively identify what devices are affected and automatically initiate the process. Meanwhile, a software bug would result in an easier fix for all parties involved.
In terms of a short-term workaround, those with this issue can disable fingerprint unlock (Settings app > Security > Fingerprint Unlock > delete) and just use PIN or password unlock. From what we can gather today, this problem does not emerge out of the blue and you either have it or you don’t.
9to5Google reached out to Google for comment today, but did not hear back before we published.
More on Pixel 6a:
FTC: We use income earning auto affiliate links. More.
Check out 9to5Google on YouTube for more news: