CyanogenMod developers remove code that logged device screen-lock patterns
The development team of CyanogenMod, a popular community-built Android firmware, discovered and removed a line of code that posed potential security risks because it logged and stored device screen-lock patterns in a file.
The unwanted line of code was added back in August in CyanogenMod version 10, which is based on Android 4.1 (Jelly Bean), as part of a new feature that allowed the size of the lock screen's dot grid to be configurable -- for example from the default 3x3 size to 6x6.
"The line of code has been introduced by a respectable member of the Cyanogen community and I don't suspect it has been added with malicious intent," Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, said Tuesday via email. "Most probably, it is a snippet of code used during debugging and forgotten when committing the code."