The ability to display widgets within the locked screen was present through Android KitKat. Sadly, this useful feature is not in the latest Android OS.
Security and functionality have always had a tenuous relationship. In order to be absolutely functional, a system must allow everything. To make a system truly secure, it must allow nothing. The most secure server is one disconnected from all network connections and buried in a hole. Obviously, that is unusable, but remains soundly secure.
The newest Android version (at the time of this post) has opted for security over functionality in many features. These devices are locked down beyond the control of the user, which is largely fine. I personally have been guilty of allowing an app to have vastly more permissions than it needed simply to listen to my music or play my game.
One instance where security has been enforced over functionality is on the locked screen. Vulnerabilities found in the lock screen functionality allowed users to bypass security controls and gain access the phone’s data. Despite usage of pattern, PIN, password, or face detection on a locked screen, previous versions of Android OS were proven to remain vulnerable to these types of attacks. By exploiting lock screen vulnerabilities, full access to the device may be obtained, even if encryption is enabled on the device.
Therefore, functionality has been removed by preventing apps from having access or displaying data on the locked screen.
For me, this added steps to my daily routines. The last thing I do before going to bed is check to make sure the alarm on my phone is set. In Marshmallow, I am forced to unlock the phone, browse to the alarm app, and scroll down to see which alarms are on or off. Having a multi-step process to check an alarm is not convenient. There is a small icon in the top right of the phone to indicate than an alarm is set. Note that the stock alarm app has an icon in the corner of the screen. Not all alarm applications allow this functionality, nor are they all recognized by the phone as alarms and displayed on screen. Additionally, from that icon alone I cannot know which alarm will go off, or when.
Widgets and Screensavers
One solution is to download a widget and apply it as a screensaver. I found the free widget, DashClock, containing the desired features, namely the ability to display the next alarm that will sound. Previous versions of Android allowed customizations of the locked screen by sliding the screen. This is not an option with Marshmallow. To apply the workaround of displaying the widget as a screensaver, go to:
Apps > Settings > Display and Wallpaper > Screensaver
Turn this option on and choose the widget to apply. In my case, I selected DashClock Widget. I also selected to use the screensaver both while the device is docked and when it’s charging. On the Display and Wallpaper menu, I set the Screen Timeout to 30 seconds and wait for the widget to appear.
At this point the phone is locked, requiring anyone to press the power button and unlock my phone before use. The way screensavers work in Marshmallow, the power button must be hit once to be taken to the blank screen or the Always On Display, depending on how the phone is configured. Then, the user must press the power button again to be taken to the unlock screen. This is still preferable to fumbling through multiple screens in the dark to get to the alarms.
This method is an alternative to achieving the desired functionality. The locked screen is still present and cannot be bypassed. The only difference is a new layer, in the form of a screensaver, appears over the locked screen. Touching any button, except the power button does nothing. Pressing the power button once, turns off the phone screen. Pressing the power button again brings the phone to the locked screen. In this overly secure mode, it is more difficult to for a vulnerability to exist that may grant a user full access to the phone.
Other Alarm Apps that work, sort of
Google’s Clock app and Timely Alarm perform a similar feature as the above widget. They allow for alarms to be set and then display the time at which they will go off within a screensaver. Google’s Clock app does have the nice ability to go into a “Nighttime Mode” in which it puts the phone to sleep and displays the screensaver. Assuming the alarm is set, simply plug in the phone and wait for the device to go into sleep mode and display the screensaver. Otherwise, I must open the app, set the correct alarm to on, plug the phone in, and then let it go into screensaver mode. The multistep process defeats the purpose of using the simplified app.
Is there an easier way?
After a few failed attempts to change the lock screen within Android, I landed on the Echo Notification Lockscreen, Hi Locker, and NiLS Lock Screen Notifications apps. These placed an additional lock screen in front of the existing lock screen. The apps have the ability to display pushed notifications, such as weather or new messages, and calendar events. However, the apps could not display the alarm time in Marshmallow. Newer versions may resolve the issue.
Security: 1. Functionality: 0
I am usually in support of implementing strong security over functions and features.
In this case, I think the hindered user experience is not necessarily worth the tradeoff. Most of these lock screen vulnerabilities require a combination of physical access, time, and misconfigurations. For me, the risk will be low, as I know where my phone is at all times. It is never out of arm’s reach or beyond my line of sight. While I may not be the norm, there should be customizable security options to reduce these annoyances and allow the user to accept some risk for their desired features. I am comfortable with an OS that warns me of such risks. I just want the option to choose and to have my tools working as efficiently as possible.