Security researchers from the University of Pennsylvania have demonstrated how passwords entered on touchscreen devices can be revealed by analyzing smudges left behind by your fingers. Graphical passwords like the one used by Google's Android OS are very vulnerable to this attack, the researchers found that they could decipher the phone's password 92 percent of the time by photographing the screen and adjusting the contrast to enhance the pattern. If your touchscreen device has sensitive data, it may be a good idea to wipe the screen every once in a while.
"Touchscreens are touched, so oily residues, or smudges, remain on the screen as a side effect," the report said. "Latent smudges may be usable to infer recently and frequently touched areas of the screen – a form of information leakage."
The researchers tested Android handsets because the Google OS uses a graphical password, with users tracing a pattern on the phone to unlock the device. In ideal lighting conditions, the researchers managed to decipher the phone’s password 92% of the time by taking photos of the screen and bumping up the contrast.