But Android is still converting those gestures to something that's basically a key which can be exposed to a brute force attack.
Android uses a nine cell unlock pattern which gives you roughly 16 bits. A four digit numeric key gives you between 13 and 14.
So while it's better it's not moving it into the realms where a brute force attack of this nature is off the table, it just goes from about 40 minutes to about 4 hours.
Given that in most instances where this sort of attack is being used the attacker will have stolen the phone and therefore there's no practical time limit, that's not a useful improvement.
Android uses a nine cell unlock pattern which gives you roughly 16 bits. A four digit numeric key gives you between 13 and 14.
So while it's better it's not moving it into the realms where a brute force attack of this nature is off the table, it just goes from about 40 minutes to about 4 hours.
Given that in most instances where this sort of attack is being used the attacker will have stolen the phone and therefore there's no practical time limit, that's not a useful improvement.