I have been baffled for years about why the general design of android is so weak from a security perspective.
To begin, it is pretty much a requirement to have a very simple lock screen pattern, since most people must access the phone quickly and frequently, often with one hand or while doing other things. It is simply unrealistic to have a long complex pin or swipe pattern. Sure, some have fingerprint sensors, but not all do. Most simple swipe patterns can be determined just by the smudge on the screen, so locking a phone is minimally secure.
That would be ok if you could secure your most important apps behind something stronger. However google pretty much forces you to be logged into email at all times. If you don’t use a throwaway account dedicated just to your phone, but rather use your real email, as in the same one you use for banking and other things, that could be big trouble.
This means realistically, anyone can steal your phone, unlock it with the smudge pattern then just get right into your email and potentially get all your bank info, perform password resets, etc.
It seems like such a blatant and unbelievable weakness, yet it exists. I don’t understand why it is designed like this.
I think it is obvious you should be able to have a basic low security swipe pattern unlock to access the phone in general to make simple calls, play games, etc. However you should be able to have your more important apps strongly locked, and should absolutely not have email logged in and accessible with no password prompt.