[staindk]

I think out in the real world they are insecure because it's easy to shoulder-surf and get a peek at the pattern being input. Overall they are probably similar to pin codes... some people just have 0000 as their pins, or draw an L for a pattern.

Sending a phone in for repair negates the shoulder-surf issue but yeah.

Perhaps Google just has a backdoor.

[lvs]

I think it's easy to guess patterns because people all use one of a small number of simple patterns. Everyone uses the geometrical equivalent of hunter2 or 123456, but they irrationally think it's more secure because it's a pattern.