We'd seen this for ourselves earlier this year, but now it's been proven by science: grease marks, touchscreens and swiped passcodes do not a secure Android phone make.
In "Smudge Attacks on Smartphone Touch Screens" - which must have been more fun to name than to write - University of Pennsylvania researchers tested how easily passwords could be extracted from an Android touchscreen using a variety of methods. The answer: very, very easy. Your oily fingers leave a trace so distinct that partial passcodes were, in one set of experiments, identifiable 92 per cent of the time.
You've got a couple of options to combat the security risk: one would be to wait for Froyo and its delicious QWERTY password option. The other? Turn your entire screen into a grease mine so that no pattern emerges. Who knew the KFC Double Down was the best bodyguard your phone ever had? [UPenn via Techdirt]