> the OS could "forget" the password only when the user begins the unlock
> procedure that way the background process could continue to check
> messages and activate alerts, and a pickpocket would still be locked out
> but it still requires the user to enter a passphrase, PIN code, gesture,
> or some other form of credential every time he or she picks up the phone
> to do anything. That level of inconvenience seems to be anathema to most
You can configure Android to request a PIN every time it wakes up. I use this. Seems to me that if you encrypt the persistent password storage, and forget the plaintext password on wake-up until the PIN has been entered as you suggest, this problem is solved for the security-conscious users who use a PIN. Then if you care about security, use the PIN.