AOSP's default implementation of the Lock screen with affordances to unlock it (keyguard) appears only on the primary display. In Android 9 (and lower), secondary screens supported a single locking window on a single external display. In Android 10, the Lock screen is expanded to all public secondary displays. The Lock screen remains simple and doesn't support unlocking from secondary screens.
Figure 1. Lock screen on secondary display
Device manufacturers can implement their Lock screen for secondary displays,
provided the fundamental security requirement is fulfilled. When the device is
locked, information should be securely concealed on all displays. There's no
built-in policy or control over what content should be shown or hidden when device
is locked. Therefore, the only secure way of implementing restricted access is to
hide all content behind the Lock screen and locking windows. The only exceptions
are apps that have explicitly opted in to be displayed on top of the Lock screen
Otherwise, there is strong potential to leak information from public and private
While displays can be placed in to different states (
the locked state is global for all displays. As with any device implementation, it should
be obvious to a user when a device is locked (or unlocked). For example, pressing
a power button typically locks a mobile device. A power button should also lock all
internal and external screens.
Because the locking window is owned by SystemUI, it won't be placed on private displays. Owners of the private displays are responsible for hiding the windows and protecting content when a device is locked. The default system implementation only hides activities on private displays by changing visibility.
The locking window on secondary displays is implemented as a Presentation
KeyguardDisplayManager. Android 10 changed
KeyguardDisplayManager#mPresentations to an array that holds all
locking windows for all secondary screens.
has a display-change listener to respond to changes to the available displays and
secure all screens. It's important to immediately lock all connected displays at
any given time so that attackers can't extract user data even with physical access
to the device.
The locking window is displayed on all public secondary displays (see
KeyguardDisplayManager#isKeyguardShowable()). Owners of private
displays are responsible for securing the content when a device is