Amazon's Prime Exclusive Moto G5 Plus has a security flaw baked into a lockscreen ad making it easier than one would think to bypass the lockscreen and get into the phone. The process is actually rather simple which perhaps makes the whole thing more alarming. According to users who have the Prime Exclusive Moto G5 Plus as well as the Prime Exclusive Moto G5, the process starts by trying to unlock the phone with the fingerprint sensor, and once the sensor doesn't recognize the fingerprint, you can press the power button and then tap on the button on-screen that says view lockscreen ad, which leads to the phone granting access to the user and the lock being bypassed.
In the video below, you can see the bypass in action which takes less than a few seconds to go through the entire process. Going through the steps above, once the "view ad" button is tapped, it unlocks and goes straight to Amazon to view the product that was being advertised, at which point the user can just tap the on-screen home button and it will go straight to the home screen.
This presents quite a problem in the event that your phone is lost or stolen, but then again it's worth remembering that first the phone would have to be lost or stolen, and the person who has possession of it at that point would also have to know about this particular bypass, and that's assuming that the flaw isn't patched by the time someone were to get a hold of your device. So while this is an issue it's not one that should necessarily worry too many users as there are a few things that would need to fall into place. For example, Moto Display needs to be enabled and if it's not then this bypass will not work. In addition to this, you have to tap the view ad button pretty quickly after hitting the power button, and if not then the screen will just lock again. That said, you can avoid having this be a security issue if you disable Moto Display, though that would keep you from getting to use the feature. There's no indication of when or if this will get a fix from Amazon.
The issue seems to be directly related to the On-Body detection feature that you'll find in the settings. According to Amazon who reached out to Motorola to help recreate the issue, after disabling the on-body detection feature, it's not possible to bypass the screen lock through the "view ad" button as shown in the video below.