VULNERABILITY DETAILS
CrOS devices in developer mode allow users to leave an ARC app that has the screen pinned via virtual terminals, thus defeating screen pinning. Once the virtual terminal is open, the user can log into the device, including as root. This happens in all versions of CrOS, not just the dev channel. Screen Pinning (See Screen Pinning at https://developer.android.com/about/versions/android-5.0.html) should not allow developer mode windows to be opened. If for any reason it does happen, the ARC app should get notified via a chance in the activity lifecycle (https://developer.android.com/reference/android/app/Activity.html) where the activity changes and the onPause() and onResume() methods should be called. 

VERSION
chrome 55.0.2883.7 (Official Build) dev (64-bit)
chrome OS 8872.6.2 (Official Build) dev-channel cyan

REPRODUCTION CASE
1. Put a CrOS device into developer mode following instructions at https://www.chromium.org/chromium-os/poking-around-your-chrome-os-device
2. Create an Android app that pins the device and install it on the chrome device. This app should override onPause() and onResume() and when called, onPause() and onResume() should only be called when the app has not pinned the device.
3. Launch the ARC app and ensure the device is pinned. Press ctrl-alt-f2, ctrl-alt-f3, or ctrl-alt-f4. All 3 of these combination open a new virtual terminal and allows you to log into the device.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION