By 
Smartphone security is one of those hot topics in mobile and ever since Apple introduced their “kill switch” solution to help prevent unauthorized iPhone theft, we’ve been curious to see how Android would follow suit.
Back in August, California’s “kill switch” bill was signed into law, requiring any smartphone manufactured after July 2015 to have a security feature that will allow users to disable a handset if lost of stolen. Google hasn’t been quiet on the issue, stating back in June their plans to implementing a kill switch feature in the next version of Android, now known today as Android 5.0 Lollipop.
We haven’t heard much about it since then, but today the folks at Recode got word from Google on exactly how this security measure will work. More of a pseudo kill switch, the feature — known as “Factory Reset Protection” — doesn’t really kill anything. As the name suggests, all it does is require the user enter in a password before they can perform a full factory reset. It’s still up to users to either have some sort of lock screen security, or lock the phone remotely using the Android Device Manager in the event their phone is ever lost or stolen. This renders the phone useless to the new unauthorized user, but is easily reversible if ever recovered.
It’s still unclear if this method is 100% foolproof, or if a simple factory reset done via recovery or fastboot will bypass the security in Android’s software. In any case, it’s a welcomed addition and one of the many helpful new features arriving inside Android 5.0 Lollipop. We couldn’t be more excited when it begins rolling out early next month.
I don’t see this protecting against a fresh image flash unless somehow they’re able to password protest the bootloader itself.
I think it’s done in the bootlootloader. That’s how it is on iPhones at least. Iirc not even apple can reflash an iPhone if find my iPhone is left on a device…
YEP. I used to work for T-Mobile when that feature came out with IOS7. Had a lot of super pissed off customers.
I’m not so sure I believe that. I think anything can be hacked with time and the right resources.
Can you do that if the phone is encrypted though? I never tried.
Unauthorized theft? Anyway, I’m not so excited to have this. Anything done at the behest of well-intentioned lawmakers who are clueless about the technology they’re affecting is sure to have unintended and undesirable consequences.
I can’t remember where we’ve recently learned that phenomenon first hand… hrmmm… its on the tip of my tongue … :P
I’m all for theft protection. And if it’s done at the bootloader level, with no way for Google or a phone carrier to disable it – the same way they’ve implemented the encryption with the only key being stored on the device, then that’s great for privacy should your phone be taken by a cop. This would make it harder for a forensic unit to try and access that video you took of them, by rooting your phone.
As long as only the owner of the phone can activate the “kill switch” I’m fine with it. If the carrier or law enforcement or hackers can activate it, it’s going to be abused.
Well if the new encryption keys are any indication, Google will put the power in the owner’s hands. Google could care less about what the NSA wants, they’ve been at odds for years. Less trust in their product = people jump ship and run to the competitor. Privacy and security is good for their bottom line.
yea on samsung devices , Odin/Heimdall that thing and you’re good 2 go -_-
But aren’t all Android 5.0 phones are encrypted so you can’t access fastboot without a password?
I’m curious about that. I’ve done some reading saying that root will be harder to achieve on 5.0. I’m waiting to get a Nexus 6 so I can see.
motorola has had this feature since BLUR.
So this will make it illegal to ship phones with outdated versions of Android? That’s a law I can get behind.
Not really, by the time this goes into effect (July 2015), we’ll probably be talking about Android 5.1 or 6.0, but 5.0 will enough to satisfy the law. And obviously manufacturers could use older Android with their own “kill switch” feature added.
My Cerberus laughs at your puny attempts at security
I can’t remember the last time that I authorized someone to steal my phone :O