Google can remotely bypass the passcode of at least 74% of Android devices
Google can reset phones running older versions of Android and locked with a pattern lock
In a document prepared by the New York District Attorney’s Office, they have disclosed that Google has the ability to bypass device passcode of devices running older versions of Android if it is compelled by a court order, but only if they are locked using a pattern. However, devices running a newer version of Android can use full disk encryption on which the remote reset doesn’t work.
Looking at the impact of full disk encryption on access for law enforcement, the document points out that phones and tablets running Android software released prior to Android 5.0 are vulnerable to resetting. Even though this doesn’t apply to all Android devices, it still encompasses a large portion – affecting all devices running anything lower than Android 5.0 (roughly 74%).
“Forensic examiners are able to bypass passcodes on some of those devices using a variety of forensic techniques. For some other types of Android devices, Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device.”
According to the Android Developer Dashboard, 74.1 percent of devices are still using a version of Android that can be remotely reset at any time. Even though users need to keep in mind to turn on the disk encryption setting. This way investigators can gain access to data on the device.
The Manhattan District Attorney’s Office expects this to go up since Android 6.0 Marshmallow comes with encryption enabled by default.
Google can’t remotely reset phones secured with a PIN or passcode, meaning the number of affected devices could be lower.
A post from Google’s Adrian Ludwig attempted to clarify the situation.
He said: ‘Google has no ability to facilitate unlocking any device that has been protected with a PIN, Password, or fingerprint.
‘This is the case whether or not the device is encrypted, and for all versions of Android.
‘Google also does not have any mechanism to facilitate access to devices that have been encrypted (whether encrypted by the user, as has been available since Android 3.0 for all Android devices, or encrypted by default, as has been available since Android 5.0 on select devices).
‘There are some devicesthat have been configured to use a “pattern” to unlock. Until Android L, “pattern” unlock did provide a recovery option with the Google account.
‘This recovery feature was discontinued with Android L.
‘Also, the lost pattern recovery feature never applied to PIN or Password so if you are on an earlier model device and don’t want to use the pattern recovery feature, you can switch to a PIN or Password and it will be disabled.’
However, using a ‘variety of forensic techniques’, the forensic examiners are able to bypass passcodes on devices insists the reports.
Meanwhile, iPhone users are likely safe, as any device using iOS 8 or higher can’t have its passcode bypassed by Apple, even if the company receives a warrant. Also, the full disk encryption is enabled by default.
To enable full disk encryption on newer devices, Android users can go to ‘security’ or ‘storage’ sections of the settings, though it does vary by manufacturer. It will slow your hardware down a little, though.