Google Can Remotely Reset The Passcode For Nearly 75 Percent Of Android Devices, Says Manhattan DA

In an alarming revelation, a report from the Manhattan District Attorney's Office has divulged that Google is able to remotely reset the passcode for over 75 percent Android devices.

Per the report on smartphone encryption and public safety from the Manhattan DA's office, Android-powered devices that run older than Android 5.0 Lollipop OS', can be reset remotely by Google if it is ordered by a court to do so. This means that investigators would be able to view the data of the device easily.

"Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device," notes the report.

The document sheds light on the fact that while devices that run Android 5.0 or above cannot be reset remotely, the older versions can. This is because the older OS versions of Android are not full disk encryption protected and, therefore vulnerable.

Per the Android Developer Dashboard, 74.1 percent of Android-powered devices are susceptible to remote resets as they continue to deploy an Android version which is vulnerable such as KitKat, Jelly Bean, Ice Cream Sandwich, Gingerbread and Froyo.

Interestingly, only 0.3 percent of Android devices are currently on the latest Android 6.0 Marshmallow which has default device encryption.

Google previously said that its Android 5.0 Lollipop OS would have full-disk device encryption enables by default, but the same got delayed.

"Full-disk encryption has not yet been implemented as a default on all Android devices running Lollipop 5.0 and later systems, but has been implemented on certain Nexus (Google-controlled) devices," notes the report.

So considering Android 5.0 Lollipop and Android 5.1 Lollipop is over 25 percent of devices, only Nexus owners have the feature activated by default.

The advantage of the "zero knowledge" encryption is that it will basically compel law enforcers to seek out the device owner and not Google, as the latter would not have any knowledge of the user's encryption keys. Apple for instance has device encryption enabled by default in iOS 8 and above.

Android owners who are worried about lack of default full-disk encryption have two options. First is to purchase a Nexus device or update to a Marshmallow 6.0-powered gadget. The second one is to switch to iOS.

Photo: Rob Bulmahn | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics