Google can unlock most Android phones remotely if the government requests it

But perhaps not for much longer.

Feb 29, 2020, 3:41 pm*

Tech

 

Selena Larson

People with Android devices might be a bit frustrated with Google after a report from the New York District Attorney’s office provided detailed information about smartphone security, and Google’s power to access devices when asked to by law enforcement. The report went viral on Reddit over the weekend. 

Google can unlock many Android phones remotely when given a search warrant, bypassing lock codes on particular devices. The report reads:

Forensic examiners are able to bypass passcodes on some of those [Android] devices using a variety of forensic techniques. For some other types of Android devices, Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device.

When compared to Apple devices, which encrypt by default on iOS 8 and later, Google’s seemingly lax protection is irksome. The report continues: 

For Android devices running operating systems Lollipop 5.0 and above, however, Google plans to use default full-disk encryption, like that being used by Apple, that will make it impossible for Google to comply with search warrants and orders instructing them to assist with device data extraction. Generally, users have the option to enable full-disk encryption on their current Android devices, whether or not the device is running Lollipop 5.0, but doing so causes certain inconveniences, risks, and performance issues, which are likely to exist until OEMs are required to standardize certain features.

In October, Google announced that new devices that ship with the Marshmallow 6.0 operating system (the most recent version of Android) must enable full-disk encryption by default. Nexus devices running Lollipop 5.0 are encrypted by default as well. This means that Google is unable to bypass lock codes on those devices. However, because of the massive fragmentation of Android devices and operating systems, Google can still access lots of Android devices running older versions when asked to by law enforcement. 

And despite the encryption updates to the Android compatibility documentation, a number of devices are exempt from full-disk encryption, including older devices, devices without a lock screen, and those that don’t meet the minimum security requirements. 

The number of devices that actually have full-disk encryption appears to be low. Just 0.3 percent of Android devices are running Marshmallow and more than 25 percent of Android devices are running Lollipop 5.0, but most of those aren’t Nexus, according to ZDNet

When compared to Apple, Google’s security appears lacking. Apple made encryption mandatory in iOS 8 back in 2014, which of course extends to iOS 9, its most recent mobile OS update. Data shows that 67 percent of Apple users are on iOS 9, and 24 percent of devices are still on iOS 8. Just nine percent of devices run an older version of iOS. 

Android users are often at the mercy of carriers who decide when to roll out Android updates, which is an obstacle for some Android owners who want the latest OS. 

If you do have a compatible device and want to enable encryption, head over to your security settings and select “encrypt device.”

H/T ZDNet | Image via RGB/Flickr (CC BY 2.0)

Share this article
*First Published: Nov 23, 2015, 3:42 pm