Google may reset Android passcodes remotely, unless you encrypt your device

Martin Brinkmann
Nov 23, 2015
Google Android
|
10

One of the first things that I do when I get a new Android phone is to enable encryption on the device. Actually, that is something that I do on every computer I own provided such an option exists.

The main reason for this is security. While I don't have anything spectacular stored on the device, I want to protect the data on the device from unauthorized access.

This can happen for instance when you lose the phone and don't have it protected properly. The finder may be able to access your messages, photos, videos or contacts, as well as online accounts, accounts associated with the phone and so on.

A report by the Manhattan district attorney's office made the rounds this weekend as it revealed information about smartphone encryption, public safety and the means that law enforcement have to gain access to data on iOS and Android devices.

You find the following information under "attempts to unlock Google devices":

For some other types of Android devices, Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device.

What this means is that Google may reset the phone's passcode remotely if the proper legal paperwork is provided.

But, that is only possible of full-disk encryption is not enabled.

For Android devices running operating systems Lollipop 5.0 and above, however, Google plans to use default full-disk encryption, like that being used by Apple, that will make it impossible for Google to comply with search warrants and orders instructing them to assist with device data extraction.

Full-disk encryption is only enabled by default on Google Nexus devices running Android Lollipop (5.x), and for devices running Android Marshmallow (6.x).

encrypt android phone

Most Android owners may enable full-disk encryption on their device however. Since there are many different interfaces, it is impossible to post a guide that works for all devices.

Usually, you find the option to enable full-disk encryption in the Settings under Security or Privacy. Depending on the device and manufacturer, you may find it elsewhere in the Settings.

Once encryption is enabled on a device, Google may no longer reset the passcode on the device remotely.

Closing Words

Encryption may reduce performance on Android devices and while that is the case, I think that the benefits of enabling it outweigh that disadvantage. While it seems rather unlikely that the majority of Android users will ever come in a situation where Google is requested by law to reset the passcode, it is more likely that encryption will help if the phone is stolen or lost.

Summary
Google may reset Android passcodes remotely, unless you encrypt your device
Article Name
Google may reset Android passcodes remotely, unless you encrypt your device
Description
Google has the power to reset the passcode on some Android devices, provided that these devices don't have full-disk encryption enabled.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Barn25 said on November 25, 2015 at 8:34 am
    Reply

    Only if the devices dont have 64 bit cpus. Part of the arm v8-a spec is aes Acceleration.

  2. iron2000 said on November 24, 2015 at 2:15 am
    Reply

    Doesn’t full-disk encryption slow down the device if it does not have proper hardware support?
    Like the old Nexus 6 and I suspect to some extent the recent Nexus 5X.

    1. Andrew said on November 24, 2015 at 3:33 am
      Reply

      From personal experience (Nexus 4) I didn’t notice much difference.

  3. ilev said on November 23, 2015 at 5:08 pm
    Reply

    removed.

  4. James T. said on November 23, 2015 at 12:33 pm
    Reply

    This is the same Google that will require OEMs to have secure factory reset protection and secure wipe on Android 6.0 Marshmallow in order to use Google Play Services
    unrelated I know

  5. Richard said on November 23, 2015 at 11:51 am
    Reply

    Martin,

    Are there other consequences to whole phone encryption, like issues with rooting or installing custom ROMs afterwards?

    1. Andrew said on November 23, 2015 at 7:23 pm
      Reply

      There are no issues rooting, but if you want to install or even update a rom, you are required to completely wipe the phone.

      1. GGideon said on November 24, 2015 at 6:31 am
        Reply

        You don’t have to wipe if you’re using a custom recovery that supports mounting of the encrypted volume. An example is TWRP.

        Also, most recovery utils already supports the ability to install ROMs or updates even if your /data is encrypted. The update basically saves the ROM image in the disk volume unencrypted and will instruct the recovery which sectors of the volume contains the unencrypted ROM image. Cool hack, BTW.

      2. Christoph Wagner said on November 23, 2015 at 9:58 pm
        Reply

        Which is a major hassle considering how often most ROMs (at least those I use) update.

        But I’m wondering, what is it that gives them this ability? The Play Framework? Something else? And now that it’s out, how long till custom ROMs come with that feature disabled? ;)

    2. Martin Brinkmann said on November 23, 2015 at 12:34 pm
      Reply

      I never experienced any issues but I have not really installed lots of mods on Android to be honest.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.