Skip to main content

Google can bypass security on all Android systems that don't use full-disk encryption

Android Phone
Here’s a great reason to switch phones and upgrade to the latest version of Android: At least 74 percent of the Android devices out there can be remotely reset by Google if law enforcement orders the company to do so. The discovery was made in a document released by the New York District Attorney’s Office.

Included in that percentage are all older Android phones running 4.4 and lower. However, Google told the Next Web that remote reset only worked on phones secured with a pattern (not a PIN or password) with older versions of Android. Most devices that run Android 5.0 and up cannot be remotely reset because they enable full-disk encryption by default.

Here’s the catch: Encryption isn’t a mandatory setting in Android 5.0. Some manufacturers don’t enable it, even if it’s an option. In other words, the estimate of 74 percent could actually be low, meaning even more devices are open to remote resets. Luckily, in the case of Android 6.0 Marshmallow, all devices ship with encryption enabled, making them safe from prying eyes.

Google revealed that encryption would be mandatory in a recent Android Compatibility Definition Document. The compatibility document describes various elements of Android 6.0 and defines how it is intended to run on a variety of devices. Those devices that support full-disk encryption and Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, full-disk encryption must have this feature enabled by default. Full-disk encryption utilizes a key for all data that is stored from the disk. Data must pass through the key and be encrypted or decrypted before any data can be either written or pulled into system processes.

Encryption is something that Google has wanted to make mandatory on Android for a while, and the company almost got it completely enforced as a standard when Android 5.0 Lollipop rolled out just a year ago.

The feature’s addition to Android 6.0, along with fingerprint sensors on new phones, have combined to create a higher standard in security than was previously available. Full-disk encryption is not a new feature to Android, but the enforcement of the policy in the setup experience certainly is.

Security aficionados, privacy advocates, and corporate users welcome the higher security standard that the technology provides. The security level also raises the bar that government and police agencies must go through in order to retrieve data from seized devices.

Editors' Recommendations

John Casaretto
Former Digital Trends Contributor
John is the founder of the security company BlackCert, a provider of SSL digital certificates and encryption products. A…
Don't count smartwatches out just yet: New Android Wear watches may boost sales
huawei watch 2 news mwc 2017  25

It's been a common refrain for almost a year, now: The smartwatch industry died before it hit its stride. Case in point? Market analysts at IDC reported that Apple, one of the most successful smartwatch makers on the market, saw sales of its eponymous Apple Watch fall from 3.9 million in 2015 to just 1.1 million in mid-2016. But if rosier projections turn out to be true, smartwatches and wearables might finally come around over the next few months.

According to a new report from Canalysis, people will buy 18 percent more smartwatches in 2017 than they did the previous year, driving total annual sales to rise to $10 billion. Specifically, the firm expects shipments of as many as 28.5 million smartwatch units this year, and a subsequent decline in sales among traditional watchmakers.

Read more
Security firm identifies over 100 malware-infected Android apps, but don't panic
Mobile Malware

While many users are more aware of the threat of mobile malware today than in years past, and Google has made significant strides in protecting phones from those toxic apps, the risk never completely goes away. Vulnerabilities can present in the unlikeliest of ways, as this report from security firm Palo Alto Networks explains.

The company cites 132 apps on the Google Play Store that feature malware -- though not the kind that could actually do any harm to your smartphone. The reason being, these apps attempt to install a Windows executable file, which Android devices do not support.

Read more
Don’t worry if you lose your connection — Google for Android will save searches
Google Pixel XL

Your curiosity knows no bounds -- not even those of your mobile connection. Google knows this, which is why the search giant has updated its Android app to save your searches even if your Wi-Fi or cell signal can't save itself. On Wednesday, Google Product Manager Shekhar Sharad authored a blog post in which he revealed, "Now on the Google app for Android, even if your search fails, Google will deliver your results as soon as a connection is available -- so you can keep searching with a single tap."

Previously, if you were to drive through a tunnel or walk into a dead zone while looking something up on Google, you ran the risk of losing your search query altogether. Sure, retyping your question wasn't the end of the world, but it could certainly be frustrating, especially if you'd landed upon a particularly fruitful string. But now, Google has updated its app to save search results as soon as they're retrieved, even if you lose connection or turn your phone to airplane mode. "So the next time you lose service, feel free to queue up your searches, put your phone away and carry on with your day," Sharad explained. "The Google app will work behind the scenes to detect when a connection is available again and deliver your search results once completed."

Read more