Skip to main content

Google can bypass security on all Android systems that don't use full-disk encryption

Here’s a great reason to switch phones and upgrade to the latest version of Android: At least 74 percent of the Android devices out there can be remotely reset by Google if law enforcement orders the company to do so. The discovery was made in a document released by the New York District Attorney’s Office.

Included in that percentage are all older Android phones running 4.4 and lower. However, Google told the Next Web that remote reset only worked on phones secured with a pattern (not a PIN or password) with older versions of Android. Most devices that run Android 5.0 and up cannot be remotely reset because they enable full-disk encryption by default.

Recommended Videos

Here’s the catch: Encryption isn’t a mandatory setting in Android 5.0. Some manufacturers don’t enable it, even if it’s an option. In other words, the estimate of 74 percent could actually be low, meaning even more devices are open to remote resets. Luckily, in the case of Android 6.0 Marshmallow, all devices ship with encryption enabled, making them safe from prying eyes.

Google revealed that encryption would be mandatory in a recent Android Compatibility Definition Document. The compatibility document describes various elements of Android 6.0 and defines how it is intended to run on a variety of devices. Those devices that support full-disk encryption and Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, full-disk encryption must have this feature enabled by default. Full-disk encryption utilizes a key for all data that is stored from the disk. Data must pass through the key and be encrypted or decrypted before any data can be either written or pulled into system processes.

Encryption is something that Google has wanted to make mandatory on Android for a while, and the company almost got it completely enforced as a standard when Android 5.0 Lollipop rolled out just a year ago.

The feature’s addition to Android 6.0, along with fingerprint sensors on new phones, have combined to create a higher standard in security than was previously available. Full-disk encryption is not a new feature to Android, but the enforcement of the policy in the setup experience certainly is.

Security aficionados, privacy advocates, and corporate users welcome the higher security standard that the technology provides. The security level also raises the bar that government and police agencies must go through in order to retrieve data from seized devices.

John Casaretto
Former Digital Trends Contributor
John is the founder of the security company BlackCert, a provider of SSL digital certificates and encryption products. A…
Samsung Galaxy Z Flip 7: the upgrade we’ve been waiting for?
Thre Flip 7 models next to each other

I never really thought that I'd want to go down the route of owning a flip phone, ever since I swore off my Nokia in the early 2000s (you know, the one with the weird felt covering and tiny notification window).

Fast forward two decades, and I'm considering rejoining the race, thanks to the Samsung Galaxy Z Flip 7. Coming in at $1,100, it's not cheap, but it's definitely something different compared to the world of black rectangles, and it it feels like Samsung’s Flip family has finally come of age.

Read more
I used the Galaxy Z Fold 7, here’s why I’m completely smitten
The back of the Galaxy Z Fold 7

We’ve waited several years for Samsung to join the party, but it’s finally here: Samsung has followed rivals like Oppo, OnePlus, and Honor in building a thinner, lighter, and sleeker Galaxy Z Fold 7. It’s an impressive feat of engineering and a major upgrade over previous years.

It’s easy to consider the Fold 7 nothing more than an update to the Galaxy Z Fold 6, but in many ways, it feels like a huge step forward, not just for Samsung but for all folding phones. I spent a few hours with the Galaxy Z Fold 7 in an exclusive preview, and here’s why I absolutely love what Samsung has done this year.

Read more
I tried the Samsung Galaxy Watch 8 series – they’re sleek, but with a lot to prove
Watch 8 on a wrist

Trying out the Samsung Galaxy Watch 8 and Watch 8 Classic is a tough gig - not in terms of it being a hardship to try out two high-end models, but that it's impossible to assess them with only 30 minutes’ use.

I can easily talk about the improved design and the fit of the straps etc, but the real changes are within the health ecosystem, and they'll need sustained testing to really understand if they're any good.

Read more