Manhattan DA report details how Google can remotely reset most Android passcodes

23.11.2015
The Manhattan district attorney’s office made a bold claim in a recent report that sparked another fire in the ongoing encryption debate.

The report (about smartphone encryption in general, and not Android in particular) details how authorities could gain entry to one’s Android smartphone by compelling Google to comply with a court order:

“Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device.”

Technically, Google can be forced to comply with such orders, though it only can do so with devices that aren’t encrypted. Also, Google is unable to remotely read data all the data stored solely on your device like text messages or photos that are only saved locally: authorities would need to have the phone in hand in order to view such content. In other words: Google can't remotely access all the contents of your phone for the government, but it can unlock your phone so that the law enforcement agency can access that data itself. 

Google still can, however, be forced to turn over Gmail or other Google account data if compelled by a court (whether your phone is encrypted or not).

This report gained a lot of traction because it applies to the vast majority of Android phones out there: Google only started requiring encryption with Android 6.0 Marshmallow (the initial plan was to do this with Lollipop, but technical issues got in the way). According to the Android Developers Dashboard, Marshmallow is only on .3 percent of devices. A few devices with Android 5.0 Lollipop ship with encryption enabled, while many others do not.

Apple made full disk encryption standard in iOS 8, but the feature is far more widespread on iPhones than Android phones, since Apple makes all the hardware and controls software updates.

Fortunately, you can turn encryption on, even if you have an older device that’s running KitKat. Encryption is a good practice because eventually you’ll trade-in or sell off your phone, and it makes it nearly impossible for someone else to access any remnants of your data still on the device.

Why this matters: Understanding such distinctions in how encryption works and what you can do to secure your device are important to avoid the common fear, uncertainty, and doubt that plagues this debate. The bottom line is if device encryption and reliable security updates are important, get a Nexus device. To make the choice easier the Nexus 6P is one of the best Android phones out there, so you get a great phone and the latest security features.

(www.greenbot.com)

Derek Walter