Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | The Best Holiday Gifts | Best Fitness Trackers Under $50 | Complete Guide to Facebook Privacy

Top News Stories

author photo

Google Can Remotely Access Unencrypted Android Devices

by on November 27, 2015
in Privacy, News, Phones and Mobile, Tablets & eReaders, Operating Systems, Blog :: 4 comments

Encryption key with passwordNearly three out of four Android smartphones or tablets can be remotely instructed by Google to wipe themselves clean, according to the Manhattan District Attorney’s Office.

In a report on smartphone encryption and public safety published this month, the district attorney’s office said that Google can remotely reset about 74 percent of Android devices. Specific devices that are easily managed this way include those that run Android 4.4 KitKat or earlier versions of Android, are not encrypted and are not secured with either a password or PIN. Although Google isn't likely to reset devices for random reasons, some people worry that Google even can —  and will, if the law compels it to.

If your device runs Android 5.0 Lollipop or later, it may be out of Google’s reach. Most Android 5.0 devices have full-disk encryption turned on by default, and the encryption prevents Google from remotely resetting such devices.

Encryption, which the U.N. considers a human right but which some say needs back doors to counter crimes such as terrorism, provides a strong way to protect data by locking the data with an encryption key. No data goes into or out of your Android device’s encrypted disk drive without the right encryption key.

Not all manufacturers enable full-disk encryption on Android 5.0 devices, even if the option is available. For such devices, remote resetting from Google can still occur.

Devices less prone to remote resets run at least Android 6.0 Marshmallow (including the latest Nexus models), which leave the factory with full-disk encryption enabled by default. Neither Google nor other prying eyes ought to be able to access the data on such devices.

In the Android 6.0 Compatibility Definition document updated on Oct. 16, 2015, Google made full-disk encryption mandatory on devices that support it and Advanced Encryption Standard (AES) crypto performance of at least 50 MiB/s. The encryption must be enabled without any further action from the user right after setting up the device.

Full-disk encryption has been around since Android 3.0 Honeycomb. Google has been pushing hard for requiring full-disk encryption on Android devices and nearly succeeded in making it standard when Android 5.0 Lollipop was rolled out.

In contrast, iPhone users running iOS 8 or higher have full-disk encryption enabled by default. Neither Apple nor anyone else can easily bypass a PIN or password used to secure the device.

If you need to encrypt your Android device, you can find the option in either Security or Storage in the Settings menu.

[Image credit: Key with password via Shutterstock]



Discussion loading

Backdoors for warrant driven law enforcement searches are warranted

From James Monroe on November 28, 2015 :: 2:30 pm

To believe democratic governments’ law enforcement agencies should not be able to gain remote access of a user’s device with a warrant has the ill intended effect of supporting terrorism, human trafficking, pedophilia and child exploitation, and the list goes on…

Reply

avatar

It's not that simple.

From Josh Kirschner on November 29, 2015 :: 12:47 am

Even if you support the notion that law enforcement should be able to access devices with a warrant by undermining encryption with backdoors, the risks it takes outweigh the benefits. First, of all, you have the impossible task of separating “valid” law enforcement requests from “invalid” ones. Are warrants from France valid? How about Russia or China, who have a history of politically motivated prosecutions?

And then there is the bigger problem of ensuring only law enforcement agencies have access to those backdoors. If there is one thing we’ve learned about computer security in the last five years, it’s how adept hackers are at finding faults to undermine it. That is why experts in the security industry are so vocally against creating backdoors - the potential harm from hackers is far greater than whatever benefits (largely unproven, by the way) would be offered to law enforcement.

Reply

Extremely valid points... I never

From James Monroe on November 29, 2015 :: 1:09 am

Extremely valid points… I never said it was simple.

As with all laws, citizens within a country would be under the purview of that country’s borders.  The one thing everyone needs to realize is there is always going to be a compromise between security and privacy… if you live in the U.S., a good analogy would be the Secret Service detail for POTUS. 

Many don’t realize it because it’s second nature to all, but laws and regulations aren’t there for the 100%... they’re there for the 10%, much like advertising’s 90/90 rule: 90% of the people, 90% of the time.  Laws and regulations are there for the 10% of people that have issues following them.

It really comes down to a simple question: is an individual willing to give up a small [potential] part of their privacy to prevent child sex rings and trafficking? What about human trafficking?  Sex slavery?  Terrorism? 

...Of which, in all likelihood, a user would never be affected by it or have their privacy breached.  The law of averages shows this would only affect a minute percentage of users involved in felonious activities.  Should specific legislation specific to accessing electronic devices need to be enacted to cover warrants for electronic devices? Absolutely. 

I don’t know about any other countries’ laws, however unless one believes the U.S. government is out to get them, there’s no legitimate reason for a user to balk at such a policy when in all likelihood they will never have such a warrant issued against their devices. 

We have three branches of government for a reason, just as there’s a reason our military must always be under civilian control… these weren’t ideas [now legislation] pulled out of someone’s hat just because.  Our government in America is unique and one of a kind… we have the longest standing constitution for a reason… that reason is checks and balances that ensures our government is both for the people and by the people.

Reply

"Should specific legislation specific to

From James Monroe on November 29, 2015 :: 1:16 am

“Should specific legislation specific to accessing electronic devices need to be enacted to cover warrants for electronic devices? Absolutely.”

I should have said updated legislation, as while we do have legislation for accessing electronic devices, they’re obsolete, severely outdated, and are currently used outside the intended purposes for which the laws were written for.

Reply

© 2015 Techlicious LLC. Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us | Terms of Use | Privacy Policy

site design: Juxtaprose