With the growing number of Android devices being stolen, Google resolved to unveil the current Android 6.0 Marshmallow with a feature known as Factory Reset Protection.
This is basically a kill switch aimed to help with Android security where one can reuse a stolen Android smartphone or tablet. With this feature, it means that only the legit user of an Android device can actually use it even after going through a factory reset. What a great feature it would have been had it not been found to be useless as Android Authority reports.
Vulnerability available on Android N
While the Factory Reset Protection feature is there on paper, it seems anyone can actually bypass it. Furthermore, the same vulnerability has been discovered in the preview version of Android N. The trick works on any device using the latest Android 6.0 Marshmallow that has yet to install the March Android security updates.
This is not the best news for any Android user using the latest OS. If anyone can bypass this Factory Reset Protection feature, it means they can steal your phone, factory reset it, and still use it or sell it without any problems. Google says it has rolled out fixes with the March security update, however, it is the same promise the tech giant gave when the January security update was released.
The question that arises is how many Android users actually go ahead to honor the OTA notification to install the security updates on their devices? There are even probably lots of others who are using the older update and haven’t installed the latest March update.
Non-Nexus Android devices can be breached too
As for now, the mastermind behind this discovery has proved that the bypass can work on quite a number of Android devices including Samsung, LG as well as Google’s Nexus line.
It’s a good thing Google chose to regularly roll out Android security updates to their devices so as to take care of such issues. However, the main problem may come at times where users have non-Nexus devices as the updates and fixes have to go through the OEM and carrier for approval before they can be rolled out. As a result, this might take more time than usual, which could mean these updates will always reach Android users at different intervals.
If you haven’t been downloading and installing the latest Android security patches as rolled out by Google and carriers, it is time you started honoring these notifications, otherwise, you might easily fall victim of this security hole.