Google already has vast troves of data on everyone in the world. A couple of our favourite Android apps also dole out our location data to advertisers from time to time. But Google’s grip on its Android users may be much worse than we know or have imagined. A new report shows that Google can remotely reset passcodes for 74% of Android phones allowing law enforcement agencies to remotely view content on the said devices.
Of course, this ceding of access can only be done if Google had been ordered to do so by a court.
According to the document prepared by the New York District Attorney’s office, “Forensic examiners can bypass passcodes on some of those devices using a variety of forensic techniques. For some other types of Android devices, Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device.”
The paper examined the impact of the new full disk encryption the tech companies are baking into their new operating systems. According to the study, Google is unable to bypass passcodes (even when served with a warrant) in devices running Android 5.0 or higher because of the full disk encryption. With older operating systems however, it’s open season.
According The Next Web, quoting figures from Google’s Dashboard, 74% of Android users run versions of Android older than Android 5.0. However, the encryption is not turned on by default, which means the percentage of users whose phones can be bypassed may be higher.
The reason the encryption is not turned on by default is because it hinders performance. User can manually enable it in their device settings.
You may be surprised at the percentage of Android users using older versions of Android. The percentage is high because Android updates are often left to OEMs’ approval and customizations. OEMs have been known to take their sweet time in pushing out the updates which means users often get updates late, if at all. This is unlike Apple which pushes out updates to all its devices without another layer of filtering by OEMs.
In Apple devices, things aren’t as bad. Apple is not able to bypass security on most of its devices because most are running the iOS 8 or later which have full disk encryption. The feature is also turned on by default.