Google can remotely reset the passcodes of a large pool of handsets running older versions of its Android mobile operating system if compelled by a court order, a document by the New York District Attorney’s Office revealed.
In the wake of revelations made by whistle-blower Edward Snowden, Google and Apple including other tech giants pledged to make their products and services more secure. Google introduced full disk encryption with Android 5.0, and as per the document, the feature makes it impossible to reset a user’s Android handset. But the company didn’t roll out any feature to protect users on older versions of its mobile operating system.
The document acknowledges that Android 5.0 or newer version makes government authority unable to remotely reset or access a user’s device. While that’s comforting for users, the vast majority of Android handsets are still running a lower version of Android. As per the latest numbers provided by Google via Android Distribution Dashboard, 74.1 percent of Android users are running KitKat or lower versions of Android. Furthermore, not all Android 5.0 devices ship with full-disk encryption on by default.
“For some other types of Android devices, Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device,” the document reads.
Apple ramped up the built-in security features on its mobile operating system with iOS 8 software version. But unlike Google’s Android 5.0 or higher, the adoption of which remains low, 91 percent of iPhone or iPad devices are running iOS 8 or iOS 9 software version, as per the latest numbers provided by Apple. In Google’s defence, the company has made it mandatory for all its partners using Android 6.0 to turn on full-disk encryption by default.
This once again underscores the potential weaknesses in Android ecosystem, which consists of more than 1,000 Android OEM partners, and sees the launch of more than 20,000 distinct models every year, on an average. Apple seeds out update to all eligible devices on the same day. On Android, the rollout of a new version has to get clearance from both an OEM and relevant carrier partners, who usually add their own customised features with the latest version of any Android software, further delaying the release.