home Software Applications Is Your Android Device Really Secure?

Is Your Android Device Really Secure?

Nov 28, 2015

This post is also available in: עברית (Hebrew)

We have written before about China building its own secure smartphone ecosystem – including a homegrown operating system and even processing chips – all to circumvent possible backdoors installed in the devices by American intelligence agencies. New revelations show that their fears are not far-fetched. The risk, however, is not embedded in the hardware level, but at the astonishing level of control Google has over Android devices.

A report from the New York District Attorney’s Office on smartphone encryption and safety shows that Google can remotely unlock at least 74% of Android devices, and perhaps the percentage is much higher.

At the behest of law enforcement authorities, Google can bypass a user’s security passcode and provide investigators with access to the device.

“Forensic examiners can bypass passcodes on some of those devices using a variety of forensic techniques,” the document reads. “For some other types of Android devices, Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device.”

Smartphones running Android 5.0 (codenamed Lollipop) or higher are more secure against the possible intrusion because they use full disk encryption, the document says. In practice, however, encryption is not always turned on because it can hinder performance.

The real questions raised by these revelations are what other capabilities Google has that we as yet know nothing about, and what risks they pose in the case they are discovered and exploited by less benevolent actors. With our lives becoming increasingly centred on our smartphones, with the entirety of our lives stored on them – banking details, intimate photos, and private conversations to name just a few examples – a malicious attacker exploiting these capabilities could wreak havoc and sow destruction on our existence.