Last weekend had a lot of startling news for the world. If you missed what the Manhattan district attorney's office had to say about Android phone security in Reddit, then read on. What most people got to read was this excerpt:
"Forensic examiners are able to bypass passcodes on some of those devices using a variety of forensic techniques.
For some other types of Android devices,Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device."
However, this statement need some more context for it to be clearly understood. There is another part to this statement, as ZDNet reported. It read,
"For Android devices running operating systems Lollipop 5.0 and above, however, Google plans to use default [device] encryption, like that being used by Apple, that will make it impossible for Google to comply with search warrants and orders instructing them to assist with device data extraction."
See full PDF report here.
The Next Web reported that this means that 74.1% of all Android phones in the world today can be remotely accessed by Google as these phones run on an older version of the operating system. Users of iPhones have it a little better. All devices running on iOS 8 and higher cannot have their passcodes bypassed by Apple. Full disk encryption is also enabled by default.
For their part, Google had already previously announced that that its Lollipop 5.0 upgrade two years ago would enable encryption by default. This is done via "zero-knowledge encryption" and is called as such because phone makers would have zero knowledge of the encryption keys. This would force law enforcement to go to device owners themselves rather than hack through Google.
