phillynews215
09-07-2024, 06:37 PM
Factory reset protection is getting several key upgrades in Android 15 to make it harder to bypass.
Google made it so bypassing the setup wizard no longer deactivates factory reset protection, among other changes.
These changes will make it harder for thieves to sell stolen phones.
If a thief snatches your phone from your hand and runs off, there isnt much you can do to recover it. Once your phone is out of your hands, the first thing you should try to do is remotely lock it so the thief cant get access to any of your data. If you manage to lock it, then the only thing the thief can do with your phone is try to sell it. Thankfully, Google made it difficult for thieves to factory reset Android devices (https://www.androidauthority.com/factory-reset-android-1119937/) in preparation for selling them, and in the latest Android 15 (https://www.androidauthority.com/android-15-features-3401939/) update, the company may have just made it basically impossible.
Android has a security mechanism called factory reset protection (FRP) that is activated when you first associate a Google account with your device. It kicks in when the device undergoes an untrusted factory reset, such as a factory reset triggered from recovery mode. This is because anyone can trigger a factory reset through recovery mode, even if they cant unlock your device.
https://www.androidauthority.com/wp-content/uploads/2024/09/Android_15_factory_reset_from_settings-399w-864h.png
An example of a trusted factory reset is when a reset is performed through the menu in the Settings app.
Credit: Mishaal Rahman / Android Authority
(https://www.androidauthority.com/wp-content/uploads/2024/09/Android_15_factory_reset_from_settings.png)
When factory reset mode kicks in, the setup wizard locks you from completing setup until you sign into the primary Google account that was initially associated with the device. Android stores a key in a persistent data block that survives factory resets, so even if another factory reset is forced on the device, FRP will still kick in. This is why its so important to remove your Google accounts (https://www.androidauthority.com/remove-google-account-phone-3055382/) before factory resetting your phone if you plan to sell it, because the person you sell your used phone (https://www.androidauthority.com/how-do-i-sell-my-used-phone-3166776/) to will be stuck unless they sign into your Google account to remove FRP.
This system all sounds good, but unfortunately, factory reset protection isnt yet perfect. Even though theres no way for thieves to extract and use the key needed to pass FRPs challenge, there are ways for them to bypass the challenge entirely. Over the years, there have been numerous methods to bypass FRP, usually involving convoluted, multi-step processes to skip the setup wizard — and thus side-stepping the requirement to sign into the Google account associated with the device before it was reset.
Google and OEMs find and close these FRP bypasses when they learn about them, of course, but people keep discovering new ones, making this a never ending cat-and-mouse game. Thats why Googles changes to factory reset protection in Android 15 are so important, as they shore up the security and integrity of the feature, making it more difficult for bypasses to work.
How Android 15 makes Factory Reset Protection better
What exactly is changing in Android 15? Back in May, Google vaguely mentioned an “upgrade to Androids factory reset protection†that makes it so thieves cant set up stolen devices “without knowing your device or Google account credentials,†rendering stolen devices “unsellable,†thus “reducing [the] incentives for phone theft.â€
While thats great to hear, FRP already made it so you needed the previous users device or Google account credentials. Although Googles announcement was light on details at the time as to whats actually changed in regards to factory reset protection on Android 15, Ive learned that the following changes have been made:
Enabling the OEM unlocking setting will no longer prevent FRP from activating.
Bypassing the setup wizard will no longer deactivate FRP. FRP restrictions will apply until you verify ownership of the device by signing in.
Adding a new Google account is blocked.
Setting a lock screen PIN or password is blocked.
Installing new apps is blocked.
The second change in particular is huge, as many methods to bypass FRP have relied on skipping the setup wizard. Im not entirely sure how it works, but changes to Android code suggest (https://android.googlesource.com/platform/frameworks/base/+/ebe3ba8767153120ab0081654b30dfffea5ed15b%5E%21/) a secret key must now be presented on each boot to deactivate FRP. A copy of this key is stored in the userdata partition, as well as in a persistent data block. During normal use, Android will present this key to automatically deactivate FRP on each boot, but when the data partition is forcefully wiped from an untrusted factory reset, the user will have to provide a key on the next boot that matches the stored secret. This is done, of course, by signing into the Google account that was associated with the device before it was reset.
The third and fourth changes are also important, as they prevent FRP from being reset even if someone manages to get into Androids Settings app. Finally, the fifth change will prevent users from using the device like normal even if they manage to bypass the sign-in screen.
Taken together, all five of these changes that Google made in Android 15 will go a long way towards preventing thieves from bypassing factory reset protection. Whats more, Google is letting OEMs extend FRP with their own restrictions, potentially making it even harder to bypass on other Android hardware. A new API has been added (https://android.googlesource.com/platform/frameworks/base/+/refs/heads/android15-release/core/java/android/service/persistentdata/PersistentDataBlockManager.java#257) that lets OEMs check if FRP is active so they can apply their own restrictions. Hopefully, these changes in Android 15 will make FRP bypasses — and all the stolen phone sales they enabled — a thing of the past.
More... (https://www.androidauthority.com/android-15-factory-reset-protection-upgrades-3479431/)
Google made it so bypassing the setup wizard no longer deactivates factory reset protection, among other changes.
These changes will make it harder for thieves to sell stolen phones.
If a thief snatches your phone from your hand and runs off, there isnt much you can do to recover it. Once your phone is out of your hands, the first thing you should try to do is remotely lock it so the thief cant get access to any of your data. If you manage to lock it, then the only thing the thief can do with your phone is try to sell it. Thankfully, Google made it difficult for thieves to factory reset Android devices (https://www.androidauthority.com/factory-reset-android-1119937/) in preparation for selling them, and in the latest Android 15 (https://www.androidauthority.com/android-15-features-3401939/) update, the company may have just made it basically impossible.
Android has a security mechanism called factory reset protection (FRP) that is activated when you first associate a Google account with your device. It kicks in when the device undergoes an untrusted factory reset, such as a factory reset triggered from recovery mode. This is because anyone can trigger a factory reset through recovery mode, even if they cant unlock your device.
https://www.androidauthority.com/wp-content/uploads/2024/09/Android_15_factory_reset_from_settings-399w-864h.png
An example of a trusted factory reset is when a reset is performed through the menu in the Settings app.
Credit: Mishaal Rahman / Android Authority
(https://www.androidauthority.com/wp-content/uploads/2024/09/Android_15_factory_reset_from_settings.png)
When factory reset mode kicks in, the setup wizard locks you from completing setup until you sign into the primary Google account that was initially associated with the device. Android stores a key in a persistent data block that survives factory resets, so even if another factory reset is forced on the device, FRP will still kick in. This is why its so important to remove your Google accounts (https://www.androidauthority.com/remove-google-account-phone-3055382/) before factory resetting your phone if you plan to sell it, because the person you sell your used phone (https://www.androidauthority.com/how-do-i-sell-my-used-phone-3166776/) to will be stuck unless they sign into your Google account to remove FRP.
This system all sounds good, but unfortunately, factory reset protection isnt yet perfect. Even though theres no way for thieves to extract and use the key needed to pass FRPs challenge, there are ways for them to bypass the challenge entirely. Over the years, there have been numerous methods to bypass FRP, usually involving convoluted, multi-step processes to skip the setup wizard — and thus side-stepping the requirement to sign into the Google account associated with the device before it was reset.
Google and OEMs find and close these FRP bypasses when they learn about them, of course, but people keep discovering new ones, making this a never ending cat-and-mouse game. Thats why Googles changes to factory reset protection in Android 15 are so important, as they shore up the security and integrity of the feature, making it more difficult for bypasses to work.
How Android 15 makes Factory Reset Protection better
What exactly is changing in Android 15? Back in May, Google vaguely mentioned an “upgrade to Androids factory reset protection†that makes it so thieves cant set up stolen devices “without knowing your device or Google account credentials,†rendering stolen devices “unsellable,†thus “reducing [the] incentives for phone theft.â€
While thats great to hear, FRP already made it so you needed the previous users device or Google account credentials. Although Googles announcement was light on details at the time as to whats actually changed in regards to factory reset protection on Android 15, Ive learned that the following changes have been made:
Enabling the OEM unlocking setting will no longer prevent FRP from activating.
Bypassing the setup wizard will no longer deactivate FRP. FRP restrictions will apply until you verify ownership of the device by signing in.
Adding a new Google account is blocked.
Setting a lock screen PIN or password is blocked.
Installing new apps is blocked.
The second change in particular is huge, as many methods to bypass FRP have relied on skipping the setup wizard. Im not entirely sure how it works, but changes to Android code suggest (https://android.googlesource.com/platform/frameworks/base/+/ebe3ba8767153120ab0081654b30dfffea5ed15b%5E%21/) a secret key must now be presented on each boot to deactivate FRP. A copy of this key is stored in the userdata partition, as well as in a persistent data block. During normal use, Android will present this key to automatically deactivate FRP on each boot, but when the data partition is forcefully wiped from an untrusted factory reset, the user will have to provide a key on the next boot that matches the stored secret. This is done, of course, by signing into the Google account that was associated with the device before it was reset.
The third and fourth changes are also important, as they prevent FRP from being reset even if someone manages to get into Androids Settings app. Finally, the fifth change will prevent users from using the device like normal even if they manage to bypass the sign-in screen.
Taken together, all five of these changes that Google made in Android 15 will go a long way towards preventing thieves from bypassing factory reset protection. Whats more, Google is letting OEMs extend FRP with their own restrictions, potentially making it even harder to bypass on other Android hardware. A new API has been added (https://android.googlesource.com/platform/frameworks/base/+/refs/heads/android15-release/core/java/android/service/persistentdata/PersistentDataBlockManager.java#257) that lets OEMs check if FRP is active so they can apply their own restrictions. Hopefully, these changes in Android 15 will make FRP bypasses — and all the stolen phone sales they enabled — a thing of the past.
More... (https://www.androidauthority.com/android-15-factory-reset-protection-upgrades-3479431/)