All versions of Android older than 5.0 Lollipop could be accessed by Google, according to the document. As 74.1 percent of all devices still use these older versions of the software, the majority of Android users are affected by the discovery. Assuming the target phone or tablet is connected to the Internet, Google could remotely issue a command to the device that would force it to reset its password, letting law enforcement in.
The Next Web spotted the NY District Attorney’s report which states: “Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device.”
Newer Android versions can avoid this by enabling full disk encryption, a feature that isn’t supported in older Android versions. Google doesn’t enable it by default on most devices though so it’s probable that the number of devices it can remotely access stands at a figure considerably higher than 74.1 percent of the total pool.
The NY District Attorney document also takes a look into the state of security on the iPhone. It found that devices running iOS 8 or newer are likely to be impenetrable as they feature full disk encryption enabled by default. Phones still running older iOS versions could theoretically be accessed but the majority of users stay on the latest version, reducing the number of people who could have their passwords remotely reset by Apple. In contrast, the nature of the Android ecosystem means many devices never get updates that could add in features like full disk encryption.
It should be noted that just because Google can reset user-generated Android passwords remotely doesn’t mean that it ever has. The ability means that law enforcement could force Google to cooperate and unlock a suspect phone if asked to in court, knowing in advance that the firm has the power to do so.
Whole device encryption has become a topical issue recently as the U.S. government has ordered Apple to unlock an iPhone. The technology company has consistently refused to do so as it is afraid that obliging could set a precedent that prevents users from controlling their own data.
Magistrate Judge James Orenstein has said he doubts he can force Apple to decrypt the iOS 7 handset. Apple has previously told Judge Orenstein that accessing a phone running iOS 8 or newer — where encryption is on by default — would be “substantially burdensome” and “impossible to perform.”
Technology companies remain at odds with law enforcement agencies who say having a “back door” into devices would make it easier to track suspects in investigations. The companies have consistently argued that such a back door would be impossible to create without compromising the user’s privacy and making it easier for malicious hackers to gain access to the device.
