There’s a new interesting revelation in the debate on encryption that was reignited after the disastrous attacks on Paris in mid-November. According to a new report, Google can remotely unlock at least 74% of Android devices if ordered to by authorities – and that percentage might be much higher.
A document prepared by the New York District Attorney’s Office on smartphone encryption and safety that was first seen by The Next Web reveals that Google can remotely reset the passcode on older Android versions, thus allowing investigators to access the contents of a device.
“Forensic examiners can bypass passcodes on some of those devices using a variety of forensic techniques,” the document reads. “For some other types of Android devices, Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device.”
The document says that devices running at least Android 5.0 can’t be reset because they use full disk encryption. But in practice, that encryption is not turned on by default on all devices because it hinders performance. That means Google might also be able to unlock many or even most devices running a newer Android version.
Currently, according to Google’s latest numbers on Android distribution, 74.1% of devices are running a version of Android that’s older than Android 5.0 Lollipop. That means Google can remotely access any of them as long as they’re not upgraded to Lollipop or Marshmallow, and aren’t then encrypted by having the feature manually enabled.
Meanwhile, Apple is unable to bypass security on any iOS device running iOS 8 or later, which means most of Apple’s devices can’t be cracked by Apple even if the company receives a warrant.