Ok Google, why is it so easy, to disable the android device manager security features?

Since 2013, Google is offering the „Android Device Manager“ app / service which is their answer to Apples iCloud remote location / remote lock and remote wipe solution. It should enable the phone owner to locate / wipe or lock their device – as long as it is connected to the internet.

IMHO, it’s unbelievably easy for a thief to disable all these features on an Android phone (as long as it is unlocked).

Google Settings -> Security -> Turn off the options.

Some might say that this is only possible when the device is unlocked and everybody who’s not using a pin code, password or pattern to secure the phone is probably utterly stupid. You’re right. But please don’t forget about the new feature called „smart lock“. This means, the thief only has to bring the stolen device into the range of the owner (smartlock smartwatch) or steal it from a home/workplace (trusted location). In this case, it’s possible to unlock the device without a pin code – as long as the smart lock feature is in use.

Even if you’re not using it: In IT security, we often talk about perimeter security. The pin code/pattern for the device should only be seen as the first line of defense. A pattern or pin is not to too hard to overcome..

So, if a thief steals my phone while i’m in range of my smartwatch, or they nick my tablet at my home, the device will be unlocked – and all the features for remote wipe or lock can be turned off with a swipe of a finger.

I think, this is a bad idea. It should’t be too hard for Google to implement a fix (enter a pincode / password) if someone intends to disable these features. Just like when you have to change the security settings in Android.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.