Here’s how Android 15 blocks thieves from bypassing factory reset protection

3 months ago 26
Photo of a Pixel 7 Pro in recovery mode in front of an Android plushie

Mishaal Rahman / Android Authority

TL;DR

  • Factory reset protection is getting several key upgrades in Android 15 to make it harder to bypass.
  • Google made it so bypassing the setup wizard no longer deactivates factory reset protection, among other changes.
  • These changes will make it harder for thieves to sell stolen phones.

If a thief snatches your phone from your hand and runs off, there isn’t much you can do to recover it. Once your phone is out of your hands, the first thing you should try to do is remotely lock it so the thief can’t get access to any of your data. If you manage to lock it, then the only thing the thief can do with your phone is try to sell it. Thankfully, Google made it difficult for thieves to factory reset Android devices in preparation for selling them, and in the latest Android 15 update, the company may have just made it basically impossible.

Android has a security mechanism called factory reset protection (FRP) that is activated when you first associate a Google account with your device. It kicks in when the device undergoes an untrusted factory reset, such as a factory reset triggered from recovery mode. This is because anyone can trigger a factory reset through recovery mode, even if they can’t unlock your device.

Android 15 factory reset from settings

Mishaal Rahman / Android Authority

An example of a trusted factory reset is when a reset is performed through the menu in the Settings app.

When factory reset mode kicks in, the setup wizard locks you from completing setup until you sign into the primary Google account that was initially associated with the device. Android stores a key in a persistent data block that survives factory resets, so even if another factory reset is forced on the device, FRP will still kick in. This is why it’s so important to remove your Google accounts before factory resetting your phone if you plan to sell it, because the person you sell your used phone to will be stuck unless they sign into your Google account to remove FRP.

This system all sounds good, but unfortunately, factory reset protection isn’t yet perfect. Even though there’s no way for thieves to extract and use the key needed to pass FRP’s challenge, there are ways for them to bypass the challenge entirely. Over the years, there have been numerous methods to bypass FRP, usually involving convoluted, multi-step processes to skip the setup wizard — and thus side-stepping the requirement to sign into the Google account associated with the device before it was reset.

Google and OEMs find and close these FRP bypasses when they learn about them, of course, but people keep discovering new ones, making this a never ending cat-and-mouse game. That’s why Google’s changes to factory reset protection in Android 15 are so important, as they shore up the security and integrity of the feature, making it more difficult for bypasses to work.

How Android 15 makes Factory Reset Protection better

What exactly is changing in Android 15? Back in May, Google vaguely mentioned an “upgrade to Android’s factory reset protection” that makes it so thieves can’t set up stolen devices “without knowing your device or Google account credentials,” rendering stolen devices “unsellable,” thus “reducing [the] incentives for phone theft.”

While that’s great to hear, FRP already made it so you needed the previous user’s device or Google account credentials. Although Google’s announcement was light on details at the time as to what’s actually changed in regards to factory reset protection on Android 15, I’ve learned that the following changes have been made:

  1. Enabling the OEM unlocking setting will no longer prevent FRP from activating.
  2. Bypassing the setup wizard will no longer deactivate FRP. FRP restrictions will apply until you verify ownership of the device by signing in.
  3. Adding a new Google account is blocked.
  4. Setting a lock screen PIN or password is blocked.
  5. Installing new apps is blocked.

The second change in particular is huge, as many methods to bypass FRP have relied on skipping the setup wizard. I’m not entirely sure how it works, but changes to Android code suggest a secret key must now be presented on each boot to deactivate FRP. A copy of this key is stored in the userdata partition, as well as in a persistent data block. During normal use, Android will present this key to automatically deactivate FRP on each boot, but when the data partition is forcefully wiped from an untrusted factory reset, the user will have to provide a key on the next boot that matches the stored secret. This is done, of course, by signing into the Google account that was associated with the device before it was reset.

The third and fourth changes are also important, as they prevent FRP from being reset even if someone manages to get into Android’s Settings app. Finally, the fifth change will prevent users from using the device like normal even if they manage to bypass the sign-in screen.

Taken together, all five of these changes that Google made in Android 15 will go a long way towards preventing thieves from bypassing factory reset protection. What’s more, Google is letting OEMs extend FRP with their own restrictions, potentially making it even harder to bypass on other Android hardware. A new API has been added that lets OEMs check if FRP is active so they can apply their own restrictions. Hopefully, these changes in Android 15 will make FRP bypasses — and all the stolen phone sales they enabled — a thing of the past.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it's your choice.

Read Entire Article