The Manhattan district attorney’s office continues to put the pressure on technology companies after claiming that both Apple and Google can unlock smartphones when requested by law enforcement.

However, the office admitted the technology giants can only unlock the smartphone passcode if the device is not encrypted.

Remote Unlocking?

The claims that Google could remotely unlock some Android devices running older Android operating systems if a court demands access to it, were made in a document published last week by the New York District Attorney’s Office.

The document also alleged that Apple can and will unlock smartphones and tablets when ordered to do so by a court, if the devices are not encrypted. However Apple needs to physically access the device. Also, any device using iOS 8 or higher can’t have its passcode bypassed by Apple, and full disk encryption is enabled by default.

But it is the idea that Google can remotely unlock older Android smartphones that is alarming many.

Indeed, the document alleges that 74 percent of Android devices (running older Android operating systems) could be unlocked without user permission. It should be noted that any devices using Android 5.0 and newer cannot be remotely unlocked.

“Forensic examiners are able to bypass passcodes on some of those devices using a variety of forensic techniques,” said the document. “For some other types of Android devices, Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device.”

“For Android devices running operating systems Lollipop 5.0 and above, however, Google plans to use default full-disk encryption, like that being used by Apple, that will make it impossible for Google to comply with search warrants and orders instructing them to assist with device data extraction,” it said.

The document was released last week by Manhattan District Attorney Cyrus Vance Jr, who initially called on Apple and Google to use weaker encryption levels on smartphones or indeed backdoors to allow law enforcement to access any information stored on the device.

The document also detailed the difficulty of getting passcodes from defendants in criminal cases.

Inaccurate Assumptions

But Google has hit back and said there were a number of “inaccurate assumptions” that “75 percent of Android devices can be remotely unlocked by Google.”

“I read a few articles today that said ’75 percent of Android devices can be remotely unlocked by Google’ and I immediately thought ‘wait, that doesn’t sound right’, said Adrian Ludwig, from Android Security on a Google Plus posting.

“The articles relied on some inaccurate assumptions,” he said. “Here are the facts. Google has no ability to facilitate unlocking any device that has been protected with a PIN, Password, or fingerprint. This is the case whether or not the device is encrypted,  and for all versions of Android.”

“Google also does not have any mechanism to facilitate access to devices that have been encrypted (whether encrypted by the user, as has been available since Android 3.0 for all Android devices, or encrypted by default, as has been available since Android 5.0 on select devices),” he added. “There are some devices (far fewer than 75 percent, although we don’t have an exact number) that have been configured to use a “pattern” to unlock.”

“Until Android L, “pattern” unlock did provide a recovery option with the Google account. This recovery feature was discontinued with Android L, he said. “Also, the lost pattern recovery feature never applied to PIN or Password so if you are on an earlier model device and don’t want to use the pattern recovery feature, you can switch to a PIN or Password and it will be disabled.”

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

8 hours ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

9 hours ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

10 hours ago

Elon Musk Wants Staff Names Of Twitter’s Bot Counters

Fight with Twitter, sees Elon Musk's legal team requesting names of those employees who calculate…

12 hours ago

Former Twitter Executive Convicted Of Spying For Saudi Arabia

Spying scandal. Former Twitter executive found guilty in San Francisco courtroom of spying for Saudi…

15 hours ago

Meta Raises $10 Billion In Bond Offering

First ever bond offering sees Facebook parent Meta Platforms raise $10 billion, as it seeks…

17 hours ago