Home » Android » Hey Thieves! There Is No Point in Stealing Android ’15’ Phones

Hey Thieves! There Is No Point in Stealing Android ’15’ Phones

by Gaurav Bidasaria
0 comment

Android 15 is fast approaching us and there are numerous features the devs have baked into it. But all those features are useless if your phone is stolen. Once that happens, all that remains to be done is factory reset the phone and set it up as a new device. Google remedied it with Factory Reset Pass (FRP) but thieves found their way around it. But Google is now closing the loop for good with Android 15.

Learn how FRP works before moving on with Google’s new FRP 2.0 feature for Android 15.

How FRP Works

A simple example for you to picture.

You are walking down the road with eyes glued to the screen. A thief seizes an opportunity to snatch your phone and runs away with it. The first thing you do is lock your Android phone. You can do that remotely using the Find My Device application. It works in Chrome or any browser where you are signed into your Google account.

Now, the thief can’t unlock the phone but doesn’t have to. He will factory reset the phone and set up a new Google account. Yes, anyone can factory reset the phone using Recovery Mode without needing to unlock the phone. To remedy that, Google introduced something called FRP or Factory Reset Pass. FRP requires that you remove the Google account before resetting the phone. If you reset the phone without removing the Google account first, FRP will kick in and prevent unauthorized usage of your phone after the reset.

To Samsung Users: We have a list of eligible Samsung Galaxy phones to receive the Android 15 update with One UI 7 skin atop.

FRP mandates that to use the phone, one must enter the original Google account’s sign credential set up by the owner. Since the thief doesn’t have access to your Google account credentials, the phone is useless to him.

So far, so good. But there is a flaw in the plan and smart thieves have figured out ways around Google’s clever mechanisms. The wild internet is riddled with tricks to bypass the FRP challenge and even the setup process altogether negating any security that came with it. While Google and big OEMs like Samsung have closed several of these loopholes via patches pushed through OTA updates, the issue continues.

With Android 15, Google is taking FRP one step further. How?

Google’s New Twist on FRP

Google wants to change the game instead of chasing thieves down the rabbit hole with Android 15. Here’s what happens when a phone is reset without removing the Google account first:

  • Installing new apps is not allowed.
  • You can’t set up a new pin or password to lock/unlock the phone.
  • Adding new Google account is also prohibited.
  • FRP will still activate even if ‘OEM unlocking’ is enabled.
  • FRP will still activate if you find a way to bypass the setup process leaving only one way to deactivate FRP that is to authenticate the Android phone using Google account.

With the last change in the FRP and how it activates, Google seems to have made it nearly impossible for thieves to bypass the setup process. Even if they do manage to bypass it, the phone will be pretty much unusable as you can’t install apps, sign in to a Google account, and use it as a normal phone. No one wants to buy an unusable or partially usable phone.

Also, while it is unclear how this works – FRP requires a secret key stored in the “userdata” partition and “persistent data” block. The key is needed every time the phone is booted. And if you try to wipe the partition clean, the only way to recover the key is to sign in to the Google account (one that was signed into before the phone was stolen) where another key is stored matching the one on your phone.

Is It Foolproof Then

Well, the answer is both yes and no. For now, it seems that Google has found a novel way to end the menace making it nearly impossible but it remains a never-ending struggle. I am pretty sure hackers will find new and interesting ways to bypass even this but until that day comes, your smartphone is useless to anyone who thinks of stealing it.

You may also like