Lethal Lollipop: Android 5.0's built-in opt-in kill switch

By JC Torres/Oct. 16, 2014 3:30 am EST

Google has just unleashed Android 5.0, lovingly called Lollipop, and everyone is happy. Well, not exactly everyone. Those rooting for rival mobile platforms will probably be amused at a bigger target of criticism. Those who still don't believe in smartphones or tablets are unlikely to care. But if there would be anyone with the biggest frown on their faces, it could be potential thieves, thanks to Google's most recent moves to step up the crusade to combat and deter smartphone theft. But are they really enough?

A kill switch is basically a way, whether software or hardware, to render a device unusable and wipe data on it in case of theft or loss. But more than that, a kill switch now also implies that the phone remains unusable without the authorization of its proper owner so that no amount of factory resets or reformatting will circumvent the security feature. Apple was the first to implement such a feature, precisely because its devices were so ripe for the picking, but other manufacturers and platform makers have followed suit.

Google is making the same features available in its latest Android version, which still has to roll out to devices, at least for those that manufacturers plan on updating. The first is being called "Factory Reset Protection". This feature would prevent anyone from doing a factory reset of the device without the proper credentials. These come in the form of a Google ID, which almost all Android users would have when they first setup the phone. One flaw in this system, though, is that the protection only kicks in when the phone's screen is locked, making it still possible to do so if the miscreant managed to snatch the device while still hot from a the user's hand.

The second layer of protection is more about the user's data and is actually a two-edged sword as far as the government is concerned. New devices that will come with Android 5.0 will have data encryption on the device storage enabled by default. This way, hackers will have no way to access data stored on the smartphone even if they do manage to get into the system. On the flip side, however, since the key to decrypt the phone's data isn't stored in Google's servers, no amount of warrants behind users' backs will yield fruit.

The problem with Google's current kill switch implementation, at least the first part, is that it is all optional, which means users will be required to not only turn on the features themselves, they also have to be aware that they exist. That might change in a few months however. In 2015, the State of California will implement its kill switch bill, which will require all devices sold in the jurisdiction to have such anti-theft measures enabled by default. Considering it would be too tedious to have a different variant of devices sold just for that State, manufacturers and carriers are more likely to just flip the switch to "on" from the get go anyway.

SOURCE: Forbes