Sony's New My Xperia Theft Protection Digs Deep
Smartphone theft is a never ending problem and manufacturers and carriers are always scrambling to implement the best solution to both solve it as well as prevent it in the first place. Both iOS and Android have varying solutions, but, in the case of the latter, most of it is moot once the device has been subjected to flashing. Sony's new anti-theft feature, similar to Android 5.1's Device Protection, tries to plug up that hole, making it impossible to use a stolen device without the proper credentials, even after it has been wiped clean.
Flashing is akin to reformatting a computer and reinstalling software on it, a destructive process that naturally removes and software-based security locks like Google's Android Device Manager or Sony's old My Xperia. The new My Xperia Theft Protection, or MXTP for short, however, digs into the bootloader of the device, the very first part that gets run once a phone is started up. The bootloader normally remains intact when flashing a device, and tampering with it can potentially render a device useless anyway.
MXTP works by requiring authentication, using the Google credentials associated with the Sony Xperia account, even during the boot process. When the device enters into Lockdown mode, all apps are stopped, no outgoing calls can be made, incoming calls get diverted to voicemail, and the USB port can only be used for charging.
Lockdown can be automatically triggered under a specific set of circumstances. If someone does a software repair or flashing process on the device, MXTP kicks in. If someone also deletes the associated Google Account, the device locks down as well. Naturally, modifying MXTP settings or disabling it will ask for authorization. And, of course, owners can trigger it from the Xperia website, in case of theft. That said, if MXTP kicks in after the device has already been wiped, there is no longer any way for the user to locate it as the software has been reset. They can only prevent the theft or anyone else from using it.
As with many security features, this might run afoul of users who legitimately flash their device for one purpose or another. Of course, they would have the necessary credentials to unlock or even turn off MXTP, though it remains to be seen how much that will affect the process. In fact, MXTP is automatically disabled on devices with unlocked bootloaders, a process that Sony allows but not without the usual warnings. At the moment, MXTP is only available on three devices, the Xperia M4 Aqua, the Xperia C4, and the Xperia Z4 Tablet.
SOURCE: Sony
VIA: Xperia Blog