A quite unsurprising revelation from the Manhattan district attorney’s office last week revealed what could be a damning report about the state of privacy for Android users.
According to a white paper from the office, Google has the outright ability to gain backdoor access to the majority of Android devices by just resetting the passcodes that are served as one-time use keys for unlocking an encrypted system.
That means law enforcement authorities have every opportunity to continue to crack down on citizens’ private data as part of their investigative process, even if that means intruding into the privacy of users. This is despite Google’s repeated insistence on its innocence from the government’s attempts at mass surveillance.
The process of resetting the passcodes can be done from a remote server, according to the white paper, and the government can then ask Google to extract data from a device and surrender the information to authorities asking for it.
Although this loophole in the Android security system does not affect the Lollipop 5.0 and above versions of the mobile operating system, which use a default encryption that prevents Google from gaining back door access to the devices, the number of handsets running these Android versions are only minimal compared to the great majority that run the older versions of Android.
So it is still easy for police authorities to request access to sensitive information of users who are using the KitKat and lower versions of the operating system.
When Android Lollipop was released in 2013, Google said the operating system will incorporate encryption by default so that it is the owner that authorities will have to go to when they need information for criminal cases instead of requesting access from Google, sort of leaving behind the onus to users instead of sharing the responsibility of protecting them.
The encryption embedded in Android devices makes Google and the original equipment manufacturers unknowledgeable about what information is contained in an Android handset. This has irked the United States government because it slows down their criminal probe, though there is greater concern for them with Apple devices than with Android.
In fact, Google can still have a participation with the government’s surveillance programs because at least 75 percent of all devices running Android do not have encryption.
The only way to address this concern is to upgrade to the latest Nexus device that runs Marshmallow or have your handset updated with the newest Android operating system if you have the option.