Google and Apple can remotely unlock devices if necessary

Google and Apple can remotely unlock older versions of iOS and Android if a court order demands it, according to a recent report examining the role of smartphone encryption and public safety by the New York District Attorney’s Office.

The tech giants have the ability to reset user-generated passwords on some iPhones and Android smartphones if necessary.

Devices can only be remotely unlocked if the device isn’t encrypted. Apple has enabled encryption by default on iPhones running iOS 8 since 2014. Only 9% of Apple devices use versions older than iOS 8.

Smartphones running Android 5.0 use full encryption. However, this feature isn’t switched on by default. Android 6.0 does enable encryption by default.

Approximately 74.1% of Android devices have not been updated to Android Lollipop 6.0 and are vulnerable to remote reset. But Google noted that it can’t remotely reset Android phones with a PIN or passcode.

In a Google Plus post, Android security lead Adrian Ludwig clarified the situation.

He said: “Google has no ability to facilitate unlocking any device that has been protected with a PIN, Password, or fingerprint.

“This is the case whether or not the device is encrypted, and for all versions of Android.

“Google also does not have any mechanism to facilitate access to devices that have been encrypted (whether encrypted by the user, as has been available since Android 3.0 for all Android devices, or encrypted by default, as has been available since Android 5.0 on select devices).”

The report said: “Apple’s and Google’s decisions to enable full-disk encryption by default on smartphones means that law enforcement officials can no longer access evidence of crimes stored on smartphones, even though the officials have a search warrant issued by a neutral judge,”

“The federal legislation would provide in substance that any smartphone manufactured, leased, or sold in the US must be able to be unlocked, or its data accessed, by the operating system designer,” the document reads, adding that compliance of this won’t require new tech or costly adjustments.

“It would require, simply, that designers and makers of operating systems not design or build them to be impregnable to lawful governmental searches.”