Sounds like good ideas that'll be a pain in the ass for innocent power users.
Android
The new home of /r/Android on Lemmy and the Fediverse!
Android news, reviews, tips, and discussions about rooting, tutorials, and apps.
🔗Universal Link: [email protected]
💡Content Philosophy:
Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.
Support, technical, or app related questions belong in: [email protected]
For fresh communities, lemmy apps, and instance updates: [email protected]
📰Our communities below
Rules
-
Stay on topic: All posts should be related to the Android OS or ecosystem.
-
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to [email protected].
-
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to [email protected].
-
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
-
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
-
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
-
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
-
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
-
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
-
No affiliate links: Posting affiliate links is not allowed.
Quick Links
Our Communities
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
Lemmy App List
Chat and More
Until they sign back in to their own phone..? How is that a pain?
Not eveyrone has or needs a google or any system-wide account to use their phones.
And if you don't sign into Google, the protections won't activate, and you won't have a problem.
I should have provided more info. I am not defending that FRPs should not exist, rather that there should be an option to utilize them without an account.
Graphene devs are considering using a random code similar to an account restoration.
That makes a lot of sense. I like the GrapheneOS approach to these things.
I hope they can figure something out that'll be user friendly that's also recoverable if your forget the password. Wouldn't want to put myself in a "lost my key, guess I can never sell my phone now" situation.
This assumes everything works fine. It's probably an edge case, but on my Nexus 6P an update somehow messed with my encryption keys, and the screen lock pattern that I'd used for over a year stopped getting recognised. I can't remember the solution but I vaguely remember having to factory reset. Whatever the solution was, it wasn't too different to what a thief would do... I was bypassing the screen lock after all.
Looks like they "just" have to stop signing in with a Google account, and may have to enable adb and install apps using it / e.g. Shizuku
Okay, according to the article, this functionality will only activate after you have signed into a Google account for the first time on the device. So, at least for those of us who use custom software such as lineage OS, that won't matter since we don't put a Google account on the device to begin with in a lot of cases. A lot of us boot the phone for the first time, skip the entire setup wizard as fast as possible without signing in or any of that stuff, and then immediately enable OEM unlocking and flash the lineage or whatever software.
I also imagine FRP will be ignored by custom ROMs even if the secret data is set.
Well, that won't matter unless it's a brand new phone or has been properly erased because you won't be able to install lineage anyway unless one of those two conditions are met.
"Theievs" definitely not targeting power users...
How was this not already a thing? These seem like quite basic features if you want to stop people from using stolen phones. From what I can tell online, it seems rather trivial for thieves to bypass FRP in the current incantation of the system.
I do wonder what will happen if your Google account gets banned, though. I can't find much about it online. Some older posts suggest that only having the email address and password is enough, but these days you can log in to Google without ever entering a password, and there's no way Google will just send your password to a new phone.
I think the reason this hasn’t been done yet is because their implementation comes with benefits like portability and low maintenance when the feature is implemented in just one app and just one part of the code. I think they hoped that patching bypasses in one app is viable and would eventually close most of the holes, but it turned out not to be so simple because bypasses emerged time and time again even with very limited initial access.
You’re not supposed to be able to skip running the wizard. A stolen phone was unusable and effectively had all of these features, but with a single point of failure that has turned out to be more of a problem then the maintenance benefit is worth.
I'm more focused on the adorable plushie in the hero image 🥹❤️
So... I flash wrong ROM, wipe everything and install the correct one and I'm screwed? Or do I just login with my Google account?
I think you would be fine. You’re only restricted if you log into the vanilla ROM, do some stuff, and later if you want to use the vanilla ROM again you’ll be required to login to the account you used last on the vanilla ROM to make it happy with the device.
I don’t expect custom ROMs will have any compatibility with this feature. I believe they would bypass it entirely.
I guess they can skip this crap completely whatsoever
The more I hear about Android 15,
the less excited I get for it..
Google is making Android worse and worse in each release.
Why exactly is this worse?
It is an optional feature that the majority of people will be using, making herd immunity for those who do not
And for those who dont install GApps...?
Still neat I guess.
yeah great, EDL mode still is exists...
True! But it still hurts the resale value because users are likely to notice a device with broken secure boot if you were to somehow use it to forcefully flash a modified ROM.
Are you proposing this mode could be used to somehow clear the secret data?
My understanding is EDL mode can refuse to flash some partitions and some devices will not enter this mode if fastboot is working, which also enforces preventing access to some partitions. Most people who use EDL already unlocked the bootloader, but I don’t think this method works on all devices if the boot loader is still locked.
This could still be bypassed by flashing a new OS that deliberately messes up the userdata wipe-persisting secrets. Well idk if there's a way to prevent that, but I guess really needy and tech-savvy people could recover lost devices that way
You can't really flash phones without unlocking the bootloader first, and you can't unlock the bootloader without unlocking FRP
Without opening the phone up and directly accessing NAND storage, you're not going to be able to reflash much. This makes it impossible for most thieves to abuse custom ROMs to sell stolen devices, because there's not that much profit in stolen phones if you need to spend hours on making them work again. You might as well get a real job at that point.
Is the bootloader unlocking requirement that FRP is not triggered a hard one or just because the settings screen isn't (or shouldn't) be reachable? Now that OEM unlocking and FRP aren't tied together anymore, it doesn't seem like a hard one