Google Starts Adding Anti-Theft Locking Features to Android Phones

An anonymous reader shared this report from Engadget: Three new theft protection features that Google announced earlier this year have reportedly started rolling out on Android. The tools — Theft Detection Lock, Offline Device Lock and Remote Lock — are aimed at giving users a way to quickly lock down their devices if they've been swiped, so thieves can't access any sensitive information. Android reporter Mishaal Rahman shared on social media that the first two tools had popped up on a Xiaomi 14T Pro, and said some Pixel users have started seeing Remote Lock.

Theft Detection Lock is triggered by the literal act of snatching. The company said in May that the feature "uses Google AI to sense if someone snatches your phone from your hand and tries to run, bike or drive away." In such a scenario, it'll lock the phone's screen.
The Android reporter summarized the other two locking features in a post on Reddit:

• Remote Lock "lets you remotely lock your phone using just your phone number in case you can't sign into Find My Device using your Google account password."

• Offline Device Lock "automatically locks your screen if a thief tries to keep your phone disconnected from the Internet for an extended period of time."

"All three features entered beta in August, starting in Brazil. Google told me the final versions of these features would more widely roll out this year, and it seems the features have begun expanding."

So ...

[cascadingstylesheet]

... someone else could remotely lock my phone just by knowing my phone number?

Remote Lock "lets you remotely lock your phone using just your phone number in case you can't sign into Find My Device using your Google account password."

Re:

[ArchieBunker]

Yes, that's exactly what they did. I have locked every phone from 000-000-0000 to 999-999-9999.

Re:

[ls671]

I am glad that I have an EU number on one of my phones, this is the only one still working! I was wondering why the other ones failed, now I know who the culprit is.

Re:

[codebase7]

Sadly it also means we cannot call Jenny..... /s

Where is the google squeezing money out of it?

[shanen]

Mod parent funny though I hope the joke is based on a bad summary somewhere along the line. The FP is hitting quite an important point of possible abuse of that new feature. Think of the viral version if a bad app somehow, heaven forbid, gets into the so-called secure Google Play system. With access to your contacts it could first disable all of your contacts' phones before taking out yours. For maximum impact the bad actor would want to delay the trigger to a fixed date, though there's also the threat of a

Re:

[93 Escort Wagon]

Thanks, you jerk! You also managed to irreversibly lock my luggage.

FTA:

[Viol8]

"Remote Lock, you can (you guessed it) remotely lock the phoneâ(TM)s screen from any device with only your phone number and the completion of a âoequick security challenge.â"

The "quick security challenge" probably being the password and/or recovery phrases you set up 3 years ago and have zero idea what they are. And thats assuming you can access "any device". I doubt a stranger in the street is just going to give you their phone for you to do it on and cybercafes are a thing of the past so un

Re:

[quonset]

so unless you have someone with you who's got a phone you're screwed anyway.

Thank you. I was thinking the same thing. "My phone's been stolen! Someone give me your phone so I can lock my phone."

Or are they subtly implying you should have TWO phones? One you use for everything and one as emergency in case the first one gets stolen.

Re:

[thegarbz]

Thank you. I was thinking the same thing. "My phone's been stolen! Someone give me your phone so I can lock my phone."

I don't understand what you're talking about. This is literally how my last week was. We got out of the subway and I asked someone for their phone so I could lock mine, and did so straight away. What's the problem here?

Re:

[Viol8]

You're so full of shit you must have trouble knowing which end to put on the toilet first.

Re: FTA:

[doobes]

So, Do you speak to people this way in person? Our do you hide behind the pseudo-anonymity to be a complete ass-hat? Just wondering

Re:

[gnasher719]

I don't understand what you're talking about. This is literally how my last week was. We got out of the subway and I asked someone for their phone so I could lock mine, and did so straight away. What's the problem here?

There is no problem whatsoever. The main problem to be solved (and that's one thing I hope Apple copies as soon as possible) is that when you use your phone, it's not locked, and if I grab your phone while you use it I've got your unlocked phone which is much easier to break in than a locked phone.

Yes, locking a phone always required a phone, and locking a stolen phone always required some person to help you out with their phone. If they don't trust you, _they_ can lock your phone without giving it to y

Re:

[Kernel Kurtz]

The "quick security challenge" probably being the password and/or recovery phrases you set up 3 years ago and have zero idea what they are. And thats assuming you can access "any device". I doubt a stranger in the street is just going to give you their phone for you to do it on and cybercafes are a thing of the past so unless you have someone with you who's got a phone you're screwed anyway.

So just give up then.

Re:

[Malay2bowman]

I read the "quick security challenge" and immediately flipped. Because I know how "quick security challenges" really are in real life, and I bet it would indeed require you to enter your password, or a previously used password despite TFA saying "in case the user forgot their password" right after the security challenges bit. Throw in an endless "click on all the squares that has a bike or a crosswalk blah blah blah". I just don't trust Google to get this stuff right. Either it will be a nightmare for a leg

Re:So ...

[AmiMoJo]

You also have to complete a security challenge. Curious to know what that is, if it works in a way that doesn't require you to access your Google account, which would give you access to Find My Device.

On a semi-related note, Google has completely botched the roll-out of the Fine My Device network. It should be even better than Apple's, given there are more Android devices out there. Unfortunately it barely works at all, mostly failing to locate your stuff.

Probably as a reaction to the privacy issues with Apple's AirTags, they made it so that Android devices only report the location of other people's stuff in busy areas. If someone steals your stuff, or you lose it in a suburban/rural area, or really anywhere except the busiest places with hundreds of devices detecting it, you have no chance of finding it. There is a setting that fixes this, but the on-boarding process doesn't even mention it.

Manufacturers like Pebble and Chipolo who support Google's network are getting shafted by large numbers of returns for non-functional devices.

Re:

[cascadingstylesheet]

You also have to complete a security challenge. Curious to know what that is, if it works in a way that doesn't require you to access your Google account, which would give you access to Find My Device.

Yes, I'd be curious as well.

Re:

[thegarbz]

Curious to know what that is

It is custom. Based on the screenshots online when you setup Remote Lock on the device you also need to enter a PIN/Password for the function. It appears this is stored on the device itself, nothing to do with a Google account. The whole point of this is that you don't need your Google account. If you had access to your Google account in any way shape or form then you can already simply click the "Secure Device" button in your Google account to remote lock it.

On a semi-related note, Google has completely botched the roll-out of the Fine My Device network. It should be even better than Apple's, given there are more Android devices out there. Unfortunately it barely works at all, mostly failing to locate your stuff.

Actually last week it successfully found and loc

Re:

[AmiMoJo]

You might be confusing the Find My Device with your phone that has its own location system, and the tags that just broadcast a Bluetooth ping now and again. The latter rely entirely on other Android devices too pick up the ping and report it to Google.

I can see why they did it. If someone plants a tag on you, they won't be able to get your home address because your home isn't a busy enough area to be reported. But that also means if you leave it at your friend's house, drop it on a hike, it gets stolen, or

I don't get it

[Baron_Yam]

Who doesn't set their phone to lock after 30 seconds of inactivity, and who doesn't just reflexively hit the lock button when they're done using their phone anyway?

Re:

[denpun]

https://www.youtube.com/result... [youtube.com]

Re:

[denpun]

Hit submit too soon. Phones are being snatched out of people hands. ^^

Re:

[FudRucker]

somebody should make a bluetooth speaker/microphone handset that looks exactly like a smartphone, make it cheap no frills just a way to keep your real phone in your pocket and just use the fake phone that is just really a speaker/microphone handset that cost 15 dollars, that way when some thief snatches it they dont get a person's real phone

Re:

[Malay2bowman]

I have an old no name cheap as shit "smartwatch" lying around that is basically all of this, except for the form factor. I used it mostly as a remote control with a color display for a music player app along with earbuds. But you could make calls on it and it had a speakerphone too.

Re:

[thegarbz]

It's more than that. If you have multiple unlocking mechanisms enabled (e.g. biometric, face detection, that stupidly insecure pattern unlock which everyone sets to either N, U, or C) then Remote Lock also disables those, forcing the user to enter the PIN.

Re:I don't get it

[Baron_Yam]

Right. I don't do biometrics because you can't revoke them. Not that I'm REALLY worried about someone using a photo to fake my face, or holding my phone up to my face while I'm being interrogated or something, but just on principle.

Secure is secure, if someone wants my phone contents, they're going to have to invest in a decent phone cloning and cracking setup or use rubber-hose cryptoanalysis.

Re:

[thegarbz]

Or they take it from your hand unlocked while you're not paying attention.

Re:

[Ed Tice]

And then you use the remote lock feature discussed in TFS!

Re:

[PleaseThink]

Oddly biometrics might be more secure than a password. No one hides the screen when they're typing/swiping their password. It's trivial for a security camera or nearby camera phone to record your finger movements.

Re:

[stooo]

you obviously have no idea about security.

Re:

[Ksevio]

Someone could snag it from your hand while it was already unlocked

Re:

[freeze128]

Never underestimate the stupidity of the average citizen.

Re:

[Tony Isaac]

Me.

I don't lock my phone at all, it's always just "swipe to unlock."

Of course, everything sensitive, like my bank apps, are locked.

Here's the thing. I always keep my phone on my person. I don't leave it where people can pick it up without me knowing. I know that if someone does take the phone, I can quickly lock it down remotely.

Re:

[gnasher719]

Who doesn't set their phone to lock after 30 seconds of inactivity, and who doesn't just reflexively hit the lock button when they're done using their phone anyway?

You are on a phone call, and some dude on their e-bike grabs your unlocked phone. Even with what you said, they now have 30 seconds to change settings. Motion detector can lock your phone instantly.

Re:

[PsychoSlashDot]

Android phones actually get stolen?

I know, right? You'd think Android owners are all smart enough to keep their phones from being stolen... I mean, they are Android users, not sill iPhone users after all. But just as there are those three smart iPhone users out there, there are a few less-mentally-agile Android users. It's sort I mean... there's also the statistical fact that Android devices outnumber iPhones by a gigantic, massive margin.

But really, if you're a crack-head who's looking for something to pawn for their next fix, they're

Re:

[alexgieg]

That's why the test bed was here in Brazil. Android phones are over 95% of the market, from $100 throwaway devices all the way go Samsung, Redmi and Xiaomi topmost iPhone clones. And junkies seal them all the time, everywhere, from anyone and everyone, to trade for a fix.

The apartment building I live in a mile from a favela (extremely poor slum). We hear about stolen Android phones every other day. At least one per week is in front of my building.

For the record, sometimes, when junkies see the person has an

Re:

[Malay2bowman]

"give up trying to steal an iPhone". If the junky saw all of the "Apple is super secure" ads and optionally signed up for "iPhone Security Summer Camp". Otherwise, the junky sees a shiny expensive looking slab and tries to pawn it off to his dealer for a hit. Maybe the junky gets wise after the first of second time the dealer tells him "this is no good", but there are A LOT of junkies out there. And getting the phone back from whatever sewer grate it was disposed into is a challenge on it's own.

Re:

[stooo]

>> Android phones actually get stolen?
Yes. Only USA worshisps Apple.

This isn't such a bad idea.

[thegarbz]

I lost my phone in Munich last week and I realised something quite silly: Google's Find My Phone function relies on me logging into my Google account which is protected by 2FA. Take a guess where the second factor was configured.

Fortunately back at the hotel I had a laptop that had previously logged into Google so I could use that. Using the phone number would have been quite useful.

Re:

[codebase7]

Right up until some asshole starts randomly locking your phone because he's bored.

Then there's the "Offline lock".... Really? If the damn thing's offline for an extended period of time then they've probably gotten all of the data that's useful from it. That or they'll just run some payload to either wipe the phone (resell as is) or not care. (sell for parts.)

The last one is the snatching lock and that could be tripped by a sudden jolt. Can't wait for everyone to want to disable it because their driver h

Re:

[thegarbz]

Right up until some asshole starts randomly locking your phone because he's bored.

No one can randomly do anything. You set a PIN code to enable remote lock. Unless you have the pin code to lock your device published on your business card next to your phone number, no one will be locking your device.

Then there's the "Offline lock".... Really? If the damn thing's offline for an extended period of time then they've probably gotten all of the data that's useful from it.

False. Snatch and grabs and crimes of opportunity are not often executed in the field. Thieves will snatch unlocked phones, and then disable data on them straight away (to prevent the find my phone feature working). Then they disable the lockscreen timeout and keep the phone awake until they c

Re:

[Ed Tice]

Then there's the "Offline lock".... Really? If the damn thing's offline for an extended period of time then they've probably gotten all of the data that's useful from it. That or they'll just run some payload to either wipe the phone (resell as is) or not care. (sell for parts.)

The goal of these features isn't to protect your data. If you are a high-value target, you shouldn't use your phone in places where it can be easily stolen. You should probably keep it in a briefcase that is locked and handcuffed to your body guard.

For the rest of us, we don't like our devices getting stolen because they are expensive. This feature eliminates the stolen hardware market which is the goal.

Re:

[NotEmmanuelGoldstein]

... where the second factor was ...

Just as one needs spare car keys, device authentication data (eg. OTP secrets, in-software passkeys) must be exported to an offline backup. With computers, people don't notice the obvious preventative maintenance until they need it. Unfortunately, the only way to find/access one device is through a second device. Microsoft and Google offering account-sharing, is more than spyware and multiple privacy points-of-failure, it also has a use. It helps the stupid access their authentication data from a second

Re:

[tlhIngan]

Just as one needs spare car keys, device authentication data (eg. OTP secrets, in-software passkeys) must be exported to an offline backup. With computers, people don't notice the obvious preventative maintenance until they need it.

And that's because most apps don't support exporting the keys to a backup. Try the common apps everyone recommends and nope, no export allowed.

Sure there are apps that let you export, or sync with the cloud, but most of those generally are paid apps.

Re:

[NotEmmanuelGoldstein]

For OTP with Android freeware, And OTP [google.com], Aegis [google.com], 2FAS [google.com] (Export is in the Backup menu).

Re:

[thegarbz]

Google offer offline emergency codes. That was actually my solution. I wasn't about to run around Munich with my laptop in hand looking for Wifi so I can run find my phone, so I used my laptop (which was logged into Google) to enable the offline access codes, and then used the access code to log into Google on a friend's phone.

Worked a treat.

The issue is who will carry those codes around separately.

Re: This isn't such a bad idea.

[mapkinase]

Is there a Google Authenticator for desktops?

Can I lock the phone if law enforcement takes it?

[schwit1]

Is there an indicator on the phone that it was remote locked?

Re:

[ArchieBunker]

If you lock the phone after the cops take it I'm pretty sure you will get charged with evidence tampering or obstructing an investigation. Don't know about Android but every locked iPhone I have seen says it's remotely locked.

Re:

[thegarbz]

Yes it indicates why the device has been locked - it also disables biometrics and pattern unlock along with giving you the option to put a call button on the screen which would allow someone who has found your device (or stolen it) to call you without unlocking the phone.

In 5 Years the Average Android User Will Have it

[BrendaEM]

Well as soon as they buy not their next phone--but the one after it, and throw away the others into a landfill--err trash mountain.

Re:

[thegarbz]

No. This is rolling out via Play Services and isn't tied to any OS update or manufacturer. If you have a Android 10 or more recent phone (i.e. anything less than 5 years old) you'll get the feature shortly.

Thinking emoji

[Rujiel]

Looks like it's opt-in... but is it really? And will it be on by default at some point?

Re:

[thegarbz]

Given you need to set a password to make it work I don't think "on by default" works.

Meanwhile, in Lebanon...

[Randseed]

Meanwhile, in Lebanon, the feature has been dubbed "remote detonate."

Of course they needed to find a way to fuck thisuo

[Malay2bowman]

"Remote Lock, you can (you guessed it) remotely lock the phoneâ(TM)s screen from any device with only your phone number and the completion of a *quick security challenge* FNORD! No, I want to be able to call ###-###-#### hit "9" or whatever emergency code I define at the voice mail and lock the sucker down. As a second alternative, I want to be able quickly log into my account from a computer, and immediately hit the big red "HELP! THE THIEF IS ALREADY FUCKING AROUND WITH MY PHONE- LOCK IT DOWN, QUICK!

Re:

[Ed Tice]

What you are looking for is an MDM solution to protect data. Plenty of those already exist. This feature is about reducing the market for stolen hardware, not protecting data.

Does not really help, as it doesn't lock the H/W

[brunes69]

The big problem Andrord devices have with theft is because Google does not lock the hardware to prevent it from being activated again with Google services.

iPhones are locked to someone's Apple ID, It doesn't matter if you reset the device and reflash the software or not, you still can't sign them into Apple ID again. This makes a stolen iPhone far less valuable, because it basically means thieves have to part out these phones.

This isn't true with Anroid phones. If I steal your phone, and it is locked, I can

Re:

[Ed Tice]

That would be because, unless it's a Pixel phone, Google isn't really involved in the provisioning. But your point stands. Android manufacturers should do something similar. I don't exactly know how you would combine that with an unlocked bootloader though. Fortunately, I don't have to think about that, as there is no way I would step out of the Apple walled garden with a phone.