Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Android Security

Google Starts Adding Anti-Theft Locking Features to Android Phones (engadget.com) 81

An anonymous reader shared this report from Engadget: Three new theft protection features that Google announced earlier this year have reportedly started rolling out on Android. The tools — Theft Detection Lock, Offline Device Lock and Remote Lock — are aimed at giving users a way to quickly lock down their devices if they've been swiped, so thieves can't access any sensitive information. Android reporter Mishaal Rahman shared on social media that the first two tools had popped up on a Xiaomi 14T Pro, and said some Pixel users have started seeing Remote Lock.

Theft Detection Lock is triggered by the literal act of snatching. The company said in May that the feature "uses Google AI to sense if someone snatches your phone from your hand and tries to run, bike or drive away." In such a scenario, it'll lock the phone's screen.

The Android reporter summarized the other two locking features in a post on Reddit:
  • Remote Lock "lets you remotely lock your phone using just your phone number in case you can't sign into Find My Device using your Google account password."
  • Offline Device Lock "automatically locks your screen if a thief tries to keep your phone disconnected from the Internet for an extended period of time."

"All three features entered beta in August, starting in Brazil. Google told me the final versions of these features would more widely roll out this year, and it seems the features have begun expanding."


This discussion has been archived. No new comments can be posted.

Google Starts Adding Anti-Theft Locking Features to Android Phones

Comments Filter:
  • by cascadingstylesheet ( 140919 ) on Sunday October 06, 2024 @10:42AM (#64843883) Journal

    ... someone else could remotely lock my phone just by knowing my phone number?

    Remote Lock "lets you remotely lock your phone using just your phone number in case you can't sign into Find My Device using your Google account password."

    • Yes, that's exactly what they did. I have locked every phone from 000-000-0000 to 999-999-9999.

      • by ls671 ( 1122017 )

        I am glad that I have an EU number on one of my phones, this is the only one still working! I was wondering why the other ones failed, now I know who the culprit is.

      • Sadly it also means we cannot call Jenny..... /s
      • Mod parent funny though I hope the joke is based on a bad summary somewhere along the line. The FP is hitting quite an important point of possible abuse of that new feature. Think of the viral version if a bad app somehow, heaven forbid, gets into the so-called secure Google Play system. With access to your contacts it could first disable all of your contacts' phones before taking out yours. For maximum impact the bad actor would want to delay the trigger to a fixed date, though there's also the threat of a

      • Thanks, you jerk! You also managed to irreversibly lock my luggage.

    • by Viol8 ( 599362 )

      "Remote Lock, you can (you guessed it) remotely lock the phoneâ(TM)s screen from any device with only your phone number and the completion of a âoequick security challenge.â"

      The "quick security challenge" probably being the password and/or recovery phrases you set up 3 years ago and have zero idea what they are. And thats assuming you can access "any device". I doubt a stranger in the street is just going to give you their phone for you to do it on and cybercafes are a thing of the past so un

      • so unless you have someone with you who's got a phone you're screwed anyway.

        Thank you. I was thinking the same thing. "My phone's been stolen! Someone give me your phone so I can lock my phone."

        Or are they subtly implying you should have TWO phones? One you use for everything and one as emergency in case the first one gets stolen.

        • Thank you. I was thinking the same thing. "My phone's been stolen! Someone give me your phone so I can lock my phone."

          I don't understand what you're talking about. This is literally how my last week was. We got out of the subway and I asked someone for their phone so I could lock mine, and did so straight away. What's the problem here?

          • by Viol8 ( 599362 )

            You're so full of shit you must have trouble knowing which end to put on the toilet first.

            • So, Do you speak to people this way in person? Our do you hide behind the pseudo-anonymity to be a complete ass-hat? Just wondering
            • You're so full of shit you must have trouble knowing which end to put on the toilet first.

              Well... yes. The whole reason I was in Munich in the first place was for Oktoberfest. I really did have some trouble knowing which side to face the toilet. And incidentally excessive alcohol consumption is why I lost my phone on the U6 in the first place.

          • I don't understand what you're talking about. This is literally how my last week was. We got out of the subway and I asked someone for their phone so I could lock mine, and did so straight away. What's the problem here?

            There is no problem whatsoever. The main problem to be solved (and that's one thing I hope Apple copies as soon as possible) is that when you use your phone, it's not locked, and if I grab your phone while you use it I've got your unlocked phone which is much easier to break in than a locked phone.

            Yes, locking a phone always required a phone, and locking a stolen phone always required some person to help you out with their phone. If they don't trust you, _they_ can lock your phone without giving it to y

      • The "quick security challenge" probably being the password and/or recovery phrases you set up 3 years ago and have zero idea what they are. And thats assuming you can access "any device". I doubt a stranger in the street is just going to give you their phone for you to do it on and cybercafes are a thing of the past so unless you have someone with you who's got a phone you're screwed anyway.

        So just give up then.

        • I read the "quick security challenge" and immediately flipped. Because I know how "quick security challenges" really are in real life, and I bet it would indeed require you to enter your password, or a previously used password despite TFA saying "in case the user forgot their password" right after the security challenges bit. Throw in an endless "click on all the squares that has a bike or a crosswalk blah blah blah". I just don't trust Google to get this stuff right. Either it will be a nightmare for a leg
    • Re:So ... (Score:5, Informative)

      by AmiMoJo ( 196126 ) on Sunday October 06, 2024 @11:33AM (#64843967) Homepage Journal

      You also have to complete a security challenge. Curious to know what that is, if it works in a way that doesn't require you to access your Google account, which would give you access to Find My Device.

      On a semi-related note, Google has completely botched the roll-out of the Fine My Device network. It should be even better than Apple's, given there are more Android devices out there. Unfortunately it barely works at all, mostly failing to locate your stuff.

      Probably as a reaction to the privacy issues with Apple's AirTags, they made it so that Android devices only report the location of other people's stuff in busy areas. If someone steals your stuff, or you lose it in a suburban/rural area, or really anywhere except the busiest places with hundreds of devices detecting it, you have no chance of finding it. There is a setting that fixes this, but the on-boarding process doesn't even mention it.

      Manufacturers like Pebble and Chipolo who support Google's network are getting shafted by large numbers of returns for non-functional devices.

      • You also have to complete a security challenge. Curious to know what that is, if it works in a way that doesn't require you to access your Google account, which would give you access to Find My Device.

        Yes, I'd be curious as well.

      • Curious to know what that is

        It is custom. Based on the screenshots online when you setup Remote Lock on the device you also need to enter a PIN/Password for the function. It appears this is stored on the device itself, nothing to do with a Google account. The whole point of this is that you don't need your Google account. If you had access to your Google account in any way shape or form then you can already simply click the "Secure Device" button in your Google account to remote lock it.

        On a semi-related note, Google has completely botched the roll-out of the Fine My Device network. It should be even better than Apple's, given there are more Android devices out there. Unfortunately it barely works at all, mostly failing to locate your stuff.

        Actually last week it successfully found and loc

        • by AmiMoJo ( 196126 )

          You might be confusing the Find My Device with your phone that has its own location system, and the tags that just broadcast a Bluetooth ping now and again. The latter rely entirely on other Android devices too pick up the ping and report it to Google.

          I can see why they did it. If someone plants a tag on you, they won't be able to get your home address because your home isn't a busy enough area to be reported. But that also means if you leave it at your friend's house, drop it on a hike, it gets stolen, or

  • Who doesn't set their phone to lock after 30 seconds of inactivity, and who doesn't just reflexively hit the lock button when they're done using their phone anyway?

      • by denpun ( 1607487 )

        Hit submit too soon. Phones are being snatched out of people hands. ^^

        • somebody should make a bluetooth speaker/microphone handset that looks exactly like a smartphone, make it cheap no frills just a way to keep your real phone in your pocket and just use the fake phone that is just really a speaker/microphone handset that cost 15 dollars, that way when some thief snatches it they dont get a person's real phone
          • I have an old no name cheap as shit "smartwatch" lying around that is basically all of this, except for the form factor. I used it mostly as a remote control with a color display for a music player app along with earbuds. But you could make calls on it and it had a speakerphone too.
    • It's more than that. If you have multiple unlocking mechanisms enabled (e.g. biometric, face detection, that stupidly insecure pattern unlock which everyone sets to either N, U, or C) then Remote Lock also disables those, forcing the user to enter the PIN.

      • by Baron_Yam ( 643147 ) on Sunday October 06, 2024 @11:08AM (#64843939)

        Right. I don't do biometrics because you can't revoke them. Not that I'm REALLY worried about someone using a photo to fake my face, or holding my phone up to my face while I'm being interrogated or something, but just on principle.

        Secure is secure, if someone wants my phone contents, they're going to have to invest in a decent phone cloning and cracking setup or use rubber-hose cryptoanalysis.

        • Or they take it from your hand unlocked while you're not paying attention.

        • Oddly biometrics might be more secure than a password. No one hides the screen when they're typing/swiping their password. It's trivial for a security camera or nearby camera phone to record your finger movements.

          • by stooo ( 2202012 )

            you obviously have no idea about security.

            • Ah, the classic personal attack instead of countering with actual claims. There are valid criticisms of what I wrote, but you didn't make any of them. Instead you made the choice to be a troll. Did your post let you feel better about yourself?

              One valid counter point to my claim is if a camera can capture your finger movements then it can also capture your face. However modern phones should be doing 3D facial scans which is harder for the average person to recreate. Anyone can type in a passcode after s

    • by Ksevio ( 865461 )

      Someone could snag it from your hand while it was already unlocked

    • Never underestimate the stupidity of the average citizen.
    • Me.

      I don't lock my phone at all, it's always just "swipe to unlock."

      Of course, everything sensitive, like my bank apps, are locked.

      Here's the thing. I always keep my phone on my person. I don't leave it where people can pick it up without me knowing. I know that if someone does take the phone, I can quickly lock it down remotely.

    • Who doesn't set their phone to lock after 30 seconds of inactivity, and who doesn't just reflexively hit the lock button when they're done using their phone anyway?

      You are on a phone call, and some dude on their e-bike grabs your unlocked phone. Even with what you said, they now have 30 seconds to change settings. Motion detector can lock your phone instantly.

  • by thegarbz ( 1787294 ) on Sunday October 06, 2024 @11:07AM (#64843937)

    I lost my phone in Munich last week and I realised something quite silly: Google's Find My Phone function relies on me logging into my Google account which is protected by 2FA. Take a guess where the second factor was configured.

    Fortunately back at the hotel I had a laptop that had previously logged into Google so I could use that. Using the phone number would have been quite useful.

    • Right up until some asshole starts randomly locking your phone because he's bored.

      Then there's the "Offline lock".... Really? If the damn thing's offline for an extended period of time then they've probably gotten all of the data that's useful from it. That or they'll just run some payload to either wipe the phone (resell as is) or not care. (sell for parts.)

      The last one is the snatching lock and that could be tripped by a sudden jolt. Can't wait for everyone to want to disable it because their driver h
      • Right up until some asshole starts randomly locking your phone because he's bored.

        No one can randomly do anything. You set a PIN code to enable remote lock. Unless you have the pin code to lock your device published on your business card next to your phone number, no one will be locking your device.

        Then there's the "Offline lock".... Really? If the damn thing's offline for an extended period of time then they've probably gotten all of the data that's useful from it.

        False. Snatch and grabs and crimes of opportunity are not often executed in the field. Thieves will snatch unlocked phones, and then disable data on them straight away (to prevent the find my phone feature working). Then they disable the lockscreen timeout and keep the phone awake until they c

      • Then there's the "Offline lock".... Really? If the damn thing's offline for an extended period of time then they've probably gotten all of the data that's useful from it. That or they'll just run some payload to either wipe the phone (resell as is) or not care. (sell for parts.)

        The goal of these features isn't to protect your data. If you are a high-value target, you shouldn't use your phone in places where it can be easily stolen. You should probably keep it in a briefcase that is locked and handcuffed to your body guard.

        For the rest of us, we don't like our devices getting stolen because they are expensive. This feature eliminates the stolen hardware market which is the goal.

        • If they are so precious to you why do you let them get easily stolen in the first place? If you need a self-destruct button or some kind of remote disable button, to quote a certain IT firm: "You're holding it wrong."

          I've seen co-workers leave their expensive $1000+ iPhones laying in common areas frequented by children for hours a day. The same can be said of Android users. People are just too lazy with protecting their stuff. No, I don't believe that there's a flood of pickpockets with magic unnoticeable
          • Who wants to buy something that not only costs a lot of money but then you have to be constantly vigilant protecting from thieves? No thank you.

            It's nearly impossible to prosecute phone thieves because you have to either (a) catch them in the act and apprehend them or (b) find the stolen hardware and then follow the supply chain.

            Law enforcement certainly does the latter and once in a while, they catch a big fish. But that's also an expensive activity and might be as expensive as the theft it prevent

            • Who wants to buy something that not only costs a lot of money but then you have to be constantly vigilant protecting from thieves? No thank you.

              Thank you for proving my post with just one sentence.

              Most people lock their doors at night.

              Most people also keep track of and protect the things that are important to them.

              family that takes turns sleeping so that they can have somebody sitting in the living room with a shotgun 24/7 in case of intrusion.

              Oh, for the love of....

              I'm going to regret asking this, but screw it. Pray tell, how is not leaving your iDevice unattended while your out and about the equivalent of posting a guard armed with a shotgun over night? Your self-destruct buttons are far more of an equivalent to a shotgun guard than being mindful of your crap.

              People don't buy devices in order to practice protecting them. They purchase devices to enjoy the benefits of using them.

              If it's that inconsequential to you, a mere bene

              • Your original statement was

                I've seen co-workers leave their expensive $1000+ iPhones laying in common areas frequented by children for hours a day.

                Presumably if it's somewhere you are willing to leave your children, it's somewhere that's reasonable to leave your phone. I wouldn't leave my phone on the table at a coffee shop while I went to the bathroom but I have certainly left equipment in conference rooms or in my living room.

                Why would anybody be perfectly fine if a $1k device disappears for good? You are then without the device and have to go spend another thousand dollars. This seems to be divulging into nonsen

                • Presumably if it's somewhere you are willing to leave your children

                  Nice assumption, but I was thinking of a school. (Not the only place where children frequent either....) The point was that it was a relatively unmonitored location.

                  I wouldn't leave my phone on the table at a coffee shop while I went to the bathroom

                  And there are plenty of other people who do. What's relevant to you isn't the only metric.

                  Why would anybody be perfectly fine if a $1k device disappears for good?

                  According to your own post:

                  Who wants to buy something that not only costs a lot of money but then you have to be constantly vigilant protecting from thieves? No thank you.

                  That post implies you are willing to spend the money but don't want the responsibility of protecting your investment. Which is what my post was trying to address.

                  Reducing the market for stolen merchandise is a nearly universal goal.

                  The best way to do that is to prosecute the thieves. Creating m

                  • That post implies you are willing to spend the money but don't want the responsibility of protecting your investment. Which is what my post was trying to address.

                    Water is wet. Nobody wants to buy a responsibility! You are absolutely correct. Yes, I am willing to spend money on a device. No, I don't want the responsibility of protecting it from thieves. I don't know where you live, but in my town we have a police department. However, they can't really investigate every crime and are unlikely to recover very many stolen mobile devices.

                    The risk of theft is the reason that many people don't want to spend money on phones. Driving down the potential for theft n

    • ... where the second factor was ...

      Just as one needs spare car keys, device authentication data (eg. OTP secrets, in-software passkeys) must be exported to an offline backup. With computers, people don't notice the obvious preventative maintenance until they need it. Unfortunately, the only way to find/access one device is through a second device. Microsoft and Google offering account-sharing, is more than spyware and multiple privacy points-of-failure, it also has a use. It helps the stupid access their authentication data from a second

      • by tlhIngan ( 30335 )

        Just as one needs spare car keys, device authentication data (eg. OTP secrets, in-software passkeys) must be exported to an offline backup. With computers, people don't notice the obvious preventative maintenance until they need it.

        And that's because most apps don't support exporting the keys to a backup. Try the common apps everyone recommends and nope, no export allowed.

        Sure there are apps that let you export, or sync with the cloud, but most of those generally are paid apps.

      • Google offer offline emergency codes. That was actually my solution. I wasn't about to run around Munich with my laptop in hand looking for Wifi so I can run find my phone, so I used my laptop (which was logged into Google) to enable the offline access codes, and then used the access code to log into Google on a friend's phone.

        Worked a treat.

        The issue is who will carry those codes around separately.

    • Is there a Google Authenticator for desktops?

  • Is there an indicator on the phone that it was remote locked?

    • If you lock the phone after the cops take it I'm pretty sure you will get charged with evidence tampering or obstructing an investigation. Don't know about Android but every locked iPhone I have seen says it's remotely locked.

      • Yes it indicates why the device has been locked - it also disables biometrics and pattern unlock along with giving you the option to put a call button on the screen which would allow someone who has found your device (or stolen it) to call you without unlocking the phone.

  • Well as soon as they buy not their next phone--but the one after it, and throw away the others into a landfill--err trash mountain.
    • No. This is rolling out via Play Services and isn't tied to any OS update or manufacturer. If you have a Android 10 or more recent phone (i.e. anything less than 5 years old) you'll get the feature shortly.

  • Looks like it's opt-in... but is it really? And will it be on by default at some point?
  • by Randseed ( 132501 ) on Sunday October 06, 2024 @01:47PM (#64844223)
    Meanwhile, in Lebanon, the feature has been dubbed "remote detonate."
  • "Remote Lock, you can (you guessed it) remotely lock the phoneâ(TM)s screen from any device with only your phone number and the completion of a *quick security challenge* FNORD! No, I want to be able to call ###-###-#### hit "9" or whatever emergency code I define at the voice mail and lock the sucker down. As a second alternative, I want to be able quickly log into my account from a computer, and immediately hit the big red "HELP! THE THIEF IS ALREADY FUCKING AROUND WITH MY PHONE- LOCK IT DOWN, QUICK!
    • What you are looking for is an MDM solution to protect data. Plenty of those already exist. This feature is about reducing the market for stolen hardware, not protecting data.
      • I wish Google baked in MDM because often the data is much more valuable than the phone itself. The phone can be insured for a low monthly fee at least with contract phones, so in that case the phone itself really isn't the concern. The closest thing Google/Android has to a built in MDM is Family Link and while you can lock a phone almost completely down with a couple clicks on an admin page, and by default it even prevents booting into safe mode, and you can optionally disable ADB, it's marketed as a parent
        • "The closest thing Google/Android has to a built in MDM is Family Link" - For phones prior to what Google is doing now
  • The big problem Andrord devices have with theft is because Google does not lock the hardware to prevent it from being activated again with Google services.

    iPhones are locked to someone's Apple ID, It doesn't matter if you reset the device and reflash the software or not, you still can't sign them into Apple ID again. This makes a stolen iPhone far less valuable, because it basically means thieves have to part out these phones.

    This isn't true with Anroid phones. If I steal your phone, and it is locked, I can

    • That would be because, unless it's a Pixel phone, Google isn't really involved in the provisioning. But your point stands. Android manufacturers should do something similar. I don't exactly know how you would combine that with an unlocked bootloader though. Fortunately, I don't have to think about that, as there is no way I would step out of the Apple walled garden with a phone.
  • Here's a thought; Force carriers to block EMEI numbers when the phones are reported as list/stolen. They won't because a healthy black market for stolen phones creates a healthy market for new phone purchases.

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...