x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • Updated: Think your Android smartphone with fingerprint scanner is safe from thieves? Think again

Updated: Think your Android smartphone with fingerprint scanner is safe from thieves? Think again

Posted: , by Paul K.

Tags:

Updated: Think your Android smartphone with fingerprint scanner is safe from thieves? Think again

Fingerprint scanners have slowly but surely become a desirable feature in any high-class smartphone. They offer users a quick unlock while providing a stable security wall for any snoopers that may want to dig around the handset, and they discourage thieves, as a fingerprint-secured smartphone is perceived as useless unless in the hands of its owner. Unfortunately, when it comes to most Android smartphones, the latter is more of a myth than actual reality.

When Apple introduced the Touch ID sensor, which essentially popularised the use of biometric scanners on a smartphone, it combined it with the strong iCloud Account Lock feature. As a result, any stolen iPhone (provided, it’s running a more current version of iOS) is essentially turned into a paperweight if it’s not unlocked by its owner. Thanks to the closed system that iOS is, getting past the security is impossible for a layman, and seems to be an endeavour with inconsistent results for hackers. Even authorities confirmed that thieves have become more and more discouraged to snatch iPhones. In reality, iCloud Account Lock works in the same manner even if one only uses a PIN code or password as their main locking feature, but since Touch ID is so widely used, it became synonymous with the strong security.

Android gives users a lot of freedom, which is a double-edged sword


A lot of Android smartphones also have a fingerprint scanner, and the sense of security it provides has also migrated to the Android user base, but in most cases – it’s a false one.

Android is a very open platform, which gives its users access to a lot of nooks and crannies that iOS does not. This is generally considered a plus, as it gives the user a lot of control over their own gadget and that’s cool, but it can be a double-edged sword at times. In our case here, the culprit is the modders’ beloved Recovery Mode – a “behind-the-curtains” boot menu, which allows users to manually flash system ROMs, wipe the phone’s cache, or clear all of its data. And by all of its data, we also mean all of its security settings – it basically reverts it back to factory-default state.

Update: Avid readers have pointed out to us that Samsung has an Activation Lock feature in place. It's a bit out of the way and required us to find and turn it on manually, but it's there. You need to go into Settings -> Security and turn on Activation Lock. This feature did not allow us to use a freshly reset Galaxy Note Edge, running on Android 5.1.1, even if we didn't connect it to the Internet after resetting, so props to Samsung for that. While there are a couple of ways to go around it, they are certainly not obvious, and this is a step in the right direction. Android is supposed to have an Activation Lock of its own since the 5.1 update, which should work similarly, but we haven't been able to get it to work automatically on the various handsets we tested this with. It requires the user to manually access the Android Device Manager, but seeing that it may take you a while between getting your phone stolen and accessing a computer – that's just not good enough.

So, while a potential thief will most probably not have access to the data on your Android smartphone, they can certainly access Recovery Mode, wipe it clean, and use it as their own / resell it. From that point on, you can't track the handset through the Android device manager, nor remotely control it in any way. In contrast – Apple's iCloud Account Lock will not let anyone through (backdoors in older iOS versions can sometimes be found, so it's preferable to always be up to the newest version), which makes the device unusable and significantly lowers its resale value. You will be able to track its location whenever it is on, and even when the thief turns it off — or if its battery dies — it will use its final seconds of on time to send out an updated location to the cloud.

This is not to say "iOS good, Android bad!", but do consider it as a public service announcement – if you’ve been having peace of mind, thinking that locking your Android smartphone will essentially make it worthless for potential thieves, this is probably false, unless they are really thick or easily discouraged (also, unable to use Google). It's great that Androids are getting an Activation Lock, but in our experience – it's a bit forgiving and out-of-the-way in its current state.

83 Comments
  • Options
    Close




posted on 21 Jan 2016, 07:13 28

1. Planterz (Posts: 1999; Member since: 30 Apr 2012)


This article is pointless.

posted on 21 Jan 2016, 07:59 6

11. EcoCare (Posts: 357; Member since: 30 Jul 2014)


How so? Care to elaborate?

posted on 21 Jan 2016, 08:19 1

17. Awalker (Posts: 1367; Member since: 15 Aug 2013)


Because most people know that already.

posted on 21 Jan 2016, 08:32 8

22. EcoCare (Posts: 357; Member since: 30 Jul 2014)


You might need statistical data to make that conclusion. Only a handful of my friends heard the term "recovery mode" (and they still don't know the purpose). That doesn't make this article pointless.

posted on 21 Jan 2016, 09:00 6

25. Finalflash (Posts: 2725; Member since: 23 Jul 2013)


It's not only pointless but pretty much a travesty as a public service announcement as well. Why would you even need to reset the iPhone when all you need to do is get through the persons pin. There was even an article here a while ago that you can get through the iPhones pin protection in a few hours. On top of that most Android phones have locked bootloaders and do not even give access to the recovery menu. Finally, it has been proven time and again that all closed systems get broken and the method of breaking remains undetected because only the hackers know of it. Open source gets analysed everyday by millions of well intentioned individuals who report vulnerabilities to those that can fix it. That 1 million dollar bounty bug won't be found by Apple for years and then what's the point of all that pretend security.

posted on 21 Jan 2016, 10:10 1

42. Wiencon (Posts: 1719; Member since: 06 Aug 2014)


I just showed it to my friends on LG G3 and no one knew about it. And they are IT students

posted on 21 Jan 2016, 10:18 2

47. TechieXP1969 (Posts: 7913; Member since: 25 Sep 2013)


So! What does that have to do with anything. Hey guess what, I can fine lots of people who can't list the 7 wonders of the world. That doesn't make my point any more or less pointless.

posted on 21 Jan 2016, 11:25

54. Awalker (Posts: 1367; Member since: 15 Aug 2013)


You can probably guess the purpose by the name of the mode. In my custom rom flashing days I used it all the time.

Have any of your friends used a Windows PC? It's the same concept.

posted on 21 Jan 2016, 14:22

61. Hexa-core (banned) (Posts: 2131; Member since: 11 Aug 2015)


Oh yeah, it sure is.

posted on 21 Jan 2016, 09:04 4

27. jove39 (Posts: 1785; Member since: 18 Oct 2011)


For starters - if your device is locked and you haven't enabled ADB, how thief would restart your device in recovery mode? My OPO won't even show recovery mode option when locked.

And with locked bootloader, you can't inst

posted on 21 Jan 2016, 09:25 8

31. paul.k (Posts: 143; Member since: 17 Jul 2014)


Why are you even talking about bootloader? Turn off your OPO (you can turn off a phone without needing to unlock it - just hold down power). When it's off, hold down Power and Volume down. When you see the 1+ logo, let go of both buttons. You are now in Recovery Mode (NOT bootloader). From here, you can choose "Wipe data / Factory reset". Voila!

posted on 21 Jan 2016, 10:11 3

43. RoboticEngi (Posts: 552; Member since: 03 Dec 2014)


And so what? When they try to enable the device, they still need to go through activation...........

posted on 21 Jan 2016, 10:25 1

48. TechieXP1969 (Posts: 7913; Member since: 25 Sep 2013)


You just don't get it do you?

Google offers activation lock to your Google account. It is part of the options during phone setup.

Samsung also offers activation lock to your Samsung account.

The only downside is even though both methods are offered during setup of Galaxy phones, it is allowed to be skipped. I think that one of the 2 methods should be forced to be used by the user. In other words, the user who bought the phone phone, while setting up must chose an activation locked method. Either the device must be locked with your Google login/password or Samsung's.

The reason is simple. PEOPLE ARE CARELESS AND STUPID.

I dont mean that in a bad way. Users on a tendency to never read prompts on computers and device. They just click and click and click passed stuff they feel is not important when it is. This makes them careless and stupid.

People are also too lazy to read a simply short verbage that says this method of protection is to help secure your device in the event it is lost or stolen. What do people typically do? SKIP.

The thing is though, Android phones were less likely to get stolen based on facts because, thieves can sell a hot iPhone right away do to its market penetration and black market awareness.

But here where I live in Chicago, people are having any type of phone stolen and activation lock wont prevent them from selling it, it will simply burn the idiot who bought it.

posted on 21 Jan 2016, 12:54

58. jove39 (Posts: 1785; Member since: 18 Oct 2011)


Right...open access to recovery leave phone vulnerable.

posted on 21 Jan 2016, 16:46 1

69. HighOnAndroidFTW (Posts: 185; Member since: 26 Apr 2015)


And you can do the same with apple devices with iTunes on a computer. Have done it several times for people that handed over locked iphones and wanted them wiped for resale. And you can crank the pin with a program fairly quick. So your article is doo-doo..

Not to mention your oh so godly Icloud got hacked and tons of people's private stuff released to the public remember that?

I don't remember that happening with Gmail cloud backup services ; ) GG

posted on 21 Jan 2016, 23:33 1

73. yoosufmuneer (Posts: 1468; Member since: 14 Feb 2015)


http://www.androidcentral.com/whats-new-android-51-some-big-and-small-changes-updated-lollipop-release#slide5

posted on 22 Jan 2016, 00:50

75. xfire99 (Posts: 782; Member since: 14 Mar 2012)


Have ever heard about Google require full disk encryption from Android 6.0? Which I doubt you know about it, since u not mention anywhere in the article.
They tried already with Android 5.0, but it slows the phone down and solved with little impact with android 6.0.

So what can a thief do with a full encrypted phone in recovery mode?

posted on 21 Jan 2016, 09:43 1

33. lolatfailphones (Posts: 189; Member since: 08 Apr 2013)


Lmfao collect your L on your way out

posted on 21 Jan 2016, 10:16 8

45. TechieXP1969 (Posts: 7913; Member since: 25 Sep 2013)


Because the info is wrong. Its simply another attempt to lie and make some stupid peopel think iOS is better.

IOS is the least secure mobile platform which has been validated by companies who aren't in Apple's pockets.

in 2015, Apple has top fix what was listed as iOS having more vulnerabilities vs Windows and Android COMBINED.

It's been also noted that iOS applications are more vulnerable vs Android or even Windows.

These are facts you can Google -https://www.google.com/#q=ios+vulnerabilities+vs+android+vs+windows+2015

PA hadn't to long ago had an article showing this fact

Remember how last year, iOS was hit with a simple hack using a text message that contain foreign characters?

Within days the iOS fingerprint reader was hacked and circumvented. Even now you can still bypass the fingerprint reader and change the DNS server info and reach other servers and perform a list of functions without ever logging into the phone. I have NEVER seen that happen on Android or Windows Mobile/Phone and I am not saying it can't be done.

http://www.ibtimes.co.uk/iphone-6-touch-id-fingerprint-scanner-hacked-days-after-launch-1466843

I personally haven't use other Android brands of phones, so I cannot speak on what activation locking methods they may have. But Samsung phones have offered activation lock to your account since 2014 based on the first time I recall using it which was on the Note 4. It also is available on any Samsung Galaxy device that runs Android 5.x or higher.

The article is only 100% true, if the user has a brand of phone where powering it off allows a thief to be able to wipe the device, and the owner never setup some type of activation lock method.

However, this issue only effects older phones. Any device that has a fingerprint reader and runs Android 5.x, offers some type of secondary activation lock method. In fact you can also activation Lock your device to your Google account.

posted on 21 Jan 2016, 14:30 3

63. Hexa-core (banned) (Posts: 2131; Member since: 11 Aug 2015)


Well pointed out. iOS isn't as secure as PA and other iBiased firms claim it to be!

posted on 21 Jan 2016, 20:04

70. EcoCare (Posts: 357; Member since: 30 Jul 2014)


See, it's not totally pointless. The fact that not all Android phones run 5.1 or higher and there are more brands than Samsung and Nexus, and not all phones are bootloader-locked makes this article has some points.

posted on 21 Jan 2016, 16:23 1

68. Planterz (Posts: 1999; Member since: 30 Apr 2012)


It's pointless because the fingerprint sensor is merely just another PIN/password/face unlock. A more secure one, yes. Patterns and PINs can be watched and imitated, and you can face unlock a phone by putting a picture of that person in front of it. Patterns can even be traced by copying the fingerprint smear, especially if it's an older phone where the oliophobic coating has worn away.

I doubt anyone (nobody with half a brain, anyway) will actually think that the fingerprint sensor magically makes a phone any more impossible to steal, wipe, and resell unless some sort of lockdown or killswitch was implemented. Not on an Android, anyway.

posted on 21 Jan 2016, 07:13 1

2. shaineql (Posts: 344; Member since: 28 Apr 2014)


Double edged sword indeed. The only way to have apple like security is to make it so nobudy can "fix" "access" some of the functions not even manufacturer.

posted on 21 Jan 2016, 07:16

3. shaineql (Posts: 344; Member since: 28 Apr 2014)


If HTC customer service can reset your password so can anyone else.
Unlike with applr once you reach that point where you cant recover your password not even apple care can help because they cant. Not even when supreme court demands it becsuse software isnt built like that. Personaly i see that as bad thing, id rather be able to reset my device ehrnever i want .

posted on 21 Jan 2016, 07:19 10

4. Sidewinder (Posts: 394; Member since: 15 Jan 2015)


I don't need a phone with fort Knox like security. Just need a basic security to keep some private content out of view of some curious eyes like friends and family. Pin based security will do just fine for me and the addition of a finger print sensor just makes the whole unlocking procedure more easy without the hassles of typing the pun everyone and having to remember it actually.

posted on 21 Jan 2016, 07:30 1

8. Wiencon (Posts: 1719; Member since: 06 Aug 2014)


Tou missed the point

posted on 21 Jan 2016, 07:20 1

5. joey_sfb (Posts: 5256; Member since: 29 Mar 2012)


Thief are also less likely to steal an Android phone as most are very cheap anyway. They rather buy one themselves at $150 e.g Xiaomi Redmi 3 Pro.

I am also not comfortable with my Bio signature captured as a form of authentication as I could change my password but not my Bio data.

posted on 21 Jan 2016, 09:46

35. lolatfailphones (Posts: 189; Member since: 08 Apr 2013)


Worse butthurt excuse ever. Doesn't matter if it cost $150 the thief is still getting it from you for free smh

posted on 21 Jan 2016, 11:31 1

55. Awalker (Posts: 1367; Member since: 15 Aug 2013)


I see that as one of the benefits of having a 6P. Most thieves are not looking to steal my device. They want iPhones.

posted on 21 Jan 2016, 23:00 1

72. DurTeeDee (Posts: 69; Member since: 05 Sep 2014)


They want your phone because it is big and on TV

posted on 22 Jan 2016, 00:27

74. joey_sfb (Posts: 5256; Member since: 29 Mar 2012)


Anyway, I am not worry about smart phone theft. Do you?

I know it could be an issue in the past for iPhone users, good that Apple has lock down the phone to make it less attractive to robber and thief.

posted on 21 Jan 2016, 07:25 1

6. gmp009 (Posts: 11; Member since: 27 Feb 2012)


Xiaomi have locked bootloader and redmi note 3 have no recovery mood either. so i guess android is moving towards some security flaws free state.

posted on 21 Jan 2016, 07:29

7. Tizo101 (Posts: 393; Member since: 05 Jun 2015)


I read an article on this very site about a way to get past that icloud account but today it doesnt work? What a joke iphonearena.

posted on 21 Jan 2016, 09:48 2

36. lolatfailphones (Posts: 189; Member since: 08 Apr 2013)


I believe that article was around the time ios 7 came out...3 years ago?

posted on 21 Jan 2016, 11:37 1

56. Tizo101 (Posts: 393; Member since: 05 Jun 2015)


no, it was last year... You should relax this is PA anyway

posted on 21 Jan 2016, 07:48

9. Gemmol (Posts: 781; Member since: 09 Nov 2011)


I feel safer with my Lumia 950 iris scanner, the more you record your eyes in different situation the faster it unlocks

posted on 21 Jan 2016, 07:59

10. jellmoo (Posts: 1463; Member since: 31 Oct 2011)


The reality is though that this is largely unimportant. I care wayyy more about the sensitive data on my device than I do about tracking it.

posted on 21 Jan 2016, 08:01 2

12. Crispin_Gatieza (Posts: 1559; Member since: 23 Jan 2014)


Anybody still wondering why the BlackBerry Priv didn't get a fingerprint scanner? Heeeere's your sign.

posted on 21 Jan 2016, 08:03

13. avalon2105 (Posts: 225; Member since: 12 Jul 2014)


One question regarding fingerprint scanners on the phones. Isn't it kind of pointless to lock your phone with your fingerprint when thief can easily lift your print from the screen of the device? Iris scanners I understand since thief would have to pluck out your eye to unlock it, but looking at my phone's screen it is full of my prints.
It reminds me of locking your door and leaving the key under a rug metaphor. And 2D scanners are easily fooled by even an image of your print.

posted on 21 Jan 2016, 08:05

14. submar (Posts: 304; Member since: 19 Sep 2014)


Apple is sadistic

posted on 21 Jan 2016, 08:07

15. TBomb (Posts: 664; Member since: 28 Dec 2012)


I heard that iOS doesn't send your fingerprint to anywhere and Android keeps it? I wasn't really up to speed on the jargon during the convo so I may have this totally backwards. Can anyone lend a thought or two?

posted on 21 Jan 2016, 08:22

18. Awalker (Posts: 1367; Member since: 15 Aug 2013)


Up until I got the 6P I didn't even have a secure lockscreen and if the 6P's scanner wasn't so quick I would disable it.

posted on 21 Jan 2016, 08:23

19. Baracus (Posts: 223; Member since: 15 Sep 2012)


That's why I encrypt the Hell out of any important data.

posted on 21 Jan 2016, 08:25 3

20. RebelwithoutaClue (Posts: 2639; Member since: 05 Apr 2013)


It's not that hard to bypass the iCloud activation lock on devices up to iOS 9.2 so TouchID isn't that safe either.

posted on 21 Jan 2016, 08:53

24. natypes (Posts: 1043; Member since: 02 Feb 2015)


It's not? I'm not so sure about that.

posted on 21 Jan 2016, 09:28 3

32. RebelwithoutaClue (Posts: 2639; Member since: 05 Apr 2013)


No it's not, just use an iCloud DNS bypass (change the dns server) like 104.155.28.90 and you're good to go

posted on 21 Jan 2016, 09:56 1

37. natypes (Posts: 1043; Member since: 02 Feb 2015)


Yeah, you can get into the phone, but it will not be a fully working phone will it?

posted on 22 Jan 2016, 01:45

79. RebelwithoutaClue (Posts: 2639; Member since: 05 Apr 2013)


True, and not permanently, since when you put the normal DNS back it will be directed to the Apple server again.

posted on 21 Jan 2016, 10:12 3

44. Wiencon (Posts: 1719; Member since: 06 Aug 2014)


You're talking crap, no one has been able to bypass iCloud security, all these solutions/sites are scam or just not working

posted on 21 Jan 2016, 11:06 2

52. Mxyzptlk (Posts: 10586; Member since: 21 Apr 2012)


Psst his username says it all.

posted on 22 Jan 2016, 01:44

78. RebelwithoutaClue (Posts: 2639; Member since: 05 Apr 2013)


Hahaha still butt sore from the last time?

posted on 22 Jan 2016, 03:06

80. Mxyzptlk (Posts: 10586; Member since: 21 Apr 2012)


You wish. Maybe you should get a clue.

posted on 22 Jan 2016, 03:55

81. RebelwithoutaClue (Posts: 2639; Member since: 05 Apr 2013)


Awwww mr broken record.. over and over and over again. You crack me up lol

posted on 22 Jan 2016, 01:43

77. RebelwithoutaClue (Posts: 2639; Member since: 05 Apr 2013)


Then why have I succeeded in doing so? Perhaps not permanently, but enough to make a backup

posted on 21 Jan 2016, 08:29 2

21. Guaire (Posts: 495; Member since: 15 Oct 2014)


http://www.phonearena.com/news/Did-you-know-a-new-device-called-IP-Box-can-crack-your-4-digit-iPhone-passcode-in-less-than-17-hours_id76971

posted on 23 Jan 2016, 13:10

84. oozz009 (Posts: 469; Member since: 22 Jun 2015)


Lol that's why Apple added six digit iPhone passcode on iOS 9. Furthermore, even before iOS 9 you had the option for unlocking your iPhone via a password instead.

posted on 21 Jan 2016, 08:39

23. twens (Posts: 953; Member since: 25 Feb 2012)


In my country people bypass iCloud locked iPhones all the time. Lol

posted on 21 Jan 2016, 09:00

26. natypes (Posts: 1043; Member since: 02 Feb 2015)


Samsung has a reactivation lock program just like Apple. Works great. I actually implemented a change at work and we now put it on all Samsung devices. We are over 80% Samsung and I have 1300+ users that I provide support to.

I have it on my phone, but even working (and visiting occasionally, but not living) in a high crime area I'm not that worried about someone stealing my phone. I don't leave it anywhere and I'm not worried about anyone taking it from me.

posted on 21 Jan 2016, 09:06

28. ibend (Posts: 3195; Member since: 30 Sep 2014)


of course not.. FPscanner is just lockscreen replacement, so you can save your phone from your friend or kids...

If thief got your phone, that mean its gone.... doesnt care its android, iOS, or whatever, its still gone.. (unless you found it again in eBay or something :-/)

posted on 21 Jan 2016, 14:30

62. natypes (Posts: 1043; Member since: 02 Feb 2015)


You'd be surprised. I've tracked and found several. It's not an extremely high success rate, but it does happen. Problem is most Android users do not know about Android Device manager. Once again Google just does not advertise things.

Want to comment? Please login or register.

Latest stories