Home
News
You are here

Updated: Think your Android smartphone with fingerprint scanner is safe from thieves? Think again

By Paul K.

Updated: Jan 21, 2016, 11:33 AM

84comments

Updated: Think your Android smartphone with fingerprint scanner is safe from thieves? Think again

Fingerprint scanners have slowly but surely become a desirable feature in any high-class smartphone. They offer users a quick unlock while providing a stable security wall for any snoopers that may want to dig around the handset, and they discourage thieves, as a fingerprint-secured smartphone is perceived as useless unless in the hands of its owner. Unfortunately, when it comes to most Android smartphones, the latter is more of a myth than actual reality.

When Apple introduced the Touch ID sensor, which essentially popularised the use of biometric scanners on a smartphone, it combined it with the strong iCloud Account Lock feature. As a result, any stolen iPhone (provided, it’s running a more current version of iOS) is essentially turned into a paperweight if it’s not unlocked by its owner. Thanks to the closed system that iOS is, getting past the security is impossible for a layman, and seems to be an endeavour with inconsistent results for hackers. Even authorities confirmed that thieves have become more and more discouraged to snatch iPhones. In reality, iCloud Account Lock works in the same manner even if one only uses a PIN code or password as their main locking feature, but since Touch ID is so widely used, it became synonymous with the strong security.

Android gives users a lot of freedom, which is a double-edged sword

A lot of Android smartphones also have a fingerprint scanner, and the sense of security it provides has also migrated to the Android user base, but in most cases – it’s a false one.

Android is a very open platform, which gives its users access to a lot of nooks and crannies that iOS does not. This is generally considered a plus, as it gives the user a lot of control over their own gadget and that’s cool, but it can be a double-edged sword at times. In our case here, the culprit is the modders’ beloved Recovery Mode – a “behind-the-curtains” boot menu, which allows users to manually flash system ROMs, wipe the phone’s cache, or clear all of its data. And by all of its data, we also mean all of its security settings – it basically reverts it back to factory-default state.

Update: Avid readers have pointed out to us that Samsung has an Activation Lock feature in place. It's a bit out of the way and required us to find and turn it on manually, but it's there. You need to go into Settings -> Security and turn on Activation Lock. This feature did not allow us to use a freshly reset Galaxy Note Edge, running on Android 5.1.1, even if we didn't connect it to the Internet after resetting, so props to Samsung for that. While there are a couple of ways to go around it, they are certainly not obvious, and this is a step in the right direction. Android is supposed to have an Activation Lock of its own since the 5.1 update, which should work similarly, but we haven't been able to get it to work automatically on the various handsets we tested this with. It requires the user to manually access the Android Device Manager, but seeing that it may take you a while between getting your phone stolen and accessing a computer – that's just not good enough.

So, while a potential thief will most probably not have access to the data on your Android smartphone, they can certainly access Recovery Mode, wipe it clean, and use it as their own / resell it. From that point on, you can't track the handset through the Android device manager, nor remotely control it in any way. In contrast – Apple's iCloud Account Lock will not let anyone through (backdoors in older iOS versions can sometimes be found, so it's preferable to always be up to the newest version), which makes the device unusable and significantly lowers its resale value. You will be able to track its location whenever it is on, and even when the thief turns it off — or if its battery dies — it will use its final seconds of on time to send out an updated location to the cloud.

This is not to say "iOS good, Android bad!", but do consider it as a public service announcement – if you’ve been having peace of mind, thinking that locking your Android smartphone will essentially make it worthless for potential thieves, this is probably false, unless they are really thick or easily discouraged (also, unable to use Google). It's great that Androids are getting an Activation Lock, but in our experience – it's a bit forgiving and out-of-the-way in its current state.