| Researchers October 17, 2014
October 17, 2014
"Google's Factory Reset Protection is a great step forward in the industry's aim to alleviate phone theft. This concerted effort from both legislators and industry players targets the heart of the phone theft issue, which is primarily a question of economic incentives. New features such as Factory Reset Protection make it more difficult to use a stolen phone, thereby reducing the incentive to steal them in the first place.
Still, a kill switch will not be the last step in solving the phone theft epidemic. This is a constant cat-and-mouse game between the phone industry and phone thieves. Ultimately, the most significant progress in phone theft reduction will only come through a multi-pronged approach involving widespread industry collaboration, technology innovation, and broad consumer adoption of these new features. If the technology is too difficult to set up or use, it will be effectively useless.
Kill switch is a loaded word - it's a generalization for many different technologies. To some, a kill switch means having the ability to "brick" a phone on demand. To others, this Google Factory Reset Protection does the job. The most effective approach to a “kill switch” will use a combination of intelligent locking and disabling technologies, including tools that let the proper owner of a device re-enable their phone if they recover it. A robust consumer-centric approach such as this would maximize customer adoption and efficacy. Soon, a stolen smartphone would become useless for anyone but its proper owner.” - Samir Gupte, Senior Product Manager
"Though it might seem small, enabling full device encryption by default is a big step forward. Full device encryption has been available since Ice Cream Sandwich, but it's been an optional device setting that required users to manually activate it. The vast majority of Android users don't delve deep into the Security Settings menus and turn this on, so a lot more smartphone users are going to be much better protected going forward.
Another noteworthy security change in Android L is setting the default SELinux policies to "enforcing mode," which means your phone is much more protected against privilege escalation attacks and malicious rooting threats. It will likely have the unfortunate side-effect of causing compatibility issues for non-malicious "root apps" that are popular in the device enthusiast community, but the security up-side is significant and it's a big step forward." - Derek Halliday, Director of Product Management
“We’re excited about Google’s focus on the enterprise in Android Lollipop. Support for a corporate user profile on Android smartphones means companies will be able to fluidly protect corporate data. The technology provides an elegant way of segmenting and managing corporate data without significantly impacting usability, and maintaining user privacy. For businesses, the separation of consumer and corporate profiles means much more control over corporate assets, stopping third-party apps from accessing corporate data, while letting the consumer profile act in the free environment that makes Android, well... Android.
Corporate user profiles in Lollipop go a long way towards making Android devices great mobile productivity tools. But if the device itself is compromised in any way, corporate data is put at risk. Combined with effective Mobile Device Management and a reliable way to establish that the device or operating system are not compromised, with Lollipop, CIOs can confidently allow mobile productivity while securing corporate data on Android devices.” - Aaron Cockerill, VP of EnterpriseAndroid Lollipop image via Birdies100/Flickr