Android devices, other than those running on Marshmallow, can be remotely accessed by Google due to lack of full disk encryption on those devices. This was revealed in a document prepared by New York District Attorney’s Office to find out effects of full disk encryption on law enforcement.
Devices running on previous versions of Android do not have the facility of full disk encryption allowing Google to remotely access the data in the face of law investigation.
For some other types of Android devices, Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device,
reads the document.
The number of such devices running on previous versions of Android comes to about 74.1% of the total android phones according to Android Developer Dashboard. Even in the case of Marshmallow, full disk encryption was not enabled by default.
However, after this report was published by The Next Web, a Google spokesperson clarified that remote reset was only ever possible for handsets secured with a Pattern (rather than PIN or Password) using a version of Android before Lollipop (5.0). He further added that Google never had the ability to remotely reset encrypted devices.
In the case of Apple, iPhones running on iOS 8 have full disk encryption enabled by default and thus Apple could not access the private data of users. The document, on the whole, however, showed that law enforcement agencies are not particularly excited about the full disk encryption coming in new devices.
Apple’s and Google’s decisions to enable full-disk encryption by default on smartphones means that law enforcement officials can no longer access evidence of crimes stored on smartphones, even though the officials have a search warrant issued by a neutral judge,
the document reads.
Every day, we face real cases with real victims who suffer from the actions of criminals. We are obligated to do everything we can to bring these criminals to justice. But smartphone encryption has caused real – not hypothetical – roadblocks to our ability to solve and prosecute crimes.
The document has also considered the argument that only access to cloud storage, rather than devices itself, is required to ensure public safety. However, another table in the document showed different kinds of data for which warrants could be produced and those data could only be satisfied through device access.
The document has proposed a solution by recommending to enact a statute that requires any designer of an operating system for a smartphone or tablet manufactured, leased, or sold in the U.S. to ensure that data on its devices is accessible pursuant to a search warrant. It has also considered principal objections to the solution mainly regarding the privacy issues of individuals and ensures that the harm to personal security and privacy if the proposal were to be implemented, would be minimal.
The report has listed questions and Manhattan District Attorney’s Office has sent questions to Apple and Google, but at the time of that Report’s publication, they had yet to receive a response.