Google Device Manager is a pointless tool
« Monday, October 28, 2013 »

android google

Recently, my girlfriend got her phone stolen. It is an android phone and wondered how android device manager could be useful finding her phone. To be honest, I believe that the service offered by google is halfway done. I believe that the whole thing about “remote controlling” devices is quite serious. On one side it gives the user unlimited power on his own device and on the other side it might give unlimited power to anybody that has access to your account.

I guess that anyone reading this already know what you can do with the google service. But for those who aren't aware:

  • Make the phone ring
  • Get position on google map of your phone
  • Factory reset

Sounds good at first, but here's the catch. If sound is disabled on the phone, the phone will not ring. The google device manager will tell you that the phone has sound disabled. It might not work like that on every phone but the phone that got stolen cannot ring because the sound is disabled. The position of the phone can't be tracked. If the phone doesn't have an internet connection at the moment you are checking. You'll never get a position. And last but not least, to be able to trigger a factory reset, you have to enable first factory reset on your phone. Which mean that if you have your phone stolen and you didn't do it first. You can send a notification to your phone and hope that the guy that stole the phone will accept the notification and allow remote factory resets.

Stupidity has no limit

I wondered what would happen if the guy who stole the phone will remove the google account from the phone. In all honesty, I admit that it isn't probably the easiest situation to handle and I'm not really surprised with what happens next. Once someone delete/unlink the google account from the stolen phone. Your google account will get automatically unlinked from the phone. When you'll check the google device manager page located here after a day that you deleted your account from the phone. You'll have the unpleasant surprise that you do not possess any phone anymore. The google device manager will tell you: “You don't have any phone on your account… go get one now!”. As I understand, if a robberer removes the account from the phone. It will automatically unlink her account from her phone and tracking the device through google device manager won't be possible anymore!!

This situation that seems quite hard to solve could be easily done in my opinion. When a google account gets unlinked from the phone, it should send a notification by mail to ask you “Did you really want to unlink your phone from that phone?”. To that answer, if you answer yes. You loose the phone, if you answer no, you should still have access to the phone and why not, have access to the new owner's email. and phone number. Has the account gets unlinked, it wouldn't be possible from to read emails from gmails on the phone. All cookies related to could be deleted too.

That way, you can mail the person or call him. The phone number can be used back with the police that has without a doubt information about the user who is using the phone. When registering a phone simcard, usually personal information are enough to find where the person lives and who it is. If we could have direct access to the phone umber or email of the user who stole the phone. We could easily get our phone back.

There is one last problem to my solution. What if someone sells you his phone but still want to keep the phone linked to his google account. Google could provide a tool that tells you if the phone is owned. For example, asking for the IMEI number and check if a google account is linked to it. If it isn't linked to any phone, then it would say that the phone has no owner and is safe to buy.

What about other applications?

Are other applications protecting users from factory resets? If applications aren't available on a newly factory resetted phone. You loose everything anyway. Having this kind of security as explained doesn't disclose much more information to a hacker that would take control of the phone but gives a really good tool to help the police get your phone back in your hands.

Last but not least

I realize that android is cool because you can install new roms with updates and so on. I belive that the process of updating rom should be protected by a password. The password would be user defined or factory set. Without the password, it wouldn't be possible to install updates/roms.

If someone with skill could steal a phone, reset it with a custom rom which makes the system I described above useless. then a password protected rom flash would make our phones much more secure than they are.

I believe that a tool like google device manager should be much more useful than it currently is. It's pointless to have a button to make the phone ring if the remote controlling service cannot turn the volume up… It is pointless to have a remote control of factory reset if you first have to enable it on the hone and that it will erase everything… while I'm not even sure because the button also says that it won't delete personal data. So you can ask yourself: If the factory resets doesn't delete my personal data… what's the point? The position tracking doesn't actually track the position of the device and doesn't allow you to save the map so you can show to someone else. From the map, you can't even have directions to the location that it is pointing too.

At first, I had some hope that we could get the phone back because of this feature. But I'm sure that if the guy removes her account from the phone…It will be like a really sad joke. Being able to watch how the phone is getting away… but not being able to chat with the person who is stealing it. But I'm sure that it could be done easily.

comments powered by Disqus

Copyright © 2015 Loïc Faure-Lacroix