Fandroids at pranksters' mercy: Android remote password reset now live

Google says 'don't be evil', but it never said we couldn't be mischievous


Android users can now lock their handsets from afar as Google enables what looks like the perfect feature for office pranksters.

Making a lost Android handset ring and wiping all the data on a stolen device have been standard features in the advertising giant's mobile operating system for a while. Now, however, a mislaid Android handset can have a new password set remotely for when one's phone temporarily falls into the wrong hands.

This device password-reset feature must be accessed via Google Play: thus, if you leave a PC or such a machine lying around while logged into the Play store, some wag can sneak over and now kick you out of your gadget. At least it's better than deleting all of your files.

The reset-password-and-lock functionality was widely anticipated, but fan website Android Police noticed that it has this week arrived in the Device Manager available from the Google Play website.

The lock and remote wipe actions only work after they have been enabled in the "Google Settings" app (Android Device Manager > Allow Remote Lock), and one has to be logged into the Google Play account associated with the device before it's possible to activate these features.

But once you're in, the service immediately zooms into the tracked gadget's location and offers all three management options: ring, lock with new password, and erase.

The screen

It's pretty primitive by modern enterprise systems, but enough for the distraught mugging victim who remembers that his passwords for Amazon, Facebook and the office network are all cached in the mobile browser - and thus needs the handset's data deleted pronto.

Remote wipe takes care of that scenario, though, and it's a bit of a struggle to imagine where one would want to remotely change the password of an Android device. If one has forgotten the unlock pattern then it might prove useful – and it's a goldmine for the prankster who comes across a desktop computer left logged into Google. ®


Keep Reading

Google yanks Apple Silicon Chrome port after browser is found to 'crash unexpectedly'

Updated You'll have to run x64 version through the Rosetta emulation layer, or give it access to the Mac Bluetooth radio

Google Firebase Cloud Messaging offers spam tier for some – no account required, just knowledge of bad security

All that's necessary is willingness to abuse server keys exposed in apps and some technical know-how

Microsoft emits 112 security hole fixes – including the cure for a Google-disclosed kernel vuln exploited in the wild

Patch Tuesday Android, Adobe, SAP, Red Hat join the bug-busting party

Alarming news: ADT to flog Nest smart home kit after Google ploughs $450m into corporate security dinosaur

Resell agreement set up amid plans to build next gen of home automation and security gear

Apple and Google tweak key bits of contact-tracing privacy plan

As European nations back decentralised plan that leaves data on the device until users call in sick

Here's US Homeland Security collaring a suspected arsonist after asking Google for the IP addresses of folks who made a specific search

Don't worry, says the internet giant, this doesn't happen too often

Google's home security package flies the Nest, Chocolate Factory pledges software support – for now

In brief Plus: Immigration lawyers for Mountain View breached, SonarQube hack worse than thought, and more

Five bag $300,000 in bug bounties after finding 55 security holes in Apple's web apps, IT infrastructure

Unpatched Cisco VPN servers, access to the iOS source code, AWS secret keys – this is weapons grade 'oof'

Biting the hand that feeds IT © 1998–2020