What is Factory Reset Protection and why is Android Marshmallow forcing OEMs to include it in their devices
There used to be a time when, if you lost your phone, that was it – it was gone. You’d get in touch with your carrier and report it lost or stolen so any calls or texts wouldn’t be added to your bill, but your options beyond that were pretty limited. A little later on, recovery options were added to help you find out where you phone was (just in case you lost in the couch or at the restaurant). If it was heading down the interstate at 70MPH, you could probably assume that it had been stolen – and you could remotely wipe it.
While these tools can be very helpful, all a thief needs to do is perform a factory reset and pop in a new SIM and they’ve got a brand new phone. Put another way, location tracking and remote wiping don’t discourage theft. For that, there’s something more, and it’s a relatively new feature that you’re going to start seeing more frequently: Factory Reset Protection. If you typically resell your old phones (or buy used phones) you’ll want to pay close attention to this.
Factory Reset Protection
In March 2015, Google introduced a new feature: Device Protection, a component of which is Factory Reset Protection. Many OEMs enabled the new features in their flagship phones in an effort to dissuade would-be thieves. If your phone is powered by Android 5.1 (or later), if you used a Google account on your phone, and if you set up a lock screen, your phone may employ Factory Reset Protection without you even knowing it.
Factory Reset Protection protects your device from someone utilizing a Factory Reset to wipe your phone and use it without your authorization. In the past, if you wanted to reset your phone (or tablet), you could use the Factory data reset feature in the Backup & reset settings or perform the reset through the bootloader interface.
In either case, once the phone as been factory reset, on devices that employ Factory Reset Protection, during the setup process you’ll be met with the following message:
“This device was reset. To continue, sign in with a Google Account that was previously synced on this device.”
Simply put in one of the Google accounts that you had set up on the phone at the time it was factory reset, and you’re good to go. However, if you don’t know that username and password, you’re up the proverbial creek (well, not quite, but we’ll get to that in a moment).
Proper Factory Reset
To avoid this situation, you’ll need to perform a few more steps before you factory reset your phone.
To properly reset your device, if you’ll be reselling it or giving it to someone else, we first suggest that you encrypt your phone. This process takes quite a long time and you’ll need to be plugged into the power, but it will essentially scramble your personal data so it’s virtually impossible to recover by someone else. This step is optional, but highly recommended.
Next, go into Settings, Security, and set your Screen Lock to “None”.
Then, in Settings, Accounts and remove all your accounts, especially your Google accounts.
Last – only after you’ve done the previous steps – then you may perform a factory data reset (Settings, Backup & reset).
Following this method will ensure that your device isn’t tied to a particular Google account and will allow the next person to easily set it up.
Bypassing Factory Reset Protection
Factory Reset Protection isn’t supposed to be something you can bypass – otherwise it’s value is greatly reduced.
That having been said, there is a work-around that has been tested to work on some Samsung devices (and will probably work on others). The “trick” involves the ability to launch the settings from a USB-OTG cable/drive on certain phones. Since the phone doesn’t have any Google account configured, simply factory reset again, and the Factory Reset Protection flag is bypassed, letting you setup the device as if it were new.
We suspect OEMs will release patches to close this hole, but while it’s still out there, this “work around” may be the only way to unlock your used phone.