Feeds

back to article Fandroids at pranksters' mercy: Android remote password reset now live

Android users can now lock their handsets from afar as Google enables what looks like the perfect feature for office pranksters. Making a lost Android handset ring and wiping all the data on a stolen device have been standard features in the advertising giant's mobile operating system for a while. Now, however, a mislaid Android …

COMMENTS

This topic is closed for new posts.

Page:

This has been available for Corporate Google Apps customers for a while now, good to see it's been pushed out to the free version.

9
0
Silver badge

It is also available to a phone that has an exchange account attached. Has been there for quite some time.

3
0
Silver badge

Provided that it works

I tested the device manager on 5 android test devices floating around my desk as well as my phone.

Guess what - it did not work on _ANY_ of them. Mix of stock firmware and Cyanogen. Does not work on either.

So for the time being I am going to stick to "where is my droid"

0
1
Silver badge

Re: Provided that it works

Works fine here on a Galaxy S4 running standard Jellybean. The location and remote ring services run OK on a Galaxy S3 with CM 10.2, but not the lock or erase functions, presumably there's no support for them in the CM code as yet.

GJC

1
0
Bronze badge

Re: Provided that it works

Doesn't seem to work when connected to some WiFi networks.

Works every time on mobile network.

0
0
Bronze badge

Re: Provided that it works

If only, 4 devices, some on WiFi, some on mobile, all enabled, all had PLay services data flushed and remote wipe re-enabled and device restarted.

Not one shows up on ADM. Of course my phone (Galaxy SII) is showing up in my normal Google profile.

I suppose I'll get round to checking again in a month or two and see if it's sprung to life.

0
0
Silver badge

Isn't this in iOS7 and has been available for BB phones for years.

2
8
Silver badge

Yes, plenty of third party suppliers for android and cross platform. I think the remote password change is the novelty, not sure if that's an iOS thing?

Personally I prefer the preyproject tool, similar but cross platform and more importantly can take photos of the webcam and desktop to help get your stuff back. Give the police an address and a photo of the thief, they get an easy collar with good chance of prosecution, you get your phone or laptop back. It's free for upto 3 devices, for me that's laptop, tablet and phone. Worth a look.

0
0
Bronze badge

RE: an easy collar

Doubt they'd even do anything unless there was violence involved in the theft. There was a case reported on El Reg a while back where someone reported their apple laptop stolen and gave the police the location and photos of the person using it. Think he was being done for invasion of prvacy as he was posting stuff of the bloke 'enjoying' himself online.

1
0
Anonymous Coward

Re: RE: an easy collar

Depends the force; my wife "lost" an HTC One on a train last year and reported it to the British Transport Police.

They were delighted to hear about the AndroidLost app that I had installed on it, were keen to see the pictures of a half tiled wall the front camera took and went round to the address it thought it was at.

Unfortunately the "Eastern European" builders who were working on the house at that address were nowhere to be seen and it was never recovered but their enthusiasm for the chase was welcome.

My pal on what was then Strathclyde polis reckoned he'd be too bust nabbing murderers and rapists etc to show the enthusiasm his trainspotting colleagues had but thought it was a nice idea nonetheless...

1
0

Re: RE: an easy collar

"My pal on what was then Strathclyde polis reckoned he'd be too bust nabbing murderers and rapists etc to show the enthusiasm his trainspotting colleagues had but thought it was a nice idea nonetheless..."

I really hate that lame excuse. But since there are less than 1000 murders in the UK and around 130,000 full-time police officers, maybe they are a bit busy.

(Rape is a very much higher number but since the majority are actually committed by people known to the victims there doesn't appear to be much the police need to do there either.)

0
0
Anonymous Coward

Re: RE: an easy collar

(Rape is a very much higher number but since the majority are actually committed by people known to the victims there doesn't appear to be much the police need to do there either.)

If you spoke to him you'd very soon be disabused of that notion; every (and I mean every) case has to be treated in exactly the same way and to the same level of detail. Whilst this may seem reasonable, tell that to the genuine victim whose case is assigned the same meagre resource as that of the person very obviously crying wolf for the second or even third time. It happens more than you would believe.

1
0
Anonymous Coward

Iphone

You can do the same prank on an iphone user if they are logged into icloud.

It's like the old change the language to Swedish prank.

3
2
Bronze badge

Re: Iphone

Nope, iCloud needs the password again for 'find my phone'

2
0
Bronze badge

Re: Iphone

Nope - on iPhone you need to explicitly enter your password to remotely manage a device through Find my iPhone.

The equivalent on an iPhone would be if you could remotely reset through the iTunes Store...

1
0
Silver badge
WTF?

Did I understand this right?

1. So you log into gmail or Google+ or whatever.

2. You leave the computer, perhaps going so far as to minimise the browser but not locking the screen.

3. Colin Hunt goes to play.google.com and unleashes all sorts of mayhem as you're already logged into your Google account.

That can't be right, can it?

(Thank goodness I have a Google ID just for my phone.)

1
0
Silver badge

Re: Did I understand this right?

Sounds like it, but perhaps the 2FA which I urge everyone to enable anyway will mean this isn't a problem?

0
0
Silver badge

Re: Did I understand this right?

yes thats how it works. It is no different than having an exchange account on your phone then leave you OWA open on a desktop somewhere (where wipe phone has been an option for some time).

1
0
Bronze badge

Re: Did I understand this right?

Stop at step 1...

1. So you log into gmail or Google+ or whatever.

Why log in at work to gmail or google+ ? Isn't that why you've got a phone or tablet in the first place? To access your stuff when not at home?

I never log in at work, only at home. So, if someone is remote wiping my phone, I'd be far more concerned that they'd broken into my house and hacked my laptop.

Having said that, does anyone know if you need to re-enter your password to wipe it? Don't fancy trying it, just to test the theory.

1
0
Bronze badge
Childcatcher

Re: Did I understand this right?

I think for the wipe you should be made to re-enter your Google account password, other than that its handy for users of services which have disappeared (I.e HTC used to have a service for this which disappeared last year after they retired it)

1
0
Silver badge

Re: Did I understand this right?

(Thank goodness I have a Google ID just for my phone.)

Not to worry Colin Hunt will just use your corporate email instead and send everyone you work with an email that says you like small boys.

ALWAYS lock the screen. ALWAYS. If you do not it is your own fault if something nefarious happens.

4
0

Re: Did I understand this right?

"Why log in at work to gmail or google+ ? Isn't that why you've got a phone or tablet in the first place? To access your stuff when not at home?"

Because I have bigger monitors attached to my work computer than on my phone. It also has a better keyboard.

1
0
Anonymous Coward

Re: Did I understand this right?

"Why log in at work to gmail or google+ ?"

Because due to the whining of many colleagues the Blackberries have all been retired for Samsungs and you need a Google Play account to download certain items of mandatory corporate sanctioned software.

0
0
Bronze badge

Re: Did I understand this right?

mandatory corporate sanctioned software.

hmmm.. fair enough.

0
0
Silver badge

Re: Did I understand this right?

We use "2simple" build a profile. It is for EYFS monitoring. That is grabbed from iTunes and google play quite legitimately.

0
0
Anonymous Coward

"and it's a goldmine for the prankster who comes across a desktop computer left logged into Google."

and the same can be said for Apple devices!

Funny El Rego Hacko Boyo forgotten to mention that.

(Not funny but expected now)

2
0
Silver badge

Fandroids left at pranksters' mercy

Errm, only if they have your Google password, and if they have that, they can also delete all your emails, send an email to your parents that you are turning gay, and email Amazon and ask if they sell nails, pressure cookers and fertilizer.

The headline is VERY misleading, as it pretends that someone can prank you at will, they quite clearly can't, they need to know your Google password, and if they have that, your phone being wiped is frankly the least of your worries....

3
0
Anonymous Coward

Re: Fandroids left at pranksters' mercy

some of us have the sense NOT to use GMail other than registering the phone.(The same goes for Hotmail, only used for throw away email addys)

3
2
Silver badge

Re: Fandroids left at pranksters' mercy

Why, what have you got to hide? I don't give a crap what government agency scans my email, I just hope whilst they are at it, they delete the spam. But to be fair, since migrating to GMail, I rarely get spam anymore, the collaborative power of billions of gmail accounts mean spam is easily spotted by Google and dumped.

2
2
142

Re: Fandroids left at pranksters' mercy

The problem isn't what you have got to hide today, but what innocent behaviour have got to hide tomorrow. Read up on McCarthyism. Things can change and they can change quickly, even in stable, democratic countries. If that happened in 20th century US is can certainly happen in 21st century UK. Imagine what would have happened had that rogue US politician had access to something like PRISM et al?

The highlighted post here is worth reading: www.reddit.com/r/changemyview/comments/1fv4r6/i_believe_the_government_should_be_allowed_to/caeb3pl?context=3

Now I'm on record in el reg comments as saying that there's probably no point trying to avoid he surveillance as it's so extensive. Anything you do is a false sense of security in reality, short of unplugging completely or making things extremely unusable. But to say "what have you got to hide" is a different kettle of fish entirely...

2
0
Bronze badge

NSA angle

So, seeing as the NSA has access to GMail, this means they can wipe all Android phones at will, right?

3
0
Silver badge

Re: NSA angle

Yes but they wont use the password wipe feature, they prefer to keep knowing what your up to.

1
0
Anonymous Coward

same or similar on Windows Phone

I can "lock" "ring" or "erase" once I've logged in to the windowsphone website and with one's Microsoft account. (can also show my phone location on a map, though the CEP is too wide to identify which room it's in, let alone which jacket pocket I've left it it.)

If you know my MS account I'm sure there are worse things that could be done - buying a Windows 8 upgrade or 100 Exchange licences....

3
0
Bronze badge
Windows

Re: same or similar on Windows Phone

That is just cruel. What would anyone do with a Windows 8 license?

3
0
Silver badge

Re: same or similar on Windows Phone

What would anyone do with a Windows 8 license?

Inflict it upon an innocent victim with neither mercy nor remorse.

There's some sick fuckers out there.

1
0
Bronze badge

Prank?

If you leave your office computer unlocked when you walk away from it then someone could also play a hilarious prank like deleting the departmental folder, or sending an e-mail to the boss to tell him he is an idiot ... etc.

That's why a normal corporate IT policy will include not locking your PC or using someone else's PC under their account as a disciplinary offence.

3
0
Bronze badge

Re: Prank?

My old favourite was to take a screen shot of their desktop, with task bar and icons etc. Then hide all the icons and minimise the task bar (auto-hide), then set the previous screen shot as the wall paper and walk away.

Some people got it quite quickly, other people not so much, although the room full of sniggering people usually gave the game away eventually!

1
0
Bronze badge

Re: Prank?

Round here there is a penalty for walking away with your PC unlocked as you will find you have sent an email around the office promising doughnuts for afternoon tea-break. Tends to concentrate the mind much better than vague 'mis-use of corporate IT equipment' type phrases.

3
0
Silver badge
Happy

Re: Prank?

Mmmmm, negligence-driven donut....(drools)

0
0
WTF?

Security flaw in all online banking too

If you log onto your online bank and walk away from the computer, somebody could access your account and steal all you money.

OMG the same flaw is in every email system aswell. Apparently this gaping security hole also works if you use 2 factor authentication

QUICK SHUT DOWN THE INTERNET, NOTHING IS SAFE!!!!!!

New Headline,

EL Reg writer in Sensationalist Non-Headline shocker

"I don't know anything about technology, but I've got a media studies degree" says hack.

6
0

Re: Security flaw in all online banking too

My online banking demands I reenter my password before any attempt to move money. As it should be.

My computer lets me change its password, but demands the old password first. As it should be.

The only issue I can think of with demanding a password to perform a reset on the phone is that if someone has forgotten their password while the phone is stolen, it might, at present, be difficult to have a secure way to reset the password, other than relying upon an email. And whoever has access the the web page already has access to the owner's gmail.

The solution to that would be the usual security questions, 'what color of hair does your third cousin twice removed have?' and things like that.

0
0

Password confirmation

Surely it will ask you to confirm your google password before it actually locks or wipes your phone. Even if you did leave your account logged in. I don't particularly want to try it though!

0
0

Re: Password confirmation

I haven't tried the remote wipe, but it certainly doesn't ask for the password again for remote lock .

0
0
Silver badge

So

You have to opt-in to the dangerous setting (meaning 99%+ won't), leave your PC wide open and have the misfortune of having someone use that PC who is knowledgable enough to use the service and malicious enough to wipe the phone.

It doesn't seem very likely. Although perhaps Google should prompt the user for their password again before permitting the action to occur.

3
0
Bronze badge
Meh

Hmm...

Must be doing something wrong here; I can locate the phone easy enough in the Play Store, but to wipe it, I've got to activate the facility in the device manager on the phone - this does not appear to be where they said it'd be (settings)?! Or is this another case of a provider deleting the facility to prevent users from having "unfortunate accidents"?

0
0
Bronze badge

Re: Hmm...

check your version of Google Play Services, you need a version 3.2.25 or higher. I had to manually update it, reboot and all was working.

0
0

Re: Hmm...

>>this does not appear to be where they said it'd be (settings)?!

its in the Google settings app - not the phone settings... two very different things.

0
0
Bronze badge

Passwords. Meh!

Never use one on my phone. Let's face it. If they are going to pinch the phone and find they can't get in because of a password they are likely going to do a USB wipe anyway (Some apps can now block that) and you won't have anything to stop them. I have a block on roaming, premium rate numbers and international calls so no issues there. They may get away with calling a few local friends but that's it. I find passwords on phones just another layer to have to get through when I want to make a quick call.

0
1

Re: Passwords. Meh!

Wow. Just Wow.

I can only assume you are taking the piss?

0
0
Anonymous Coward

How about taking a photo with the front camera? or is that too useful for the NSA?

0
0

Page:

This topic is closed for new posts.