back to article Fandroids at pranksters' mercy: Android remote password reset now live

Android users can now lock their handsets from afar as Google enables what looks like the perfect feature for office pranksters. Making a lost Android handset ring and wiping all the data on a stolen device have been standard features in the advertising giant's mobile operating system for a while. Now, however, a mislaid …

COMMENTS

This topic is closed for new posts.
  1. Bog witch

    This has been available for Corporate Google Apps customers for a while now, good to see it's been pushed out to the free version.

    1. Danny 14

      It is also available to a phone that has an exchange account attached. Has been there for quite some time.

    2. Voland's right hand Silver badge

      Provided that it works

      I tested the device manager on 5 android test devices floating around my desk as well as my phone.

      Guess what - it did not work on _ANY_ of them. Mix of stock firmware and Cyanogen. Does not work on either.

      So for the time being I am going to stick to "where is my droid"

      1. Geoff Campbell Silver badge

        Re: Provided that it works

        Works fine here on a Galaxy S4 running standard Jellybean. The location and remote ring services run OK on a Galaxy S3 with CM 10.2, but not the lock or erase functions, presumably there's no support for them in the CM code as yet.

        GJC

      2. Dr_N

        Re: Provided that it works

        Doesn't seem to work when connected to some WiFi networks.

        Works every time on mobile network.

        1. Anonymous Coward
          Anonymous Coward

          Re: Provided that it works

          If only, 4 devices, some on WiFi, some on mobile, all enabled, all had PLay services data flushed and remote wipe re-enabled and device restarted.

          Not one shows up on ADM. Of course my phone (Galaxy SII) is showing up in my normal Google profile.

          I suppose I'll get round to checking again in a month or two and see if it's sprung to life.

  2. James 51

    Isn't this in iOS7 and has been available for BB phones for years.

    1. Cliff

      Yes, plenty of third party suppliers for android and cross platform. I think the remote password change is the novelty, not sure if that's an iOS thing?

      Personally I prefer the preyproject tool, similar but cross platform and more importantly can take photos of the webcam and desktop to help get your stuff back. Give the police an address and a photo of the thief, they get an easy collar with good chance of prosecution, you get your phone or laptop back. It's free for upto 3 devices, for me that's laptop, tablet and phone. Worth a look.

      1. wikkity

        RE: an easy collar

        Doubt they'd even do anything unless there was violence involved in the theft. There was a case reported on El Reg a while back where someone reported their apple laptop stolen and gave the police the location and photos of the person using it. Think he was being done for invasion of prvacy as he was posting stuff of the bloke 'enjoying' himself online.

        1. Anonymous Coward
          Anonymous Coward

          Re: RE: an easy collar

          Depends the force; my wife "lost" an HTC One on a train last year and reported it to the British Transport Police.

          They were delighted to hear about the AndroidLost app that I had installed on it, were keen to see the pictures of a half tiled wall the front camera took and went round to the address it thought it was at.

          Unfortunately the "Eastern European" builders who were working on the house at that address were nowhere to be seen and it was never recovered but their enthusiasm for the chase was welcome.

          My pal on what was then Strathclyde polis reckoned he'd be too bust nabbing murderers and rapists etc to show the enthusiasm his trainspotting colleagues had but thought it was a nice idea nonetheless...

          1. Badvok

            Re: RE: an easy collar

            "My pal on what was then Strathclyde polis reckoned he'd be too bust nabbing murderers and rapists etc to show the enthusiasm his trainspotting colleagues had but thought it was a nice idea nonetheless..."

            I really hate that lame excuse. But since there are less than 1000 murders in the UK and around 130,000 full-time police officers, maybe they are a bit busy.

            (Rape is a very much higher number but since the majority are actually committed by people known to the victims there doesn't appear to be much the police need to do there either.)

            1. Anonymous Coward
              Anonymous Coward

              Re: RE: an easy collar

              (Rape is a very much higher number but since the majority are actually committed by people known to the victims there doesn't appear to be much the police need to do there either.)

              If you spoke to him you'd very soon be disabused of that notion; every (and I mean every) case has to be treated in exactly the same way and to the same level of detail. Whilst this may seem reasonable, tell that to the genuine victim whose case is assigned the same meagre resource as that of the person very obviously crying wolf for the second or even third time. It happens more than you would believe.

  3. Anonymous Coward
    Anonymous Coward

    Iphone

    You can do the same prank on an iphone user if they are logged into icloud.

    It's like the old change the language to Swedish prank.

    1. jubtastic1

      Re: Iphone

      Nope, iCloud needs the password again for 'find my phone'

    2. Lord Elpuss Silver badge

      Re: Iphone

      Nope - on iPhone you need to explicitly enter your password to remotely manage a device through Find my iPhone.

      The equivalent on an iPhone would be if you could remotely reset through the iTunes Store...

  4. Dan 55 Silver badge
    WTF?

    Did I understand this right?

    1. So you log into gmail or Google+ or whatever.

    2. You leave the computer, perhaps going so far as to minimise the browser but not locking the screen.

    3. Colin Hunt goes to play.google.com and unleashes all sorts of mayhem as you're already logged into your Google account.

    That can't be right, can it?

    (Thank goodness I have a Google ID just for my phone.)

    1. Cliff

      Re: Did I understand this right?

      Sounds like it, but perhaps the 2FA which I urge everyone to enable anyway will mean this isn't a problem?

      1. Danny 14

        Re: Did I understand this right?

        yes thats how it works. It is no different than having an exchange account on your phone then leave you OWA open on a desktop somewhere (where wipe phone has been an option for some time).

    2. thesykes

      Re: Did I understand this right?

      Stop at step 1...

      1. So you log into gmail or Google+ or whatever.

      Why log in at work to gmail or google+ ? Isn't that why you've got a phone or tablet in the first place? To access your stuff when not at home?

      I never log in at work, only at home. So, if someone is remote wiping my phone, I'd be far more concerned that they'd broken into my house and hacked my laptop.

      Having said that, does anyone know if you need to re-enter your password to wipe it? Don't fancy trying it, just to test the theory.

      1. John Wilson

        Re: Did I understand this right?

        "Why log in at work to gmail or google+ ? Isn't that why you've got a phone or tablet in the first place? To access your stuff when not at home?"

        Because I have bigger monitors attached to my work computer than on my phone. It also has a better keyboard.

      2. Anonymous Coward
        Anonymous Coward

        Re: Did I understand this right?

        "Why log in at work to gmail or google+ ?"

        Because due to the whining of many colleagues the Blackberries have all been retired for Samsungs and you need a Google Play account to download certain items of mandatory corporate sanctioned software.

        1. thesykes

          Re: Did I understand this right?

          mandatory corporate sanctioned software.

          hmmm.. fair enough.

          1. Danny 14

            Re: Did I understand this right?

            We use "2simple" build a profile. It is for EYFS monitoring. That is grabbed from iTunes and google play quite legitimately.

    3. Captain Scarlet
      Childcatcher

      Re: Did I understand this right?

      I think for the wipe you should be made to re-enter your Google account password, other than that its handy for users of services which have disappeared (I.e HTC used to have a service for this which disappeared last year after they retired it)

    4. Irongut Silver badge

      Re: Did I understand this right?

      (Thank goodness I have a Google ID just for my phone.)

      Not to worry Colin Hunt will just use your corporate email instead and send everyone you work with an email that says you like small boys.

      ALWAYS lock the screen. ALWAYS. If you do not it is your own fault if something nefarious happens.

  5. Anonymous Coward
    Anonymous Coward

    "and it's a goldmine for the prankster who comes across a desktop computer left logged into Google."

    and the same can be said for Apple devices!

    Funny El Rego Hacko Boyo forgotten to mention that.

    (Not funny but expected now)

  6. Anonymous Coward
    Anonymous Coward

    Fandroids left at pranksters' mercy

    Errm, only if they have your Google password, and if they have that, they can also delete all your emails, send an email to your parents that you are turning gay, and email Amazon and ask if they sell nails, pressure cookers and fertilizer.

    The headline is VERY misleading, as it pretends that someone can prank you at will, they quite clearly can't, they need to know your Google password, and if they have that, your phone being wiped is frankly the least of your worries....

    1. Anonymous Coward
      Anonymous Coward

      Re: Fandroids left at pranksters' mercy

      some of us have the sense NOT to use GMail other than registering the phone.(The same goes for Hotmail, only used for throw away email addys)

      1. Anonymous Coward
        Anonymous Coward

        Re: Fandroids left at pranksters' mercy

        Why, what have you got to hide? I don't give a crap what government agency scans my email, I just hope whilst they are at it, they delete the spam. But to be fair, since migrating to GMail, I rarely get spam anymore, the collaborative power of billions of gmail accounts mean spam is easily spotted by Google and dumped.

        1. 142

          Re: Fandroids left at pranksters' mercy

          The problem isn't what you have got to hide today, but what innocent behaviour have got to hide tomorrow. Read up on McCarthyism. Things can change and they can change quickly, even in stable, democratic countries. If that happened in 20th century US is can certainly happen in 21st century UK. Imagine what would have happened had that rogue US politician had access to something like PRISM et al?

          The highlighted post here is worth reading: www.reddit.com/r/changemyview/comments/1fv4r6/i_believe_the_government_should_be_allowed_to/caeb3pl?context=3

          Now I'm on record in el reg comments as saying that there's probably no point trying to avoid he surveillance as it's so extensive. Anything you do is a false sense of security in reality, short of unplugging completely or making things extremely unusable. But to say "what have you got to hide" is a different kettle of fish entirely...

  7. Tom_

    NSA angle

    So, seeing as the NSA has access to GMail, this means they can wipe all Android phones at will, right?

    1. Khaptain Silver badge

      Re: NSA angle

      Yes but they wont use the password wipe feature, they prefer to keep knowing what your up to.

  8. Anonymous Coward
    Anonymous Coward

    same or similar on Windows Phone

    I can "lock" "ring" or "erase" once I've logged in to the windowsphone website and with one's Microsoft account. (can also show my phone location on a map, though the CEP is too wide to identify which room it's in, let alone which jacket pocket I've left it it.)

    If you know my MS account I'm sure there are worse things that could be done - buying a Windows 8 upgrade or 100 Exchange licences....

    1. Adam 1
      Windows

      Re: same or similar on Windows Phone

      That is just cruel. What would anyone do with a Windows 8 license?

      1. M Gale

        Re: same or similar on Windows Phone

        What would anyone do with a Windows 8 license?

        Inflict it upon an innocent victim with neither mercy nor remorse.

        There's some sick fuckers out there.

  9. DaLo

    Prank?

    If you leave your office computer unlocked when you walk away from it then someone could also play a hilarious prank like deleting the departmental folder, or sending an e-mail to the boss to tell him he is an idiot ... etc.

    That's why a normal corporate IT policy will include not locking your PC or using someone else's PC under their account as a disciplinary offence.

    1. Boothy

      Re: Prank?

      My old favourite was to take a screen shot of their desktop, with task bar and icons etc. Then hide all the icons and minimise the task bar (auto-hide), then set the previous screen shot as the wall paper and walk away.

      Some people got it quite quickly, other people not so much, although the room full of sniggering people usually gave the game away eventually!

      1. Kevin Johnston

        Re: Prank?

        Round here there is a penalty for walking away with your PC unlocked as you will find you have sent an email around the office promising doughnuts for afternoon tea-break. Tends to concentrate the mind much better than vague 'mis-use of corporate IT equipment' type phrases.

        1. Anonymous Coward
          Happy

          Re: Prank?

          Mmmmm, negligence-driven donut....(drools)

  10. RainForestGuppy
    WTF?

    Security flaw in all online banking too

    If you log onto your online bank and walk away from the computer, somebody could access your account and steal all you money.

    OMG the same flaw is in every email system aswell. Apparently this gaping security hole also works if you use 2 factor authentication

    QUICK SHUT DOWN THE INTERNET, NOTHING IS SAFE!!!!!!

    New Headline,

    EL Reg writer in Sensationalist Non-Headline shocker

    "I don't know anything about technology, but I've got a media studies degree" says hack.

    1. R 11

      Re: Security flaw in all online banking too

      My online banking demands I reenter my password before any attempt to move money. As it should be.

      My computer lets me change its password, but demands the old password first. As it should be.

      The only issue I can think of with demanding a password to perform a reset on the phone is that if someone has forgotten their password while the phone is stolen, it might, at present, be difficult to have a secure way to reset the password, other than relying upon an email. And whoever has access the the web page already has access to the owner's gmail.

      The solution to that would be the usual security questions, 'what color of hair does your third cousin twice removed have?' and things like that.

  11. Callam McMillan

    Password confirmation

    Surely it will ask you to confirm your google password before it actually locks or wipes your phone. Even if you did leave your account logged in. I don't particularly want to try it though!

    1. Argh

      Re: Password confirmation

      I haven't tried the remote wipe, but it certainly doesn't ask for the password again for remote lock .

  12. DrXym

    So

    You have to opt-in to the dangerous setting (meaning 99%+ won't), leave your PC wide open and have the misfortune of having someone use that PC who is knowledgable enough to use the service and malicious enough to wipe the phone.

    It doesn't seem very likely. Although perhaps Google should prompt the user for their password again before permitting the action to occur.

  13. Roger Stenning
    Meh

    Hmm...

    Must be doing something wrong here; I can locate the phone easy enough in the Play Store, but to wipe it, I've got to activate the facility in the device manager on the phone - this does not appear to be where they said it'd be (settings)?! Or is this another case of a provider deleting the facility to prevent users from having "unfortunate accidents"?

    1. thesykes

      Re: Hmm...

      check your version of Google Play Services, you need a version 3.2.25 or higher. I had to manually update it, reboot and all was working.

    2. BenM 29 Silver badge

      Re: Hmm...

      >>this does not appear to be where they said it'd be (settings)?!

      its in the Google settings app - not the phone settings... two very different things.

  14. Dick Emery

    Passwords. Meh!

    Never use one on my phone. Let's face it. If they are going to pinch the phone and find they can't get in because of a password they are likely going to do a USB wipe anyway (Some apps can now block that) and you won't have anything to stop them. I have a block on roaming, premium rate numbers and international calls so no issues there. They may get away with calling a few local friends but that's it. I find passwords on phones just another layer to have to get through when I want to make a quick call.

    1. ansi.sys

      Re: Passwords. Meh!

      Wow. Just Wow.

      I can only assume you are taking the piss?

  15. Anonymous Coward
    Anonymous Coward

    How about taking a photo with the front camera? or is that too useful for the NSA?

  16. Chris Gray 1

    Turn off WiFi

    My home Wifi router blocks nearly everything inbound. That seems to be why this didn't work for me when WiFi was on in the phone. It worked when I tried again with WiFi off. It *might* also work if I had unplugged or turned off my router - I don't want to try that.

  17. countd
    Happy

    Just in time

    A day of pointless meetings tomorrow but what if I could get my laptop to get my phone to ring a few times and make my excuses? :D

  18. Revs1

    Shame you have to give Google access to everything on your phone and your soul to be able to access these features

    1. uhuznaa

      Once you use an Android phone they have access to everything anyway if they want to. This way you at least get something out of that deal.

  19. Jonathan Richards 1 Silver badge
    Facepalm

    Not the worst that could happen...?

    > if you leave a PC or such a machine lying around while logged into the Play store, some wag can sneak over and now kick you out of your gadget ^W^W^W^W^W^W spend a metric shedload of money on apps that you didn't want. FTFY.

    The first fifty-odd 'top paid' Android apps on the UK edition of the Play Store have a median price of £2.09. Some are up around the twenty quid mark. (c) Dept. of Pointless Statistics.

This topic is closed for new posts.

Other stories you might like