Google introduced a security feature called Factory Reset Protection with Android 5.1 Lollipop in March 2015. The feature ensures that if someone gets possession of your smartphone, they will not be able to reset the device without signing in with the registered Gmail address. One year later, smartphone manufacturers continue to incorrectly implement the feature or ignore Google's guidelines. The latest OEM found to be avoiding this additional layer of security is LG.
A flaw discovered in LG smartphones enables an attacker - or anyone - to bypass the Factory Reset Protection (FRP) on the device. By doing so, the fraudster could gain access to the stolen smartphone or tablet. The flaw was discovered by RootJunky, who has also made a video demonstration to walk users through all the steps that are needed to break the security protection.
As per the video, a user is required to go to Accessibility settings, which for some reason is open. Once there, as RootJunky pointed out, some more changes in the settings are required (as you can see in the video below). The video points out that LG isn't completely disabling a user from accessing the Web browser, and File Explorer app. Thanks to these security holes, all a user needs is a patch - available from RootJunky's website -- install it, and trick the phone into factory resetting itself.
This isn't the first time an OEM has been found to have a weak implementation of Factory Reset Protection feature. Last year, RootJunky found vulnerabilities in Samsung smartphones. The flaw, however, required someone to plug-in a USB drive.
Google has taken a strong stand on the factory reset feature. The documentation for the Android 6.0 Marshmallow, which it released last year, revealed that the Mountain View-based company has made it mandatory for OEMs to provide the secure factory reset feature. It will be interesting to see if that will curtail these security holes.