Google and Microsoft are reportedly working on integration of a ‘kill switch’ (not shown above) into their next mobile phone operating systems, as evidence mounts that such security measures could make the theft of mobile phones rather unappealing.
As we probably all know, mobile phones being high-value and easily portable devices makes them a good target to steal, and that’s not to mention the number that are simply misplaced. I’ve seen it myself many times; people fall asleep on the train and someone nearby nicks their phone from their hands and runs off — surely there’s got to be something that can be done to make mobile theft less appealing, beyond the criminal sanctions.
Google is reportedly working on a ‘factory reset protection solution’ in the next version of Android. Microsoft has said that it’s working on a similar deterrent. The moves come as new figures from the US show that thefts of iPhones have dropped significantly with the introduction of Apple’s kill switch in September last year, which renders a stolen phone completely useless as anything but a paperweight.
While moves may be afoot to legislate for kill switch requirements in the US, no such requirement exists in Australia, but as with most things, we’re likely to see them introduced simply because one of the largest markets in the world is starting to demand them.
How do kill switches work? It depends on the implementation, but by and large it requires the handset to be reported stolen to some central registry, and this registry is consulted by the phone intermittently, either while running normally or (in the case of an iPhone, and presumably an Android) during activation of the handset. If the handset is reported stolen, it simply can’t be used and will refuse to do anything. If I understand Google’s proposed solution, it seems that this protection will survive factory resets, making it completely impossible to get a stolen phone to work, unless the original owner recovers the handset and unlocks it (if such an unlock mechanism is available).
We already have some measure of protection, in the form of Android Device Manager, but this isn’t infallible. All that’s required to bypass it is wiping the handset, and then you’re good to go. ADM is good at protecting your data, but it doesn’t render the phone itself useless.