Galaxy Note 5 Hands On AH 03

The Galaxy Note 5’s Factory Reset Protection Can Be Sidestepped

November 2, 2015 - Written By Justin Diaz

Passwords are a great functionality to have for just a little bit of extra security on mobile devices, and with the factory reset protection functionality built into Android Lollipop users get even more peace of mind should they lose their device or have it stolen. Normally to get around passwords, all that would be needed is to initiate a factory reset via the stock Android recovery, but factory reset protection (or simply device protection)basically makes this a non-issue as anyone that has it enabled on their device must then sign in with their Google account credentials following a factory reset without entering the password beforehand. This makes it hard for thieves to get into and use a device.

The same should be true for any OEM that has the required version of Android, but a user on YouTube that goes by the name of Root Junky displays how they were able to bypass this functionality on a Samsung Galaxy Note 5 due to a flaw in the actual Samsung software. Now, it’s worth noting that while this may be an issue for the moment, chances are Samsung will get around to fixing it rather quickly through a small software update to devices. How Root Junky was able to get around this was by connecting an OTG flash drive to his device which contained an apk file for an app that is appropriately named “samsung bypass google verify.” Even at the verify screen which would normally require a password entry, the Galaxy Note 5 (or presumably any Samsung phone with Android 5.1.1 Lollipop) opens up the file manager app.

From there, all that needs to be done is to attempt to open up the apk file and hit install, which results first in a failure because it’s an apk from an unknown source. Users would then be prompted to go to settings and enable the “unknown sources” option to allow the app install. According to Root Junky, the app’s only purpose is to allow the person to get into the settings menu of the device, where they can then initiate a factory reset a second time but because it’s now coming from inside the menu where there was no password enabled, factory reset protection isn’t triggered. After the reset then finishes and boots back up, the device is usable and no Google sign-in is required. There are more than a few factors at play here, anyone who has stolen a device and tried to factory reset to bypass a password would need this particular apk and an OTG flash drive to perform this task, but the fact that it’s possible at all sort of defeats the purpose of having such a protection measure.