Security is one of the biggest topics and debating points currently circulating the Android community and with good reason. As devices become more knowing about their users, the ability to keep what a device knows protected is becoming increasingly more important. In fact, when Android 5.0 (Lollipop) came through, security seemed to be one of the main aspects being included with a number of changes in play to offer a greater level of protection to device owners. One of the changes that was introduced was Factory Reset Protection (FRP).
The idea behind FRP is simple. If you lose your phone or it is stolen, FTP locks the device down and ensures that someone else cannot use it. To use a device which has been FTP locked, the original ‘owner’ Google account credentials need to be inputted to regain control of the device. In the shortest of terms, ensuring only a device owner can make changes to the device or factory reset it and add a new account if the phone is passed on.
The issue though, is that FRP does not seem to be as secure as one would hope. In fact, back in November, Root Junky was able to show FRP being bypassed on certain Samsung devices. A feat that Root Junky has now being able to replicate on LG devices too. In the video below, Root Junky shows just how easily (albeit time consuming) the process of bypassing FRP on an LG G4 is. In doing so, an FRP locked G4 is able to have an additional user account added, simply by going through certain button pressing motions. Once the additional user is in play, the original Owner account can be accessed and from here, the phone can be factory reset and this time, FRP verification is no longer required. The device is open and ready to be used by whoever has it. It is worth pointing out that while this is an issue that has now been noted on the likes of LG and Samsung devices, Root Junky does make the point that it is expected to be a much wider and fundamental flaw that is likely to be in effect with many manufacturer devices. A point Root Junky hopes to highlight further in due course. Either way, to see the bypassing in action, check out the video below.