AOSP Change to Allow Users to Remotely Brick their Device

Google IO Android Statue AH 2

Typically, if you lose your phone or it gets stolen, you would login to the Android Device Manager, and wipe your information off of the device. This way, the thief or whoever has the phone won’t have access to your information. But what about taking this a step further? Well Google may have just done that in AOSP. For those that don’t know, all of the changes and additions for Android go through AOSP or the Android Open Source Project. The code is all public because Android is open source, that’s the nature of the beast. The change in question here is Change 235361 states “Add support to brick a device.” So what this means is that a user could remotely brick a device that was stolen. And make the device unbootable. Making the device pretty much useless for a thief.

This new command in recovery can securely erase any partition on your Android device. This includes things like recovery, fastboot and the bootloader. In theory here, manufacturers will also be able to define which partitions are specifically included in the brick command. The ideal way for this to be done is to make the device unbootable, but still providing the user a way to recover the device without having to get any special hardware like a dedicated JTAG.


It’s important to note here that while this has made its way into AOSP as of last Friday, this does not mean it will be a feature in Android N (and is definitely not available in Android 6.0.1 Marshmallow which is currently available on about 7.5% of devices). Often times we see code changes like this make their way into AOSP, but they don’t come in the next version of Android. Additionally, this may or may not be a consumer-facing feature. Meaning that you won’t be able to go into the Android Device Manager and brick your device remotely, with ease. And this would be by design. As Google won’t want people accidentally bricking their smartphone when they’ve lost it or had it stolen. That would create a whole lot more headaches for Google than they want to deal with.