Hadlee Simons / Android Authority
TL;DR
- Remote Lock lets users lock their phones remotely using just their phone number. However, there is scope for mischief here.
- Google mentioned that Remote Lock will be upgraded with a “security challenge,” and we have managed to activate the security challenge as a date picket.
Google has been ramping up the overall health and security of the Android ecosystem, and the recent rollout of Theft protection features is testimony to that. These features aim to make stealing an Android flagship less desirable by adding roadblocks to its unauthorized use and resale. However, some of these well-intentioned features have room for mischief that could annoy legitimate users. To counter that, Google had announced its intention to strengthen the Remote Lock feature with a security challenge, and we now have a better idea of how that would shape up.
An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release.
Google began rolling out a new set of Theft protection features for Android devices with Google Play Services last week. The features included Theft Detection Lock, Offline Device Lock, and Remote Lock. Theft Detection Lock locks your device if someone abruptly takes your phone and runs away, while Offline Device Lock locks your device if someone tries to keep it disconnected from the internet for an extended period of time.
Remote Lock lets you remotely lock your phone using just your phone number, in case you can’t remember your Google account password to sign into the Find My Device service. You can access Remote Lock at android.com/lock.
While the features are well-intentioned and generally enhance the security of Android devices globally, keen-eyed readers would notice that the Remote Lock feature, in particular, has room for creating some nuisance. Since you can force enter the lock screen of any device using just a phone number and no further authentication, bad actors could play mischief by remotely locking devices. It’s not a big issue since a legitimate owner could easily get past the lock screen, but someone with a vendetta could certainly make their life a little inconvenient.
Google Play Services v24.41.34 beta addresses this scope of mischief by introducing a Security Challenge for Remote Lock. Google mentioned the security challenge in its announcement in May 2024 but did not share further details about it.
Remote Lock feature throws you a lifeline if your phone is already gone. You’ll be able to lock the screen of your phone with just your phone number and a quick security challenge using any device. This buys you time to recover your account details and access additional helpful options in Find My Device, including sending a full factory reset command to completely wipe the device.
This security challenge feature has not yet been rolled out, but we activated its UI to show you what it could entail.
As you can see, you can set a date as a security challenge. To set up, change, and delete the security challenge, you will require biometric authentication on your device. Once you set up the security challenge on Android, Google will likely provide a data picker on the web for remote lock.
Remote Lock’s website does not show any fields to enter the security challenge yet (as you can see in the first set of screenshots), so this feature could be rolled out in the coming weeks. We’ll keep you informed when we learn more. There’s still room for someone to guess a significant date associated with you that you would use as a security challenge, but even this by itself vastly reduces the scope of mischief.