Google launched Android Device Manager (ADM) back in August but the tool was only Web only. We’ve been using ADM on Jelly Bean and KitKat for the past few weeks (enabled in Device Manager). Works a treat but given these security features are application/OS specific means a hacker could easily remove them. I so want to see Kernel or BIOS remote kill switches, but alas I don’t believe the carriers will be overly warming to this. Why? Small matter of revenue re: insurance.
Earlier this week, Google launched ADM as a native app on the Play Store, which means you can use the app on another Android device (assuming you have installed it on that device) to locate your lost or stolen device. My personal opinion is that most users will only have one Android device and therefore will only have one option to login using the Web. See below.
NOTE: If you have enabled ADM already using Device Administrator, you might not see ADM app being listed in the Play Store.
Android Device Manager (ADM) doesn’t actually require any setup, it’s part of Android 2.2 or above. On Android Jelly Bean and KitKat running on the Nexus 5 you will need to grant Device administrator privilege to be able to remotely lock and wipe your lost and/or stolen device. If you used a factory image to update your Nexus to Kitkat (and Jelly Bean), then Android Device Manager is already enabled. If you updated OTA, then we noticed that this feature was not enabled by default on our Nexus 4/5 and non-Nexus devices i.e. Galaxy S3 (rooted).
Here is how you check whether Android Device Manager is enabled:
Go to Settings > Device administrators > check Android Device Manager
Wiping your lost or stolen Android device with Device Manager will also delete the security apps you have running, so in most instances you will not be able to use the “Find My Device” feature. The only solution right now would be to embed a remote lock and wipe functionality as a kill switch at the firmware level, but this is unlikely due to the profitable insurance the MNOs sell to end users would be impacted.
A database of all devices connected to all networks could be the answer but is both expensive and demands considerable admin resource. In my mind a kill switch, such as LoJack, which is built into the BIOS and or firmware is the only safe and secure answer. Why? Resetting a mobile device back to factory default is something a child could do.
For those in the enterprise and government world, and you want to lock down you valuable commercial assets, then a BIOS or firmware remote locate, lock and wipe feature would be at the top of the mitigation strategy. If you want to check out which devices support LoJack (Absolute Persistence) then I suggest you click here.
How do you locate lock or wipe your Android device
You can do the following from a computer, Mac, tablet another phone. Any device that has access to a browser/Internet.
- To locate, lock or wipe your Android device visit: https://www.google.com/android/devicemanager (you will need to be logged in with your Google account, the one you use for your Android device).
- Google Maps will load up with a pop up window on the left showing you your Android device. If you have more than one device, just click the device image (which should illustrate the device). All you need to do is now click one of your devices.
- All devices (I tested Galaxy S3, Nexus 7 and 5 – the latter has a cool ringtone) highlight the location (including time), location on a map and last used date along with the option to Ring, Lock or Erase the device. Top right on the pop up window you can tap the Target icon to locate the device. You can also edit (pencil icon) the device name if you so wish.
Find your lost phone with Android Device Manager – is now available on devices running Android 2.2 or above; to use it, you also will need to be signed into your Google Account. There will also be an Android app to allow you to easily find and manage your devices. This will partially work. Remote locate, lock and wipe should be coded into the firmware instead – more secure and resistant to device wiping.
Safe surfing folks!
Bootnote: Earlier last month Google Play Services was updated from 4.0.30 to 4.0.31. Some users found that ADM was then disabled by this update. If you haven’t checked whether ADM is actually working for you, follow the instructions above for Device administrators. The Nexus 5 however is unaffected by this update as it is using the latest version of Google Play Services (Version 4.0.34).