January security update patches Factory Reset Protection bypass bug

by: Kris CarlonJanuary 15, 2016

Nexus 6P January security update resized

The latest Android security update seems to be holding true to its promise – patching a Factory Reset Protection (FRP) bypass bug that had recently been publicized. The bug allowed you (or a thief) to factory reset a Nexus device without requiring the credentials of the Google account previously associated with the device to reboot it again afterward.

Screen Shot 2015-08-13 at 1.45.40 PMSee also: Google reveals details about monthly security updates in new Android Security Google Group1

Even though the bypass was a bit obscure, it’s good to see that Google is actively tackling any and all security weaknesses it comes across in a prompt fashion. The same FRP bypass bug was also recently exposed for Samsung devices and was previously uncovered for LG devices late last year. The Nexus vulnerability was only just shared on Reddit, after the bug had already been fixed.


Factory Reset Protection Nexus 6P

The device discussed in the video shared on Reddit was still running the December security patch. The Android team clearly outlined the bug fix in the Nexus Security Bulletin (yes, there is such a thing) for the January patch:

An elevation of privilege vulnerability in the Setup Wizard could enable an attacker with physical access to the device to gain access to device settings and perform a manual device reset. This issue is rated as Moderate severity because it could be used to improperly work around the factory reset protection.

As always, the moral of the story is to keep your device updated with the latest security patch and not to believe every scary Android security story you read. Chase the source, double check the facts and only then decide if you should start freaking out. In this case, you can carry on about your day.

Do you have the January security patch yet? Did you know this bug existed?

  • adrianpulamare

    won’t this affect the second hand market? If yo buy a SH device first thing you do is a factory reset, and you will need the previous owner accounts? that will be very hard, most of the SH devices are on sale on shops ..so the previous owner should give his (very sensitive) personal informations to a random shop, who will pass them to a new owner, so yeah who would do that? will you give your personal google account to some strangers, when you sell your old device?

    • Jet

      Not really, this additional layer of protection can be disabled if ever you plan selling your device.
      You need to remove your google account and the go to
      Settings > Developer options and check “OEM Unlocking.”

      • Jet

        Let me correct my self,
        It is either:
        1. Removing your Google account from your device.
        2. If you have Developer options enabled on your device, you can also go to Settings > Developer options and check “OEM Unlocking.”

        • adrianpulamare

          thank you, nice to know this .

  • Gustavo

    The source link is broken and the link in “Nexus Security Bulletin”

  • viktor

    Yes, I have januars securety patch.

  • vmxr

    damn i need nexus phone i haven’t even received android6.0 :x

    • Allan

      Yes, that’s the primary reason I get Nexus phones instead of premium or other budget friendly phones.

    • Scr-U-gle

      You still only get “upto 18 months” of software support as stipulated in Androids T&Cs.

      • John Doe

        Funny, I have a Nexus 5 bought Oct 2013 and I am still getting updates/patches well past 18 months .. (6.01)

  • MGB

    So what happens when you legally sell your old phone on? The buyer can’t set the phone up without your gmail address and password.

  • Daggett Beaver

    Someone already bypassed (defeated) the security fix. I’d tell you where to read about it, but AA is preventing me from posting the link.

    • joyrida12

      They won’t let me post a link to the XDA forum where I wrote a guide on bypassing FRP on a Nexus 6 back in December. The claim that the Nexus wasn’t exploited until after the patch is false. I find it weird they never noticed seeing as that guide was on the front page of XDA for two days.

  • samster11

    The other “security issue” I’d like to see fixed is how a thief can swipe down on a locked phone and turn on airplane mode – this immediately renders any device location detection or other security measure inoperable.

    Google really needs to give us the option to hide Airplane mode and Location from quick settings when phone is locked.

    The only security app to my knowledge that does this is the excellent Cerberus.

    • cjdacka

      Though, I agree with your point and have the ability to do this on my iPad (which I do) nothing is stopping a thief from turning the mobile phone off. I would love it if I had that ability though on my Nexus 6.

      • samster11

        But surely they have to turn it on again at some point right? I reckon most thieves wouldn’t know about flashing ROMs…

        On the other hand if you had an option to require password or fingerprint in order to turn the phone off this would also address the valid point you’ve made…

  • Mark Larry Origenes

    I don’t know if the problem is my phone’s hardware but eventually my phone can’t sometimes read my memory card nor my SIM card. I am not a nexus user but I am an android one phone user using a Cherry Mobile One. I’m not sure but after I updated to January patch, this happened. It was working before. My memory card’s brand is Strontium.