In Android 5.0 Lollipop, Google introduced a security feature called Factory Reset Protection to help folks keep their data safe. It works like this: if FRP is turned on and your Android device is reset from the recovery menu, the Android device will require you to re-enter the primary Google account information that was last on the device. This means that if someone steals your phone and resets it from recovery, there’s no way for them to get in.
Well, with one big exception.
If you happen to own a Samsung device, you can bypass Factory Reset Protection by using an OTG drive and a single APK. In the video shown below, RootJunky was able to bypass FRP on his Samsung device in just under 10 minutes.
You see, there’s a feature on Samsung devices that will automatically launch a file manager when an OTG drive is plugged in, even when the phone is locked. So when the device asks you to enter in your Google account information, simply insert your OTG drive and install the APK (attached in the video’s description) on your device. The APK will pull up the Settings menu automatically, so you can scroll down and perform a factory data reset from the Settings menu. When your device boots up again, you won’t run into the same Factory Reset Protection wall you experienced the first time around.
This can be used for both good and evil, but most likely it will be used for the latter. If you performed a factory reset from your recovery menu and can’t seem to remember your account information, just a quick install from the APK and you should be good to go. Alternatively, and much more likely, this is a tool that can be used if someone steals your Samsung device and doesn’t have your password.
Factory Reset Protection is in Android for a reason, and it’s a little unsettling to think that Samsung devices are vulnerable at the moment. We’ll be sure to let you know if Samsung issues a fix. But for now, let’s hope if you do happen to lose your phone, it doesn’t end up in the wrong tech-savvy person’s hands.