Google has announced further improvements to Android's security feature aimed at preventing stolen smartphones from being used or resold. The focus is on strengthening the Factory Reset Protection (FRP) mechanism - protection after a device is reset to factory settings.
These innovations were announced during the Android Show: I/O Edition event, and the launch of the features is expected in the near future, presumably with the Android 16 QPR update.
What is FRP and how does it work?
Factory Reset Protection is activated when the device is reset via the Android recovery menu or via Google Find My Device. After the reset, the system will require the user to verify ownership by logging in to the associated Google account or entering the old PIN or pattern.
If confirmation is not provided, the device becomes locked and unusable, even for basic functions such as phone calls.
Android 15 has already made it more difficult to bypass protection
In Android 15, Google introduced a number of innovations that made it significantly more difficult to bypass FRP. In particular, even if an attacker manages to bypass the first-time setup wizard, he:
-
will not be able to add a new Google account;
-
will not set a new lock screen;
-
will not be able to install programs;
-
will not disable FRP through developer options.
This means that bypassing does not provide access to a functional device.
A new dialog box will prevent you from bypassing the verification
The update will add a system message to notify the user whenever authentication fails. The message states that “this device was reset, but authentication failed,” and suggests repeating the reset and entering the previous credentials.
This window will appear with every attempt to bypass the settings and effectively makes any bypasses useless until the real owner data is entered.
