Apple's San Bernardino fight may be over, but the government is still seeking both Apple and Google's help in unlocking phones. New research from the American Civil Liberties Union shows 63 different cases in which the government compelled help from Apple or Google in unlocking a handset. It's unclear how many of the orders were filled, although companies often complied with such orders where possible before last year.
The bulk of the cases target Apple, but nine of the orders also look to compel Google's help, typically to reset the password on a given device. The devices include phones from Alcatel, Kyocera, and Samsung, many of which shipped without the default device encryption that blocked the use of traditional forensic tools in the San Bernardino case.
"We carefully scrutinize subpoenas and court orders."
"We carefully scrutinize subpoenas and court orders to make sure they meet both the letter and spirit of the law," a Google spokesperson said in a statement. "However, we've never received an All Writs Act order like the one Apple recently fought that demands we build new tools that actively compromise our products' security. As our amicus shows, we would strongly object to such an order."
Google doesn't have direct access to the software running on Android phones, but it does manage many of the lockscreen protections through the Android Device Manager. That was typically a usability feature for the phones, allowing Android users to reset their lockscreen passcode if they get locked out. The capability only works for phones with an unlock pattern, rather than a fingerprint, password or PIN, and was discontinued in Android Lollipop. Samsung offers a similar functionality through its FindMyMobile service. The capability does not exist in iOS.
But the ACLU report shows how the same capability can be useful to law enforcement, allowing investigators to order a centralized password reset on an Android phone. Typically, the orders request that Google initiate a single password reset, provide law enforcement with the new password, and then reset the password again after the phone has been fully imaged, preventing it from being altered or accessed after the investigation is complete.
One such order is embedded below.
11:35PM ET: Updated with more detail on which Android phones are subject to remote locksreen reset.
11:59PM ET: Updated with even more detail on which Android phones are subject to remote lockscreen reset.