“ADB — Brick” Merged To AOSP – Soon Users Might Be Able To Brick Their Missing Phones Remotely
Android Device Manager has long allowed users to factory reset their missing Android devices remotely, theoretically wiping all of their personal information before thieves can use it to steal their identities or use it for other nefarious purposes. Unfortunately, various sophisticated data recovery tools can still be used by anyone with enough determination to restore such data. Also, they’d still be able to use the phone itself by simply starting from scratch. No doubt these concerns led to one of the latest additions to the Android Open Source Project (AOSP): the ability to actually “brick” a phone remotely and make it completely unusable.
First I should point out that new programming code merged into AOSP doesn’t always make it to the next consumer version of Android (though there’s every reason to think enterprise users will see this feature soon, especially if their companies use Android for Work). In the event that it does make it to Android N or a future public release, the following statement from Google’s AOSP code review site describes how it will work:
When recovery starts with –brick, it tries to brick the device by securely wiping all the partitions as listed in /etc/recovery.brick. This is designed to support bricking lost devices.
To put it another way, it will use a remote maintenance tool called the Android Debug Bridge (ADB) to access the target phone’s built-in system recovery feature and wipe the system, recovery and boot partitions in the device’s storage, making it impossible to boot the device at all. It’s often referred to in the Android community as “the nuclear option” for those who lose their phones and tablets and don’t want any potential thieves to exploit them.
One wouldn’t expect Google to be irresponsible enough to simply open this “nuclear option” to consumers without a reliable remedy available for retrieving lost data in case a remotely-bricked device is later recovered by the original owner (indeed they already provide means for keeping Android users’ photos, videos, Hangouts messages and apps constantly backed up in the cloud). In fact, as the above quote mentions, only the partitions listed in the /etc/recovery.brick file by the device manufacturer would be wiped. Presumably such manufacturers would create their own data retrieval solutions for any clients who have access to this remote bricking feature.