Google didn’t alter Factory Reset Protection in Android 8.1, isolated bug w/ lock patterns

byPass: Release of the Android 8.1 Developer Preview, new functionality is still being uncovered. One possible feature emerged, suggesting that Android was making a critical change to Factory Reset Protection. However, Google has confirmed to us that this is not the case and that a bug is to blame.

Introduced with Android Lollipop, Factory Reset Protection is a measure designed to prevent nefarious parties from wiping and flashing stolen devices. At first boot, the new owner would have to sign-in with the Google account previously associated with that phone or tablet.

Google didn’t alter Factory Reset Protection in Android 8.1, isolated bug w/ lock patterns

A Pixel 2 XL user running Android 8.1 documented forgetting their recently set screen lock pattern. Having no other remedy, the user factory reset the device in hopes of using their Google account credentials to regain access.

However, once on the “Verify your account” page noting that the “device was reset,” this user reported only having the ability to enter the forgotten Pattern. The expected option of being able to “sign in with a Google Account” was absent. At the time, some speculated that was a new security measure by Google to further deter device theft.

However, that is not the case. Google has confirmed to us that Developer Preview 1 of Android 8.1 has a bug relating to lockscreen patterns. Users in a similar scenario that set a PIN or password would be able to bypass Factory Reset Protection with their Google account.

According to Google, the bug will be resolved in the next developer preview that is scheduled to come later in the month.

The user in this case was fortunately able to get Google to replace the device via an RMA, but this incident does serve as a reminder that bugs are expected in any Developer Preview.