According to a document by the Office of the New York District Attorney, Google has the power to reset the passcodes of a large number of Android smartphones remotely if asked to. The tech giant brought full disk encryption in Android 5.0, which makes it impossible to bypass the passcode of an Android phone. However, older Android versions do not get this feature and hence remain unprotected.
According to the document, around 74.1 percent or more Android phones are still on KitKat or older Android versions. Also, not all of the Android 5.0 devices come with full-disk encryption enabled by default. So if a court order compels Google to extract data from a particular device or from a large number of devices, all those unprotected Android smartphones will be penetrable. The passcodes of such devices can be bypassed by Google in order to read the contents. Meanwhile, Android 6.0 devices are shipping with the full-disk encryption turned on by default.
This situation again shines the spotlight over the vulnerable state of the security system in Android OS. While Apple seeds its latest firmware updates directly to all its compatible devices on the same day, Android updates need clearance from Google as well as the smartphone manufacturer, and from the mobile carriers too. This delays the updates and thus makes those un-updated Android devices vulnerable to a security breach. We do hope Google takes some serious actions in this area.