A cellphone shop easily bypassed Google’s factory reset protection — for R300
MyBroadband was able to bypass Google factory reset protection (FRP) by taking it to a local cellphone and gadget shop and paying a R300 fee.
Google FRP is a feature enabled on Android phones when a user logs into a Google account and sets up a password on the phone.
When you reset your phone to factory settings without entering your PIN, the original account details are required before the phone can be used again.
FRP is a theft-protection feature to prevent criminals from stealing phones and wiping them for future use.
However, it can also be a hindrance with the sale of secondhand phones or when a company re-distributes phones to employees.
If the previous user forgets to remove their account, or at least wipe the phone with their password, the new owner is stuck.
When looking around at options to bypass this restriction, we found paid software tools that offered the removal of this protection on a range of devices.
We decided to see if we could get a local phone repair shop to bypass this protection on one of our own devices.
We set up an account on a Huawei P10 Plus, and factory reset the device from recovery mode.
As expected, when the phone booted up, it required the account details before the user could continue.
We went to Centurion Mall, and the first shop we entered said they could solve our problem.
The shop assistant understood exactly what we wanted and labelled it as a “software repair” on their system.
He told us that it takes some time but wrote us a slip for the device and said we could collect it the next day.
The next morning, the store called to let us know they were still busy, but the phone will be available the following day.
The service cost R300 that we paid upon collecting the device.
The phone was in perfect working condition, and there was no setup to be done to use it.
We found no trace of the software they used to bypass the factory reset protection.
All Google services were intact, and there were no modifications to the IMEI or serial numbers.
Connecting the device to the Internet and doing another factory wipe did not present any problems. The phone worked exactly as before, just without the FRP.
Trying to figure out how exactly they did the bypass, we confirmed that FRP was still working by following the same procedure as before. It showed that FRP was not removed from the device.
It is not illegal to bypass the protection on a device you own. However, bypassing this protection is often used for stolen phones which makes it surprising how easy it was to solve this problem.
The shop assistant did not ask questions about where we got the device or why it was locked. Judging by how quickly they understood the task, it seems like it is something they do regularly.