Technology

Android makes it easier for phone thieves to steal your Google account

Our phones consume the majority of our time. Apple and Android systems have made it a lot easier to access any kind of information through our phones. These systems are also protected with the latest authentication methods to keep our data safe. The authentication mechanism you use to unlock your phone, though, is a major weak point that, if you’re unlucky enough to be monitored, can let anyone access everything within. While we don’t want to scare you into taking any needless action, we do believe it’s a good idea to switch from a numerical passcode to at least an alphanumeric password given the growth in highly organized iPhone thefts over the past couple of years.

Password theft on android devices

As per reports from the Wall Street Journal, Joanna Stern has highlighted some of the theft methods that are associated with social engineering to some extent, which is allowing them to read and remember your passcodes. It is very easy to have your password seen while entering it to unlock your device, or a simple request to share the picture you just took. This kind of theft can happen to anyone.

Swift actions like that, however, aren’t simply for the purpose of reselling your smartphone on the open market; both Google and Apple ID accounts include a means for account password resets that only need users to successfully authenticate on their device. Once they have access to those accounts, criminals can use other personal data they have obtained to steal from cloud storage, drain bank accounts and credit lines, and even defraud others using the victim’s stolen identity. Because all the account information has been altered, the victim is unable to take control of the situation.

While having an iPhone may fit the stereotype of a high-value target, this tendency is difficult to measure, so it’s unlikely that Stern’s reporting on police interactions and personal accounts would provide a complete picture.

Regardless of the statistics surrounding the theft of Android devices, you should be aware that the same critical vulnerability also exists on Android phones. As the esteemed Mishaal Rahman points out, thieves can gain control of victims’ Google accounts by going through the password reset flow and verifying with their device’s passcode.

Beyond Rahman’s instructions, malicious actors might be able to bypass the check by selecting the “Tap Yes on your phone or tablet” option if the second factor of authentication is necessary. This is because the prompt would be sent to the device being used, and the Google app flow would be able to detect it, allowing the check to be bypassed.

No matter which technique you choose facial recognition or a fingerprint scan, you can always fall back to a passcode, password, or pattern lock. So, the best suggestion we can give you right now is to switch from a pattern lock or passcode on your device to an alphanumeric password.

We know it’s not a pleasant concept, especially since this is yet another major password you’ll need to remember with all the difficulties that come with complexity and memory, in addition to being another one of the things you can’t handle with a password manager or authentication tool. It would also be amusing and tragic if burglars were able to crack the strongest password you can remember one that isn’t 5aP9hadQ or something similar in your thoughts. Apple and Google ought to at the very least stop using simple single-device authentication techniques as a verification step for account password resets. We’ve urged Google to take such approaches out of authentication scenarios; if we hear back, we’ll let you know.