GrapheneOS Organization Discusses Open Source Device Management Infrastructure and Factory Reset Protection ( grapheneos.social )

Android Open Source Project (AOSP) provides open source infrastructure for device management used to manage enterprise device deployments, kiosks and other situations where a company is considered to own a specific profile or the device as a whole if it's not a personal device.

GrapheneOS has the standard device management infrastructure including the open source Device Lock Controller APEX module.

The only thing we don't implement is preventing someone from wiping the device and using it as a fresh install, since we don't tie devices to accounts.

Recently, a whole lot of misinformation is being spread about GrapheneOS based on this infrastructure being included. The inclusion of the open source code for supporting these use cases does not mean that it's being used. If you don't want it, simply do nothing and it's unused.

Android implements Factory Reset Protection by tying devices to an account and then requiring that account to use the device after wiping it from the recovery mode. This is meant to deter theft but doesn't help you get back your device once someone wipes it and is stuck at login.

We used to prevent wiping without the passphrase, but we realized it was a bad idea and quickly removed it. It led to users bricking their devices. Apple and Google work around this with their standard account recovery, but devices still get bricked including used phone sales.

We've considered providing our own account-based factory reset protection but there's no clear reason to do it beyond spite towards thieves. It won't deter thefts in practice. One person having their device bricked by it would likely hurt our users more than it would ever help...

Companies rely on this anti-theft approach to prevent their employees wiping the devices, stealing them and using them as a personal device.

Device Lock Controller is a specialized form of it to prevent theft by someone that has been loaned a phone but otherwise has control.

We'd have no issue with providing opt-in anti-theft for either an individual owning a device or an organization's fleet of deployed devices. It's simply not as useful as it seems because the device can still be stolen and sold for a lower price than without the feature.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • grapheneos@lemmy.ml
  • test
  • worldmews
  • mews
  • All magazines
    •