I know that when you finance a device you don’t really own it until you pay it off, but this is scary, especially if you depend on your device for 2FA or have other important information on it. What way to show exactly how little these folks own their phones.
Another new <uses-feature> element is for “device lock” support. This probably ties to DeviceLockManager. The primary cited use case: a “financed device, where the financing entity has the capability to lock the device in case of a missed payment”.
The concept of having financed devices is fine. The concept that financers and and complicit device manufacturers can lock the device for non-payment is unsurprising. Having this “feature” baked into the OS is disturbing.
I agree. One may use their car to go to work and take the kids to school, but lenders can and will reprocess the car if I miss a payment. According to this article from the Consumer Financial Protection Bureau (CFPB), lenders can even remotely deactivate a car. I think the biggest takeaway is don’t: finance something as trivial as a phone. If you can’t afford to buy it, don’t finance it.
It isn’t that repossession is wrong, sure it is fine. It’s more that this “feature” could be abused. If there is a way (baked into the OS) to lock someone out of their phone, wouldn’t malicious actors want to find a way to trigger it?
Also this whole attitude of “if you can’t afford it don’t finance”… So poorer people shouldn’t be able to finance to have nice things? And buying a thing without financing doesn’t automatically deactivate the lockout functionality anyway.
Anyone who has system access to your phone can do things a lot worse than locking it.
You shouldn’t take a loan you can’t afford to pay it back, it’s going to do more harm than good if you do, and it doesn’t matter if you are poor or rich.
First time I’m hearing about this, and don’t think it’ll end well. In theory, I do not mind a financing company having the ability to lock your (unpaid) device. It’s good fraud protection. Honestly, with how prevalent financing has gotten, I would’ve expected this to be standardised years ago.
I’m just curious about a couple of things:
Can this be enabled/disabled/prevented via ADB?
Is this “feature” limited to the financer? Could I, school/workplace, Google, or Government trigger it?
Can you tell who has the ability to do this, to your device (on a device basis), and can that permission be revoked? Say I sign a contract with “Blah”, and sell that contract phone on eBay. Can the buyer see the contract details? Or revoke those permissions? What if I then break the contract, after the return window closes?
What’s to stop a malicious financer abusing that power? Say I complete my 3/4 year contract, could they still block my device? Would that company charge to remove that block? What’s to stop them from doing it again?
Here’s what I expect will be the way that this gets implemented by financiers. They will have access to lock your phone. First month you don’t pay, you get a warning about “hey you missed your payment”. Second month you miss you get a second warning and then get notified that they have access to lock your account if you don’t send a payment. Third month comes with a notification that says “been 3 months since last payment, your phone will lock in 3 days, can only be stopped or unlocked with payment”. If they do something like this, there’s a lot of buffer for people to know what’s going on.
I agree that you don’t get to just have what you want if you can’t afford it, but seeing an integration like this at the OS level is what bothers me. It’s not like an app that was installed and then can be uninstalled once your pay your phone off. And then presumably all devices that update to Android 14 will have this available for an attacker to get a hold of. While someone with access to your system can do a lot of harm, this decision not only increases attack surface but it gives attackers another way of harming their targets.
One scenario that I can think of is that a financier gets hacked into and now all of these phones are vulnerable to an attacker. Imagine T-Mobile gets hacked, the attacker gets the usual data, and then as an added bonus for negative media attention against T-Mobile, locks the phones of all of their customers who are on a financing plan. Arguably getting the data to make off with is the worst part assuming T-Mobile didn’t have an easy way of restoring access.
Another scenario, Android phones are being sold in a country with less privacy rights than the US, and they say that all phone sold in the country must be financed or that sellers must retain access to this devicing locking feature in order to sell as though they were a financier. Now where as only Google maybe had access to lock people out of their phones, now the government can order the financiers to lock devices either for specific people or whole areas. Imagine Iran locking your phone rather than just cutting out the internet. I’d say that’s an overall negative impact.
At the same time, it’s not like we don’t already lived with managed devices. Presumably the same methodology that I describe above could be done with the access for managed devices, so it may not be that different. I still think that overall this is a step in laying more ground work for a centralized infrastructure of control that we hope won’t be abused at some point down the line.
That’s something I didn’t consider, and something I can imagine would be VERY likely, if the “hacker” has that capability. I can kind of trust Google to have decent security, but I would not trust T-Mobile, or PayPal, to keep that lock secure. Where I live, there is one company in particular that is notorious for being lax on security, yet they offer financing deals for devices.
To repeate my earlier post, I “don’t think it’ll end well.” I hope Google reveals more details on how this’ll work exactly. Or maybe it’ll get dropped before full release. It’s not the first time a feature got removed, that was in the Previews.
Even with that being the case, we’re now adding in a whole new group of parties who have similar access to shutting down your device, because ISPs and financiers are not always the same, as in the case of Best Buy.
The difference is in the amount of effort it would take. Why make software and deal with any commotion that might come up with you mandating software be installed on devices when you can quietly pass a law that requires financiers to have this kind of access on Android phones going forward. Far fewer people will notice or care, but now you have on more tool in your arsenal to deal with rebellion.
However, I get where your coming from with the “evil empire” position. I don’t think this is a good development and it’s even a little surprising to me, but I don’t think this is the thing that will usher in some really bad privacy invasive practices. In the wrong hands this can give access to a bad actor to lock you out of your phone, but there are bigger threats to worry about and you have to take into account the likelihood of this happening. To be more private or independent, its more important to turn off location services before worrying about whether your phone will get shut off by Best Buy or a corrupt government, especially based on most threat models.
It’s making phones worse, but in their current form they are so bad I just don’t think it matters.
The ISP can passively monitor any call or data connection, block you from the network, and use the signal to triangulate your position. If a government wants to use the GSM network maliciously, the features they already have are much more powerful than locking the phone.