FRP (Factory Reset Protection)

[lunatic59]

I thought the argument of bypassing FRP security helps the bad guys to sound kind of 'hypocritaca'l as what is 'removeing' all the rest of the security to root a phone, in all reality it's the same thing.

You're making some erroneous assumptions there, Jason. Rooting and bypassing FRP are not the same at all.

As to the original argument, FRP is a security protocol specifically implemented to prevent device and/or data theft. There are only two reasons to bypass it. One, a legitimate device owner has created a situation where they are locked out of their rightful device. This can and does happen for several reasons. Most of the time the carrier or phone manufacturer will help them recover. The other reason is because the phone/device does not belong to you but you want to use/sell it anyway. That is specifically what FRP tries to prevent. Helping *anyone* bypass that in a public forum situation is effectively helping *everyone* bypass it.

Rooting, on the other hand, is simply gaining administrative access to the file system. It doesn't change very much about the phone or the installed software, although some apps that require specific security (like banking or credit card apps) may not work on a rooted device. As to your argument about carriers losing money, it's certainly not the case. They do get paid by other companies to include software on their devices which they get when a device is sold. They don't give it back if that device is then rooted. And they might have pay-per-use services embedded which rooting might be able to remove or disable, but then if the user is rooting to get rid of them then there's no use so the manufacturer or carrier is out nothing.

There have been attempts to legislate the practice of rooting as illegal, but they could never get it to stick. What rooting may be is a violation of the terms of use which may invalidate a warranty or have the carrier or manufacturer refuse support or service, but that's about it. Those risks are clearly outlined in almost every rooting how-to i've ever seen, including the risk of completely bricking the phone.

Now, there are apps that require root that can do some very bad things like hack games to cheat or receive paid services for free, or to modify phone identification like IMEI or ESN numbers (which is illegal in many jurisdictions). We do not permit discussion of those. But that's not to say that root is doing the bad stuff.

 

[NotMyRealName]

They are the same. Here I will how you, Android manufacturers and carriers block the ability to root – what’s arguably illegal is the act of circumventing these restrictions. The US congress passed the Digital Millennium Copyright Act (DMCA) in 1999. Under the DMCA, it’s illegal to “circumvent” digital rights management schemes. However, there’s an exemption process that allows the Librarian of Congress to grant exemptions for specific cases. In the past, unlocking cell phones so they could be used on another carrier was legal, but it’s now illegal to unlock your phone without your carrier’s permission. This is due to the way the exemption process works – what’s legal today may not be legal next year when the Librarian releases a new batch of exemptions.
At the moment, it’s legal to root or jailbreak a phone if you’re doing so to use legally acquired applications on it. The exact exemption is for: "Computer programs that enable wireless telephone handsets to execute software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset.” So, you have to root or jailbreak your phone ONLY to use applications that require root access or that can only be installed from outside Google's Play Store. If you’re rooting your phone for any other reason at all – or if you do anything else requiring root or jailbreak access – your rooting or jailbreaking is illegal. The Librarian of Congress did not provide an exemption for jailbreaking and or rooting tablets, so jailbreaking an iPad is illegal, and rooting tablet as well. Even if you’re doing it for the same reason. The exemption only applies to “wireless telephone handsets,” so it’s also a crime to jailbreak a Windows RT device, a Kindle, or anything but a smartphone. And that is for specific purposes only. Now I really don't care that much, my whole point is you can't down on someone else for asking for help with illegal FRP bypassing when your real quick to help with illegal Rooting.

 

[lunatic59]

This is what happens when you mix lawyers and technology (especially when the lawyers don't understand the technology) ... you get vaguely interpreted broad sweeping laws that are unenforceable. The idea behind the DMCA was to protect copyrighted digital material like media and code (in apps) but they were so inclusive in the wording that it included things that couldn't (and shouldn't) be included. While it was more of an issue for Apple and iOS, Android was built upon Linux and was released under the GNU "which guarantees end users the freedom to run, study, share and modify the software."

So, while certain parts of Android and the modifications applied by carriers and manufacturers are protected by copyright, the core kernel and many of the libraries are open and public with the express rights to modify given as part of the GNU. Hence the exemption to permit modifications using "legally obtained" software.

The sticky wicket is that while the DMCA is permanent (until modified or revoked) the Librarian's exemptions are not. The last time the expiration approached there was a huge debate about what that meant for jailbreakers and rooters if the exemption was not renewed. And, FWIW, if you can make a phone call on the device -- even calls over wifi -- it's exempt, so iPads and any wifi enabled device are included.

The answer is not to legislate technology, but to make the technology more root-proof, if that is the manufacturers goal. There are some unrootable devices out there so it certainly is possible.

In any case, this is just a red herring. The argument isn't if rooting or bypassing FRP is illegal. Actually, I don't think either are illegal, per se. The question is what is the ultimate purpose of doing either? While there are some admittedly nefarious uses of rooted (or jailbroken) devices, there are many legitimate and ethically valid reasons to root. On the other hand the only legitimate reason to bypass FRP is to rectify and accidental locking by the rightful owner (and this would include someone who inadvertently or in ignorance sold a device and forgot to remove their account prior to sending it to the new owner.

Let's use this analogy. FRP are the locks on your car door and bypassing that lock is like using a slim jim to pop the lock. Most tow truck drivers carry slim jims to help motorists who've locked their keys in their car. And, if you tend to do this a lot, you might want to own one yourself and learn how to use it. The only other thing it is good for is opening the doors of a vehicle you don't own arguably to get at the contents or steal the vehicle.

Rooting is more like a monkey wrench. It's a very useful tool to work on your car. You can use it to put on non-factory parts that may void a warranty and you certainly wouldn't expect the dealer to support. Of course you can also use it to break car windows to get inside or even injure people with, but it's primary use is a as a legitimate tool.

From an ethical standpoint, I would gladly show someone how to use that wrench to work on their car. I would be hesitant to instruct someone on the proper use of a slim jim. And, as with rooting and FRP bypass, owning a slim jim or monkey wrench isn't illegal either.

 

[Milo Willamson]

Are you sure you have the right phone? The Motorola Moto Z2 Play Droid never had KitKat. Also with FRP factory resetting will not remove the Google Account Lock. Much trickier than a simple hard reset. ;-)

When I first got into the fourms, I think it was this one, i had a KitKat screenshot from my Motorola Moto Z2 Force

typo there sorry hehe.

 

[NotMyRealName]

So you proved my point by admitting that, and I quote "This is what happens when you mix lawyers and technology (especially when the lawyers don't understand the technology) ... you get vaguely interpreted broad sweeping laws that are unenforceable." so you do not agree with the law but you circumvent it. When it comes to FRP that's different right? All I was trying to do was get you to look at how your point is hypocritical and you should not be so quick to jump on someone for asking. Until you are going to follow the DCMA you do not really have a leg to stand on with your arguments with FRP. Myself, I do not agree with either and have circumvented both. But I do not go around picking and choosing whatever suits me best for political correctness.

 

[NotMyRealName]

I forgot that yes carriers do lose money. A wireless service provider, and most do this, will buy a certain model run off of a phone with a contract with the manufacture who will only sell THEM that particular phone. It insures that anyone who wants that particular phone has to use them as a service provider. Well low and behold joe hacker finds out that brand xxx phone uses the same frequency and technology as the service provider he prefers. So now he roots it and walla, he now uses that phone on a different carrier. So now the original carrier just got screwed out of the security he placed on the phone to keep that from happening, and he has lost a potential customer to the competition. And now he has to pay more to either have a update made or new software written.

 

[mikedt]

I forgot that yes carriers do lose money. A wireless service provider, and most do this, will buy a certain model run off of a phone with a contract with the manufacture who will only sell THEM that particular phone. It insures that anyone who wants that particular phone has to use them as a service provider. Well low and behold joe hacker finds out that brand xxx phone uses the same frequency and technology as the service provider he prefers. So now he roots it and walla, he now uses that phone on a different carrier. So now the original carrier just got screwed out of the security he placed on the phone to keep that from happening, and he has lost a potential customer to the competition. And now he has to pay more to either have a update made or new software written.

I'm happy we never have to deal with any nonsense like that here, and much of the world doesn't either AFAIK. I believe a manufacturer like Samsung has to make a version of each phone for each individual carrier in the US? Like a Note9 variant for Verizon, a Note9 variant for Sprint, a Note9 variant for AT&T, and so on.

 

[lunatic59]

Wow. Just wow, Jason.

so you do not agree with the law but you circumvent it. When it comes to FRP that's different right?

Either you truly don't understand or you're playing a game of semantics. For the record there are ZERO laws that make rooting or bypassing FRP illegal. The DMCA protects copyrighted digital material by making it illegal to bypass or reverse engineer security protocols put in place to protect that material from illegal copying. Rooting does NOT do this. It give you administrative access to the Android file system which is granted to EVERY user by the GNU license. After the DMCA was enacted it was pointed out that the law could be arguably extended to include other legal modifications and therefore they had to backpedal with the exemptions. It's just another case of lawyers getting it wrong.

As a creator of copyrighted material myself I fully endorse and support the DMCA. There's a quick little read that might help explain it by a real lawyer here.

Let's look at another analogy. There have been a rash of burglaries in small, but technologically sophisticated town in the Midwest. All the houses have some sort of security system, either cameras, or alarms or bars on their windows ... or shatterproof windows. Now, in their haste to enact a law to deal with this problem, and with public pressure, the town officials enact a law that makes it illegal for anyone to bypass a security system to gain access to protected property. You don't actually have to steal any property, just bypass the system protecting it.

Technically speaking, with a law like that it can be argued that even the homeowner is in violation of the law by opening his own windows. Of course that's a ridiculous example, but that's exactly what happened with the DMCA. Too broad a scope made it necessary to issue exemptions.

FRP is a security protocol to prevent the unauthorized use of physical property, not digital copyright. the DMCA doesn't apply here unless you are protecting the actual code used to implement FRP. (and that's stretching it)

Well low and behold joe hacker finds out that brand xxx phone uses the same frequency and technology as the service provider he prefers. So now he roots it and walla, he now uses that phone on a different carrier.

First, rooting a phone does NOT carrier unlock a phone. Those are different technologies. The carrier lock is a civil agreement between the customer and carrier, and once the terms of that agreement are satisfied, the carriers are required to provide the necessary means to unlock the phone from their network. Rooting is not part of that process.

So now the original carrier just got screwed out of the security he placed on the phone to keep that from happening, and he has lost a potential customer to the competition. And now he has to pay more to either have a update made or new software written.

What follows is a customer breaching a contract, not violating a law. Joe hacker might buy an unlock code to move his subsidized device to a different carrier, but that's not done with root and is just as unethical as bypassing FRP. Please feel free to browse through the forums look at discussions about carrier unlocking phones and you will find that i unilaterally recommend against doing it without first satisfying the terms of the contract, and only then using the official unlock code and not "hack" purchased from questionable sources.

Can we agree that the lock on your front door is a security measure? Then I would hope you would be able to see the difference between publishing a tutorial on how to replace a front door lock, with a tutorial on how to pick a front door lock. That's the difference between showing someone how to root an android device vs. bypassing FRP.

I believe a manufacturer like Samsung has to make a version of each phone for each individual carrier in the US?

They don't 'have to', Mike, but they do for the contract phones. You can also buy unlocked phones and use them on any compatible network, too. Americans got too accustomed to walking into a store and paying a small fee and walking out with a new phone without realizing (or caring) how much the thing actually was costing them in the long run. It would be so much easier if it was simply 'buy your phone first, then choose your carrier' like the rest of the world does.

 

[krisg55]

It won't recognize goggle account I started it on when iIgot phone after factor reset

 

[Hadron]

Can you log on to Google using those credentials, to make sure you have entered them correctly?

Did you do anything else, such as change the password shortly before doing the reset?

 

[krisg55]

I could not log in in that account with new phone..finally managed to link original Gmail with new Gmail..I got hacked..just got back into my Facebook after a month..nightmare

 

[Milo Willamson]

I could not log in in that account with new phone..finally managed to link original Gmail with new Gmail..I got hacked..just got back into my Facebook after a month..nightmare

Bloody always change your passwords!!! That is why you got hacked!!!!

 

[krisg55]

Hon,,as soon as I do cahange they are on it..I've changed passwords so many times in the last month, it could fill a book

 

[krisg55]

Can you log on to Google using those credentials, to make sure you have entered them correctly?

Did you do anything else, such as change the password shortly before doing the reset?

I have changed my password OMG like 100 times and they keep re-changing it..it sgetting old

 

[noidodroid]

First, rooting a phone does NOT carrier unlock a phone. Those are different technologies. The carrier lock is a civil agreement between the customer and carrier, and once the terms of that agreement are satisfied, the carriers are required to provide the necessary means to unlock the phone from their network. Rooting is not part of that process.

Just have to mention this.. You are correct when it comes to carrier unlocks by code but when it comes to other types of unlocks such as unlocks by app / remote unlocks root is a requirement for some if not most all of these types of unlocks. Of course this is 3rd party unlocking i am speaking of. I know you are referring to the carrier doing the unlocking but i figured I would mention what it takes for some 3rd party processes.

As for all else you've mentioned you are right on point legally speaking. Excellent break down. Agree with everything you've said.

 

[noidodroid]

I have changed my password OMG like 100 times and they keep re-changing it..it sgetting old

You need to reflash your firmware and start from scratch. Then make sure you change all passwords on another device preferably one that you do not use on a daily basis / have never used to login to these accounts. This way you can rule out any keyloggers etc. I would then scan for all types of nasties (viruses/malware etc) on any machine you use to access these accounts. I would even then go as far as redoing the machine, formatting, reinstalling OS and apps etc. Make sure you aren't using cracked apps also. Some may have some viruses in them that could be the culprit. If you need ANY help removing FRP from device just contact me and I can be of assistance.

EDIT: Oh yeah also make use of onboard keyboard on windows devices and also you can use apps such as 1password / lastpass which are pretty good about keeping everything encrypted.. You just have to keep that ONE password used to secure all very private and do NOT store it anywhere. I would make something 16 characters long with U case, L case, numbers letters and characters then jot this down on paper and put it somewhere private.

 

[kate]

Does android kitkat have also like this?

Yes it is poosible as Android Kitkat (v4.4 & v4.4.2) is the latest version of Google’s open source operating system for mobile devices like Smartphones

1. As mentioned previously in this thread, KitKat does not have FRP.

2. KitKat was released over 5 years ago and is not the latest version of Android. Right now Android Pie is the newest.

 

[Astr4y4L]

Ok here's my stand point on FRP.
It's good for what it is, and has it's place.
on the other hand, it can be a pain in the butt.
Is it easy to bypass? well I wouldn't say easy...
but with some research you can easily get it done or do it your-self.
I've been asked not to reveal My techniques on FRP bypass here on this forum.
So I will not be telling you How to do it.
But Google is your friend. and sometimes in some cases you can find people such as my self who will help you with something like that for a small fee.
there's also many tools available in the internet designed explicitly for the purpose of FRP bypass/reset most of these tools work but I don't trust the designers ...
the tools may be doing OTHER things in the back-ground.

I personally prefer the cowboy method LoL
I exploit the os for root access and make some changes using the command-line approach, or if that can't be done I look for a way to flash stock firmware to it using a factory tool like LGUP for LG or ODIN for samsung spflashtool for Mediatek devices etc.
but that's really all I will say here,
Any more than that will likely get this thread topic closed.
I hope you all the best of luck .

 

[Milo Willamson]

Ok here's my stand point on FRP.
It's good for what it is, and has it's place.
on the other hand, it can be a pain in the butt.
Is it easy to bypass? well I wouldn't say easy...
but with some research you can easily get it done or do it your-self.
I've been asked not to reveal My techniques on FRP bypass here on this forum.
So I will not be telling you How to do it.
But Google is your friend. and sometimes in some cases you can find people such as my self who will help you with something like that for a small fee.
there's also many tools available in the internet designed explicitly for the purpose of FRP bypass/reset most of these tools work but I don't trust the designers ...
the tools may be doing OTHER things in the back-ground.

I personally prefer the cowboy method LoL
I exploit the os for root access and make some changes using the command-line approach, or if that can't be done I look for a way to flash stock firmware to it using a factory tool like LGUP for LG or ODIN for samsung spflashtool for Mediatek devices etc.
but that's really all I will say here,
Any more than that will likely get this thread topic closed.
I hope you all the best of luck .

I like the cowboy method too

 

[NotMyRealName]

Ok this is the real point I find so hypocritical. Android forums will advocate rooting which is the exact same thing. It is all bypassing security in one form or another. Whether removing the carriers or manufactures protection or a single persons is all the same. A carrier buys a cellphone line from the manufacture, they have them "lock" it so it can only be used on their network. If you like the phone and want it you have to use that carrier. Then some one roots it. Then the carrier is screwed out of money everytime hooks it up to another network.. Its like saying I will help you hack this credit card because it is only a cooperation and their is no real victim but I wont help you bypass the alarm in that car because Im not really sure if it is yours. Don't get me wrong. I am all for rooting. I am just pointing out the flaw in the argument that its ok to root but FRP is bad. Im sure that there is a god argument for that point. No matter how you justify though in the end its ALL bypassing security. As I stated I am all for rooting and bypassing, FRP what I am not for is hypocrites. .

wip...


FRP, short for "Factory Reset Protection", is now integrated into the Android operating system since about version 5.1.1.

What does it do?

It basically protects the owner's data on the device from being compromised by unauthorized users.​

Google Link

For example, if your device is lost, stolen, or wiped after you've set it up to prevent others from using it, then only someone with your Google Account or screen lock information could use your device.​

Another link explaining FRP:

http://www.androidcentral.com/factory-reset-protection-what-you-need-know​

Now, let's say you are now in the possession of a device and you run across this FRP-locked message and you cannot set it up because of it.

• If the device had your Google credentials set up on it originally, all you need to do is sign in with your Google account name and password.
• If the device was set up with someone else's Google account, you would need their username and password to access the device.
• Source

Android Forums' view on bypassing FRP:

FRP is there to protect the user, their device, and the valuable data it contains.

Yes there is the quandary of the user who is, or is not the rightful owner trying to get their device usable again.

Bypassing it is similar to the pickle that some folks get into like when they lose their house or car keys...would you help a stranger break in for that situation?

From what I understand: (input welcome---verifying the 2nd bullet point (confirmed - CS))

• If you reset your device using the recovery menu, you'll need to enter a Google username and password that had been associated with the device.
• If you reset the device via the "backup and reset" option from within the settings menu, you will not need to enter your Google username and password, as resetting the device this way automatically disables FRP.
• Google: Important: If you reset your Google Account password and need to do a factory reset, wait 24 hours after changing your password to reset your device. For security purposes, you can't use an account to set up a device after reset if that password was changed within 24 hours. Learn how to reset your Nexus, Google Play edition, or Android One device to factory settings

 

[Mikestony]

Ok this is the real point I find so hypocritical. Android forums will advocate rooting which is the exact same thing. It is all bypassing security in one form or another. Whether removing the carriers or manufactures protection or a single persons is all the same. A carrier buys a cellphone line from the manufacture, they have them "lock" it so it can only be used on their network. If you like the phone and want it you have to use that carrier. Then some one roots it. Then the carrier is screwed out of money everytime hooks it up to another network.. Its like saying I will help you hack this credit card because it is only a cooperation and their is no real victim but I wont help you bypass the alarm in that car because Im not really sure if it is yours. Don't get me wrong. I am all for rooting. I am just pointing out the flaw in the argument that its ok to root but FRP is bad. Im sure that there is a god argument for that point. No matter how you justify though in the end its ALL bypassing security. As I stated I am all for rooting and bypassing, FRP what I am not for is hypocrites. .

It's been explained to you earlier. If you don't agree, fine, that's cool.

 

[NotMyRealName]

Okay @noidodroid , you offered your $.02 ... here's your change.



The problem, though, isn't the phone company per se. It's the lack of easy to understand instructions for the least technical of their customers. Let's take your hypothetical customer (who resembles my sister-in-law ) and can't remember the password. Google has recovery options for that and have tried to make it possible without compromising security. It's when there's a convergence of circumstances like resetting a phone with a gmail account still active and then changing the password but not having network access on the device, or leaving the country, etc. where it becomes an issue. For the VAST majority of regular idiot users it's a brief mea culpa followed by a quick trip to the carrier store and it gets resolved. The most complicated of these issues is when regular users start trying to "fix" it themselves and try every solution posted on Youtube or click every "fix my phone" link in a desperate attempt to get a working device. They end up completely screwing it up most of the time and make the phone even harder to recover. How is the regular Joe or Jane supposed to figure out which is legit and which is crap if they can't even reset the phone?



This is becoming more common knowledge, so hopefully legitimate sellers and innocent buyers won't be hampered with FRP as often. But, let's look at the other side of that coin. What about those sellers who are dumping gray market, blacklisted or even stolen devices? The profiteers who buy devices cheap on a contract and resell it, and then default only to have the device subsequently blacklisted after months of operation? CL, FB, or any private sale has always been "caveat emptor". Sure, I feel sorry for the kid who saves his grass-cutting money to buy a $1000 phone for $500 and gets stuck because of something the seller did or didn't do. But, I also empathize with with the customer sales rep at the carrier store whose sales numbers go down because of contract they sold that go into default, or the guy who loses his new S9 in the airport bathroom and gets picked up by an eBay king.



Sorry, but that sounds like rationalization and justification. "We're doing this bad thing to make a good thing better" just doesn't fly with me.



Certainly not. We welcome open discussion ... within reason. We can talk all day long about the morality and ethics of a thing and even discuss the technical aspects of it, but when it comes to instructing others how to bypass security, for whatever reason, sorry, that's more likely to facilitate the bad guys then it will help the innocent. Maybe that is a bit old-fashioned, but I'm sure if I'm looking to be counseled on right and wrong, I'd ask my grandmother before my teenage daughter, if you get my drift.



The thing is, that for legitimate customers, most carriers will do all that for free. The question then becomes, how do you differentiate legitimate customers from those with a nice story?

So whats the justification for rooting then? By those same standards. Your ripping off the Service provider. But thats ok right?

 

[mikedt]

FWIW I believe most reputable phone manufacturers's service can reset and clear FRP, you may have to pay a fee and prove legitimate ownership though. So if someone is FRP locked out of their Galaxy S8 or whatever, maybe they should try at their local Samsung Service Centre, rather than trying to DIY hack it?

Carrier SIM-locked phones, I've only had to deal with that once, over 10 years ago with an original Apple iPhone in the UK. All phones available to me now are unlocked, and NOT subject to carrier contracts.

 

[mikedt]

So whats the justification for rooting then? By those same standards. Your ripping off the Service provider. But thats ok right?

I maybe missing something, but how does rooting your phone rip off the service provider? Because AFAIK having root access on a device doesn't remove a SIM-lock. And I'm sure we've had posts about this. I think it would be like saying, ripping off Best Buy, Currys or PC World because they didn't give you admin access to the PC or Mac they sold you.

 

[Deleted User]

So whats the justification for rooting then?

A number of reasons. For instance:-

- Installing the latest version of Android, for a phone which is old and no longer supported by the manufacturer.
- Installing custom ROMs.
- Getting rid of bloatware.
- Having more control over the phone, to install things, or access parts of the filesystem which would normally be restricted.

I maybe missing something, but how does rooting your phone rip off the service provider?

It doesn't. You still have to pay for the service you use, somehow.

Just to reiterate what has been said previously, FRP is a basic security measure on the phone, to make it harder for the phone to be reused, after being stolen. The policy we apply on this forum, is not to actively help people to bypass FRP.
Bypassing FRP is not the same as rooting the phone, which is done for the reasons stated above, among others.