Forum Discussion
Master ownership of Android devices
The 2nd hand aspect of your concerns does add a little more to consider, but there are still ways and means with a few limitations.
As Moombas points out, zero-touch is reseller based. It is entirely free to use providing you've purchased the devices new or used from a reseller in the first place. Zero-touch won't alleviate FRP causing issues alone, but it will redirect devices into management any time they're factory reset.
On the subject of management, it's not always expensive. Consider Miradore as an example, they have a basic plan for free with no device limit. Other platforms, such as mambo EMM, Appaloosa or Wizy EMM offer limited/low cost options on a rolling monthly basis, and cover all basics for device management.
When devices are managed, again as Moombas points out, restrictions on accounts added to the device can be put in place, but more than this, you as the admin can mandate a specific account on the device to enforce FRP, or disable FRP all together, and users with the devices (or those who get hold of them) are powerless to change this, as the management agent enforces the policies. This extends also to mandating medium to strong password requirements, and also the ability to remove a password remotely as the administrator of the managed device.
For consumers and devices that won't be put under enterprise management, well it's no different to any other asset. If you lock your front door with a piece of rope, someone will cut it and gain access, after which they can wreak whatever havoc that comes with accessing a person's home. If you secure your device with a pattern or simple pin code and leave it around for someone to gain access to it, they will. At least with a device, a proof of purchase is normally enough to get FRP removed by the manufacturer on request.
Multi-user is still a thing, by the way, it just needs to be explicitly turned on for most modern handsets.
My point is that the device user is not always the device owner, and that general consumers shouldn't have such powerful tools available. While ZT is SUPPOSED to be only devices purchased through the reseller, but they can actually onboard any device as we've experienced, but I'm not going in to that now. I can understand a business locking a device, but not some random user, potentially even by accident, and without any sort of special tools. This is about device users not being device owners, something that has never been a problem until FRP.
Sure, technically a reseller can onboard any device, and in some markets they do so with proof of purchase. There's no gotcha there, it's not prohibited in the agreement, it's just not common.
From the other side of this, it used to be possible for me to grab an Android device, recovery reset it and set it back up as my own regardless of device security in place or who owned it. Granted there were vulnerabilities to get around FRP way back when but these are far fewer today.
So I argue that FRP, like the Apple, Samsung, and other equivalents, are a net positive on device security and recovery, not a detractor for consumers. It protects the consumer from losing their device to someone else, and your premise of it being overly simplistic to brick it through physical access to a device with no means of resolving that is exaggerated.
I've managed devices before FRP control was a thing, and I've been through the process of sending devices off to an OEM facility quarterly to wipe the FRP bit on corporate owned devices. From Android 6.0 it stopped being a problem for managed devices since admins gained control either over FRP being enabled, or the account used to recover it.
It's now only a problem for organisations today who choose not to manage (enforce their ownership over) their estate, and since there's many options available to do this for all budgets, there's no reason not to manage devices.
If devices are being handed out for the user to set up and look after, they are the owner on a system level. If those devices are put into management, they're owned by the company pushing the policies. That's the distinction for ownership.
The problem you describe has nothing to do with FRP, it's more likely a problem devices get stolen and resold.
A reseller has to ensure that their devices are not managed before selling them if they don't or sell them even they are managed, they are not resellers to trust. And as a consumer, i would startup every such device online (using SIM or Wifi) until request of entering the google account is arrived and not pay before.
We had several cases where devices which got stolen and someone tried to re-enroll they all ignored all the messages saying "your device is not private" and so on and then wondering why the device is locked into a kiosk screen and not useable or if they are already shipped far away just ran into a useless mode even without FRP.
This doesn't prevent us from stolen devices but hopefully shows the thiefs at some point that it doesn't make sense to steal such devices and try to resell them online or on a flea market.
I do not think you read my post.
I am also concerned about this, I've been looking for details everywhere. We loan out phones all the time and FRP is a big problem for us when users change the pin.
Thanks for the response Genero, please let me know if you find out anything useful. I guess what it comes down to is that there is no "User" role on androids, the user is the Admin, which didn't used to be a problem until FRP came along.
