California votes down bill to require "kill switch" software on smartphones

While there's a growing effort to offer "kill switch" software in smartphones to help people who lose their device or have them stolen, it appears that at least one major state in the U.S. won't require that such efforts be made. This week, the California state senate voted down a bill that would have forced smartphone makers to include such remote wiping apps with their products.

CNet reports that the final tally was pretty close. The bill required 21 "yes" votes but only received 19; it also got 17 "no" votes and one senator decided to abstain. The reason why the bill failed is that many lawmakers felt requiring smartphone makers to install "kill switch" software might keep them from selling their products in the state. Opponents also claim that the software would not be as big of a deterrent for thieves as they would be interested in the hardware, not the software, of the product.

Last week, a number of smartphone companies, including Apple, Google and Microsoft, pledged to voluntary install remote free remote wiping software on all of their devices starting with new units sold after July 2015; the same pledge was signed by a the top five U.S. wireless carriers.

Source: CNet | Smartphone image via Shutterstock

Report a problem with article
Previous Story

Samsung: 'Limited number of Galaxy S5 devices' have fatal camera flaw

Next Story

Apple launches free sleep / wake button replacement program for iPhone 5

37 Comments

Commenting is disabled on this article.

I prefer Apple's way instead. Ask for the Apple ID first before able to restore the iPhone into a clean state. So when the user set a pin on the iPhone, the thief won't be able to use it for themselves too. They cannot clear the pin (Which makes them unable to use the phone) and also by disallowing restoring of the iPhone, the user cannot even try to clear the pin and the phone is locked forever.

tanjiajun_34 said,
I prefer Apple's way instead. Ask for the Apple ID first before able to restore the iPhone into a clean state. So when the user set a pin on the iPhone, the thief won't be able to use it for themselves too. They cannot clear the pin (Which makes them unable to use the phone) and also by disallowing restoring of the iPhone, the user cannot even try to clear the pin and the phone is locked forever.

However, it doesn't fully 'brick' the device which is what is being talked about.

There are several ways to bypass the lock through the hardware and even ways to extract the user data by accessing the SD memory in an iPhone.

WP is the 'closest' to what they are talking about with its encryption and carrier bricking, but even it doesn't fully meet some of the full 'bricking' proposals.

I don't understand why we need legislation for this. The phone manufacturers already load the damn phones with software/apps I don't use, what's one more?

i am always somewhat surprised that most everyone doesn't know Apple does this already WITHOUT laws and legislation. Go steal a IOS7 device and find out. :) Its a brick no matter what you do and no way around it.

Lets say someone steals your IOS7+ device (or you lose it). If you have your apple ID (icloud) entered in, your device needs this ID entered upon activation. Two scenarios can occur: So lets say the thief (or finder) has your phone. Lets say you don't have a password in it, and they go to Settings/general/reset.... won't matter, after a reset, upon going through the welcome screen, language settings, and set-up, as soon as activation comes up, the device prompts for the APPLE ID. Don't have it? Too bad. The serial number/iemi number is registered directly on APPLE servers and tied to the apple ID. NO ID NO ACTIVATION. useless as a brick. Now lets say your phone is pass locked and the thief tries to do a hard restore from itunes. Same story, after the set up screens, you will again be prompted for your apple ID and again, useless as a brick.

For those that say there will be a work around... no there won't, not in a way to be useful. the IMEI numbers/serial numbers are on apple servers. The only way currently to get around this is to have lots of broken Iphones and clone the IMIE numbers over to a working iphone and hope that the previous user didn't have their apple id in it. So 50 to 1 chance... just not worth the hassle.

All handset makers should adopt this system. It works and works well.

Yup, it's probably the best feature to be introduced in iOS 7. With that said, there are services on the 'net that let you remove the IMEI blocking on Apple's servers - they cost a pretty penny though so this activation lock is still a useful deterrant.

rippleman said,
i am always somewhat surprised that most everyone doesn't know Apple does this already WITHOUT laws and legislation. Go steal a IOS7 device and find out. :) Its a brick no matter what you do and no way around it.
....

I also surprised that people don't realize Windows Phone had this feature built into the OS from the beginning in 2010, but I'm glad Apple finally added it a few years later.

(BTW The iOS7 locking isn't as fool proof as what WP provides, but it is still better than nothing.)

Mobius Enigma said,

I also surprised that people don't realize Windows Phone had this feature built into the OS from the beginning in 2010, but I'm glad Apple finally added it a few years later.(BTW The iOS7 locking isn't as fool proof as what WP provides, but it is still better than nothing.)


I have had a HTC 8X... didn't see or come across anything like this. Even googling it now i still can't find any info on what you speak of. What does MS call this? I wish to look into it.

Mobius Enigma said,

I also surprised that people don't realize Windows Phone had this feature built into the OS from the beginning in 2010, but I'm glad Apple finally added it a few years later.

(BTW The iOS7 locking isn't as fool proof as what WP provides, but it is still better than nothing.)

I don't see why Apple's method is inferior than WP method?

rippleman said,

I have had a HTC 8X... didn't see or come across anything like this. Even googling it now i still can't find any info on what you speak of. What does MS call this? I wish to look into it.

Wow, really?

Go to http://www.windowsphone.com and sign in with your phone MS account. You can track it on a map, ring it, lock it, erase it, etc.

(PS The Find features is rather handy even if you lose your phone in your house. It is usually accurate enough to tell you want room it is in as WP location services use various types of triangulation in addition to GPS.)

Edited by Mobius Enigma, Apr 26 2014, 7:09pm :

tanjiajun_34 said,
I don't see why Apple's method is inferior than WP method?

The 'locking' can be bypassed on an iPhone in several ways.

WP not only locks the physical device and has full encryption but it also issues carrier level locks.

The iPhone doesn't use the same levels of encryption, and what little it does encrypt is easily bypassed. So it is still rather easy to steal the user's data from an iPhone by hotwiring the memory storage, which is not possible on a WP device.

Mobius Enigma said,

Wow, really?

Go to http://www.windowsphone.com and sign in with your phone MS account. You can track it on a map, ring it, lock it, erase it, etc.

Either you could be confused about what I am saying, or MS is hiding (really well I might add) what you are trying to say. I know about tracking it, mapping it, lock it, erase it etc.... but there is no "kill switch". This is where apple is alone and where you must not have had an IOS7+ device. Apple takes it a step farther and TIES the apple ID to the serial number. Without the APPLE ID, the phone is useless... even against an OS reinstall. Without the owners apple ID, the device is of no use.

rippleman said,

Either you could be confused about what I am saying, or MS is hiding (really well I might add) what you are trying to say. I know about tracking it, mapping it, lock it, erase it etc.... but there is no "kill switch". This is where apple is alone and where you must not have had an IOS7+ device. Apple takes it a step farther and TIES the apple ID to the serial number. Without the APPLE ID, the phone is useless... even against an OS reinstall. Without the owners apple ID, the device is of no use.

When you lock it, it bricks the device and is tied to the MS Device ID, the MS Account ID and the carrier IMEI. (Depending on the carrier they even get a SIM/IMEI/MS-ID notification that the device is lost.)

WP also has a MS Device ID, but this is not EVER exposed to consumers, unlike the Apple device ID.

If you think Apple is doing anything 'better' or significantly different you are mistaken.

Mobius Enigma said,

When you lock it, it bricks the device and is tied to the MS Device ID, the MS Account ID and the carrier IMEI. (Depending on the carrier they even get a SIM/IMEI/MS-ID notification that the device is lost.)

WP also has a MS Device ID, but this is not EVER exposed to consumers, unlike the Apple device ID.

If you think Apple is doing anything 'better' or significantly different you are mistaken.


I can't see anywhere what you claim they do. Do you have a link to this info? With it being as you describe, surely they would put it somewhere. Been looking for hours and NO where on ANY site have i seen what you claim, even on official windows phone sites themselves it does not seem to publish this info. Are they keeping it a secret? I think you maybe mistaken about what a CARRIER does verses what the phone does.

Edited by Deleted Bye, Apr 26 2014, 8:19pm :

rippleman said,

I can't see anywhere what you claim they do. Do you have a link to this info? With it being as you describe, surely they would put it somewhere. Been looking for hours and NO where on ANY site have i seen what you claim, even on official windows phone sites themselves it does not seem to publish this info. Are they keeping it a secret? I think you maybe mistaken about what a CARRIER does verses what the phone does.

Unless you have read the contracts with ATT/Verizon and Microsoft, you probably won't find everything I have stated.

Microsoft has detailed the 'lock' features in OEM and developer conferences, you will have to find them.

I admit the information is limited, but out there in pieces. The reason it is not fully detailed is that they don't want to provide a 'how to' manual to possibly circumvent how the process works.

For example, even with the phone has been left off and the SIM removed, the device still receives the lock/erase commands as soon as it turns on before any circumvention can be attempted. It also sends a 'here I am' message for authorities to track the phone's location.

(Also while it is off, hotwiring the device will fail as the internal MS Device ID and user data are encrypted, preventing data theft and phone cloning.)

Mobius Enigma said,

Unless you have read the contracts with ATT/Verizon and Microsoft, you probably won't find everything I have stated.

Microsoft has detailed the 'lock' features in OEM and developer conferences, you will have to find them.

I admit the information is limited, but out there in pieces. The reason it is not fully detailed is that they don't want to provide a 'how to' manual to possibly circumvent how the process works.

For example, even with the phone has been left off and the SIM removed, the device still receives the lock/erase commands as soon as it turns on before any circumvention can be attempted. It also sends a 'here I am' message for authorities to track the phone's location.

(Also while it is off, hotwiring the device will fail as the internal MS Device ID and user data are encrypted, preventing data theft and phone cloning.)

Do you think its odd that MS does't have this advertised to deter theft of their handsets? You would figure (if true as you say) it would be a HUGE draw.... "buy a windows phone since its useless to steal one".... I am not calling you a lair, but i strongly think you could not be understanding what you are reading or understanding what someone is telling you. Even the phone dealers here don't know what you are trying to say. I call ########...

Mobius Enigma said,

Unless you have read the contracts with ATT/Verizon and Microsoft, you probably won't find everything I have stated.

thinking some more about this makes me think that EVEN if true, this is 100% counter productive and is very silly. So this policy you think is better... catching people AFTER the phone has been stolen is a good thing? Why not make it known to most that the phones are just not worth stealing to prevent it in the first place? See my point? MS is not that stupid to work things that way. i believe you are reading your contracts and details wrong, sorry. Its finally catching up now to be common knowledge that there is no point to steal an iPhone. You may as well just steal a brick.

What is the deal with people losing or getting their phones stolen? I say if a person cannot keep track of what they own, then that is their problem. People just do not take are of things like they used to. Whether it be a cell phone, shoes, house...whatever.

I agree that people need to take better care of their stuff, but highly disagree that anyone deserves to be the victim of a thief.

I say that as someone who has a couple of black sheep in the family.

Excellent point. If one's phone is that valuable, then treat it with the care it deserves--don't flaunt it and don't use it in inappropriate locations. Its that simple.

Lots of phones are stolen by pure neglagence. Leaving it in your car out in the open, at the table at a resturant/bar when you leave or get up to use the rest room. This is in the persons control. Now, if they house was broken in to or they were held up/robbed...then that is out of their control.

dead.cell said,
I agree that people need to take better care of their stuff, but highly disagree that anyone deserves to be the victim of a thief.

I say that as someone who has a couple of black sheep in the family.

Are you from New Zealand?

the problem with kill switch is who is authorized to flip the switch?
- Current owner ?
- Previous owner ?
- Carrier companies ?
- Phone vendor ?
- OS vendor ?

Carrier most likely. You lose a phone, call carrier, done. Can't be reactivated unless it's sent back. Then the carrier could do that.

They could possibly require the vendor to do it, but I could see that being a mess.

Giving that ability to the owner would be as bad. If someone got hold of their account, hackers would lock phones all over, just for fun.

Oh good California. You feel the need to label everything under the sun with "causes cancer" but when it comes to actually doing something useful? Nope time to block it.

-Razorfold said,
but when it comes to actually doing something useful? Nope time to block it.

No, not block it. Just not require it. OEMs are free to implement this, and other governments might require it.

rfirth said,

No, not block it. Just not require it. OEMs are free to implement this, and other governments might require it.


But it should be a requirement. It protects people's personal information.

It's a good thing that many ODMs are doing it but making it mandatory helps push its usage.

-Razorfold said,

But it should be a requirement. It protects people's personal information.

It's a good thing that many ODMs are doing it but making it mandatory helps push its usage.

This bill isn't about protecting people's personal info. It's design is to make cell phones less targeted by muggers and thieves. Generally speaking in those cases they customer's information is not the primary target. The primary target is the resale of the phone hardware. As such this bill would've required that the software actually brick the phone. As in, not just erase data but actually make it in 100% inoperable. This takes the risk of abuse to a whole new level. Either by governments and or by hackers and I'm sure both are frothing at the mouth for such a system.

What if this system is exploited to allow others to illegitimately wipe? It cannot be assured that this system will be 100% fault proof. Regardless of the personal information I have on my phone, I do not want to be forced to have this feature on _my_ phone.

Keep is an an option voluntarily enforced by manufacturers for those who want it. Otherwise, buzz off.

SOOPRcow said,

This bill isn't about protecting people's personal info. It's design is to make cell phones less targeted by muggers and thieves. Generally speaking in those cases they customer's information is not the primary target. The primary target is the resale of the phone hardware. As such this bill would've required that the software actually brick the phone. As in, not just erase data but actually make it in 100% inoperable. This takes the risk of abuse to a whole new level. Either by governments and or by hackers and I'm sure both are frothing at the mouth for such a system.


My point is that California wastes a ton of time and money labeling everything with "causes cancer" and another billion restrictive laws all to protect consumers, but when a bill comes along that actually does something to protect consumers then they veto it.

The kill switch would make devices less attractive because now the person who steals it has to find ways to get around the software lock. Sure the hardware is fine but sometimes getting around the locks isn't as easy as you think it is, especially if it has an encrypted bootloader. If the phone is locked, it pretty much becomes less attractive.

What's funny is most phones already have a feature that can do something similar. The IMEI number can be locked by a carrier to prevent anyone from using the phone even if they swap the sim card and reset it. The only problem is carriers never share that data with other carriers. So if my phone gets stolen, I can call AT&T and have them block the IMEI, but if the guy who steals it uses T-Mobile it would work just fine.

What if this system is exploited to allow others to illegitimately wipe? It cannot be assured that this system will be 100% fault proof. Regardless of the personal information I have on my phone, I do not want to be forced to have this feature on _my_ phone.

Keep is an an option voluntarily enforced by manufacturers for those who want it. Otherwise, buzz off.


Then disable the feature? Nowhere is it stated that manufacturers have to include and activate the feature. Just that they have to include it.

-Razorfold said,

Then disable the feature? Nowhere is it stated that manufacturers have to include and activate the feature. Just that they have to include it.

The first paragraph in the article clearly states that the bill would've required it to be enabled by default.

SOOPRcow said,

The first paragraph in the article clearly states that the bill would've required it to be enabled by default.


And please point to me where it states that it can't be disabled?

-Razorfold said,

And please point to me where it states that it can't be disabled?

Dude, I've already made my stance on the issue pretty clear. I don't wanna do this back and forth bs. You straight up said that it wouldn't be required to be enabled by default. That was wrong, which is why I pointed it out.

SOOPRcow said,

Dude, I've already made my stance on the issue pretty clear. I don't wanna do this back and forth bs. You straight up said that it wouldn't be required to be enabled by default. That was wrong, which is why I pointed it out.


I said that because Neowin's article didn't state anything of the such. Don't blame me for John Callaham's shoddy reporting skills.

Also the post that I replied to wasn't even made by you, and yet you felt the need to reply and then go "Oh I don't want this back and forth" Why are you even on a forum that is made for discussion then? If you don't want to discuss anything, don't reply. Simple as that.

But if you want to have a discussion like an adult, then please show me in the bill where it states that it can't be disabled and it's a permanently locked on thing. Laptops have had kill switches built in by several OEMs and I don't see hackers and government agencies frothing at the mouth and disabling them everyday. In fact I've yet to hear of one even happening. And that's not even considering iOS7 and WP both of which have the capability to brick the phone if needed.

The kill switch protects both the hardware and the personal information, making it essentially a win win.

Opponents also claim that the software would not be as big of a deterrent for thieves as they would be interested in the hardware, not the software, of the product.

I dunno, I'd think that potential personal information stored on the device that could be used for identity theft would be a lot more valuable than somebody's phone. But at least the big names are putting it in for free anyway, that's something.