Hi Timothy, I don't quite understand why saving some info to the cloud would prevent the user from getting a "clean" phone using factory reset. By its definition, factory reset would put the phone into a factory-new state. The user can then decide whether to restore data from the cloud post-reset. So couldn't a teen, being creative as they are, factory-reset, restore an alternate account and use the phone after 9PM; just before parental audit, reset the phone to its expected account ?
A possible method of making it harder would be to install a custom OS with an embedded secret (which can be checked by the parent but lost during reimage). This OS would enforce the 9PM curfew. There can also be a watchdog type where the custom OS would reset a watchdog to help detect image copy/restore attempt. But just for completeness, the device being physically in control of the teen would prevent any complete solution unless there is a way of detecting HW access (like a hardware security module). So, another method would be to remove the physical access to the device, e.g. having the teen deposit the phone at some loctaion that produces a log at 9PM. The custom OS approach may not be as hard as it sounds since there are many free roots for the Android phones. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
