Factory Reset Protection helps keep your data safe if your phone is lost or stolen, but you need to remember to disable it before a new user can set it up and sign in.

Factory Reset Protection (FRP) is a security method that was designed to make sure someone can't just wipe and factory reset your phone if you've lost it or it was stolen. Starting with Android Lollipop, FRP is "standard" in vanilla Android, and most companies making our phones have implemented it in their own models. It's a good thing — it makes a stolen phone harder to use, which makes it less appealing to thieves, and anything that can protect our data on a phone we've lost is welcome.

The problem is that people are selling or trading or even giving away phones with FRP enabled and this makes things difficult for the next user.

How it works explains why. If you reset a phone with FRP enabled, you have to provide the user name and password for the last Google account that was registered with the device. There are random work-arounds on the Internet, but they tend to get patched almost as soon as they are discovered. You'll pretty much need to know the login details for the last account to use the phone before you can do anything with it if FRP was enabled before you reset it.

Factory Reset Protection

We've been bitten by this ourselves. We ship phones all over North America and the U.K., and sometimes it's easy to forget about FRP when you wipe the data on a phone and stick it in a box. And yes, we end up having to share a password to get past the initial setup — you can't reset a protected phone for 72 hours after a password change, so "temporary" passwords aren't going to work. Never (and I mean never) reset a phone without turning FRP off during that 72 hour time period. There is nothing but heartache and pain at the bottom of that hole.

The good news is that disabling FRP is easy. The bad news is that there is nothing to remind you to do it when you're wiping your phone. I would love to see a reminder about FRP when resetting, much like the one we see now about losing our accounts and data. Until then, it's up to you to remember to disable it when you're getting a phone ready to send to someone else. The process:

  • Open your device settings and remove any security you have for the lock screen. This isn't a required step for all phones, but some want you to do this so we're including it here.
  • Once that's done, you need to remove any and all Google Accounts from the phone or tablet. That's also done in the settings — look for a section labeled Accounts. With an account selected, look for a delete or remove option, usually hidden behind the three little dots in the top corner of the screen.
  • When you've made sure all of the Google accounts have been erased, you can then factory reset your phone or tablet through the device settings.

The good news is that disabling FRP is easy. The bad news is that there is nothing to remind you to do it when you're wiping your phone.

A couple notes need added here. This doesn't undo Samsung's (or anyone else's) version of Reactivation Lock. If you've enabled data reset protection through your Samsung account, you'll need to turn that off in your Security settings. You can find the switch under the "Find My Mobile" section.

If you've forgotten to turn off FRP and sent a phone to someone else, you'll likely need to help them get it setup. This means giving them access to your Google account password. Do that while you're talking to them, and as soon as they are done you'll want to reset your account password. This sounds sketchy, but be a good seller and do the right thing. Then change that password ASAP because you never want anyone else to have your Google password. I'm sure you can see why disabling FRP before you send a phone off to someone else is a much better solution.

While we haven't seen headlines telling us mobile phone theft is down by any measurable percentage since FRP was enabled, it's still a good way to keep your data safe. And it's pretty easy to disable when you want someone else to be able to use your old phone.

A few words for Android power-users:

If you change the default security on your phone (root, unlock your boot loader, or simply check the box to allow it) this issue and these instructions are not for you. Most things related to security and OS integrity are not for you, because you elected to take care of those issues yourself. That's not a bad thing, unless you checked boxes and did things without understanding the implications.

Remember, we're the 1-percenters when it comes to Android. We aren't the people something like FRP was designed for because we care about unlocked boot loaders and don't want someone to worry about protecting us from ourselves or anyone else.

If you're using a phone that's not running Android as written, it may or may not use the same reset protection methods. Those particular devices are best covered with their own article talking about their own methods of theft-prevention. Those are coming.

Also — If you're using a phone that was shipped with a version of Android older than 5.1.1, this may or may not apply to you — that's up to the manufacturer to decide. Likely no update will enable FRP on a phone that didn't ship with it in the first place.