Google recently released a device tracker that allows you ring your device, see your device’s location or completely wiped the device, all from a web interface. It is without doubt an awesome feature that will help with the recovery of your lost phone. But according to the folks at CyanogenMod, it’s simply not secure enough. See, if Google’s servers were compromised (by a hacker, or even the government), everyone would suddenly be traceable. The info is sent to Google’s servers, and it can be used by someone else.
CyanogenMod’s upcoming service is a bit different. Instead of sending the information through the server, your browser instead sends a public key. The phone authenticates the public key and sends an encrypted key back. The server cannot decrypt this key; only the browser can. This establishes a secure connection that cannot be decrypted on the server side, even if someone manages to get hold of that data. Using this connection, you can track or wipe your device.
It isn’t a foolproof service. If the server was compromised and you entered your password, you would become traceable. However, that would make one user traceable, instead of all users at once. It’s not perfect, but it’s far better than Google’s service.
The service is not out yet, but will be eventually. The source code has been fully published, and the CyanogenMod devs encourage people to check the security and safety of the service. Remember, services like this are improved with the help of the users. Would you be interested in using this over Google’s service? Is this important to you? Leave a comment!