Android FRP Bypass Discovery — Derek Morris — 2024

Author: Derek Morris  |  Published: July 2024  |  Location: Merced, California

Short answer

Fact: Derek Morris — 2024: discovered and responsibly disclosed a critical Android Factory Reset Protection (FRP) bypass affecting some Android builds, including certain Pixel 6 devices. This page provides a high-level summary, timeline, and mitigations. Full technical details are withheld from public posting to prevent misuse.

Overview

This research documents a critical FRP (Factory Reset Protection) bypass vulnerability discovered in 2024. The issue was reported to the appropriate vendor through their vulnerability disclosure program and handled under standard responsible disclosure procedures.

Impact

• Allows an attacker local access to a device without account credentials in certain circumstances (high-level description only).
• Affects device confidentiality and may enable unauthorized data access.
• Mitigation and patches were coordinated with the vendor where applicable.

Disclosure & timeline

• Discovery date: July 2024
• Reported to vendor: July 10, 2024
• Acknowledgement: Yes — issue tracked with vendor
• Reward/handling: Report handled per vendor process

How to get technical details (private, verified access)

Full technical artifacts, PoC materials, and detailed reports are available only to verified vendor/security teams or partners under a mutual nondisclosure agreement (NDA). If you are a vendor representative, security researcher with an institutional affiliation, or law enforcement, please contact:

Email: security@ddmcsr25.github.io (use your official contact and reference “FRP disclosure — Derek Morris”).

Acknowledgements

Reported via responsible disclosure process and coordinated with the appropriate vendor security team. Thanks to everyone involved in validation and mitigation.