There’s no shortage of new features packed into Android 5.0 Lollipop but one that’s certain to draw a lot of attention is the “kill switch.” Google’s new “factory reset protection” option is certainly a step in the right direction although one questionable decision means it’s far from a perfect solution.

Previous implementations of the kill switch in Android (through Android Device Manager) allow users to remotely lock and wipe their phone if it comes up missing or is stolen. The problem, however, is that there was little stopping a thief from performing a factory reset on a hot handset if it wasn’t passcode-protected.

The factory reset protection requires a Google ID and password before a handset can be reset. What’s more, it only works when a lockscreen passcode is enabled but Google missed the mark as the feature is still opt-in.

That means many won’t bother - or even know - to enable the feature and criminals will have a higher chance of stealing an unprotected phone. What’s more, it likely won’t pass muster in regard to California’s kill switch law that goes into effect next July.

In a joint statement on the matter, San Francisco District Attorney George Gascon and New York Attorney General Eric Schneiderman pointed out that in order for these theft-deterrents to effectively end the epidemic, they must be enabled by default so violent criminals lack the incentive to steal smartphones.

The two said they would continue to encourage every actor in the smartphone industry – including Google – to take the necessary, additional step of ensuring this technology is opt-out on all devices.