Next Android To Enable Local Encryption By Default Too, Says Google 126
An anonymous reader writes The same day that Apple announced that iOS 8 will encrypt device data with a local code that is not shared with Apple, Google has pointed out that Android already offers the same feature as a user option and that the next version will enable it by default. The announcements by both major cell phone [operating system makers] underscores a new emphasis on privacy in the wake of recent government surveillance revelations in the U.S. At the same time, it leaves unresolved the tension between security and convenience when both companies' devices are configured to upload user content to iCloud and Google+ servers for backup and synchronization across devices, servers and content to which Apple and Google do have access.
Good (Score:2)
Already the industry is realizing what it needs to do.
Re: (Score:1)
Realizing there's a commercial opportunity to take advantage of, you mean?
Re: (Score:2)
i guess they are tired of paying lawyer fees to pretend to fight the usgov
Re: (Score:2)
There is actually a sort of sad irony/schadenfreude to be had here, if I could just get myself to stop chronically sobbing in a quivering ball in the corner about the general state of IT security.
Re: (Score:2)
Encryption transforms are computationally cheap. A MC68000 could do DES-48 with FDE [1] without a noticeable slowdown, so an ARM chip which is several decades ahead would have zero problems with the array shifting of AES.
[1]: As per a program called Access Managed Environment by Casady & Greene, which would DES encrypt the entire hard disk. It was arguably the most thorough encryption program I've seen, offering encryption for removable media, folders, files, even tape, with various methods of recove
Re: (Score:3)
and when user's complain their battery lasts much shorter as the CPU is busy encrypting and decrypting constantly, then they'll switch the default back... and when user's complain that they flip flop too much, they'll make it a giant setup screen option where new user's can complain about which option is on top.
iOS has encrypted most of its data most of the time already and iOS has not had significantly worse battery life than Android in the past. What's the crux here is not the addition of encryption, it's the location of the encryption key.
Re:Good (Score:5, Informative)
iOS, like Android, only encrypts all data if a user opts to put a pin in. iOS8 might be different, but all prior version of iOS only encrypted when a pin was entered.
Re: (Score:3)
Incorrect. iOS always encrypts all data with a master key based of secret data in the CPU. If you choose a pin/passcode, it is salted.
Re: (Score:3)
If you read page nine of the iOS Security Guide, you'll learn that device storage is always encrypted with a unique key, regardless of the device lock settings.
Re:Good (Score:4, Insightful)
In addition to the notes that this is a minimal burden on most modern CPUs, Android L will offer much better battery life - on the same devices - owning to it's new execution environment, which will more than offset the additional cost.
I think it's a sop though - the problem, as demonstrated so well recently to a host of famous women, is not that your local device is terribly vulnerable. After all, we're talking one of the few pieces of data storage that most people will have on their person most of their waking hours.
The real problem is cloud storage. While much has been made of the tactics used to gain access to them, note that any sysadmin on the cloud services responsible likely has the same level of access. You'll only have "private" cloud when your device carrys a private encryption key that the service is not privy to - and this isn't going to happen on the big services (excepting MEGA, allegedly), because the reason they let you store your stuff on their cloud for free is because they can mine it for information. And could you really trust a "private" cloud client anyway? Who says the software doesn't leak your private key back to the author?
If you want private data, Free Software is really the only answer, and having your own private hardware would help too.
Re: (Score:2)
Yep. In the wake of Snowden, people need to feel better. Performing encryption on a computer that you can't trust, is the best of both worlds and gives everyone what they need.
Users will be put at ease, manufacturers can check the "encryption" bullet point, and thanks to the computer working for someone other than the user, various other parties who "need" the data will be able to quietly get the keys without an unpleasant confrontation with the user.
Re: (Score:2)
Yep. In the wake of Snowden, people need to feel better. Performing encryption on a computer that you can't trust, is the best of both worlds and gives everyone what they need.
Users will be put at ease, manufacturers can check the "encryption" bullet point, and thanks to the computer working for someone other than the user, various other parties who "need" the data will be able to quietly get the keys without an unpleasant confrontation with the user. Everybody wins.
Trust is not a binary. If it were, I would say I don't trust anything that I don't fully control (like the compiler trust issue), become extremely paranoid and have no sane life. I choose to have some trust in some things and live a normal life.
Android has long had this option, Apple marketing (Score:2)
Android has had this option since approximately forever.
Third-Party Doctrine (Score:1)
it leaves unresolved the tension between security and convenience when both companies' devices are configured to upload user content to iCloud and Google+ servers for backup and synchronization across devices
The existence of the Third-Party Doctrine makes the decision simple for me.
If you believe this (Score:5, Insightful)
Re: (Score:2)
Encrypt locally and send the data encrypted to backup.
But then you cannot make the data available to the user through web-based apps...
Re: (Score:2)
Re:If you believe this (Score:5, Interesting)
I know everybody talks about encryption, but the word itself is just the tip of security. What's the key size? What's the algorithm? What data is encrpyted? Is it even relevant to talk about local encryption with respect to metadata (which is just as if not more useful to the NSA than the actual data). What about backups? Is it a snapshot of the encrypted contents each time? Or does the backup use a different encryption key, and the data transferred securely? There are so many layers to security (including the user), the "encryption" buzzword is meaningless without full context.
My guess is, Google's not encrypting anything they're really interested in. They're probably not nearly as interested in your pictures or your contact list as say, Facebook. That's data they may currently collect, but ultimately throw away. They're probably more interested in the websites you go to, the links you used followed to get there, the links you followed from that site, the people you actually contact (text, chat, etc.), the geographical location of that person as well as your location, the date and times of your conversations, the contents of your conversations, etc. Local encryption does not apply to any of that data.
In fact, local encryption doesn't even matter much with regards to securing your phone's data. Your phone is probably leaking the encrypted data through one if not more applications. Facebook, Candy Crush, Twitter, etc. largely negate the effects of local encryption. The only thing it will do is keep your private information out of the hands of someone who picked up your lost phone and decided to keep it (or sell it).
Re: (Score:3)
I know everybody talks about encryption, but the word itself is just the tip of security.
Rknpgyl gung. "Rapelcgrq" qbrf abg nyjnlf zrna "Frpherq".
Re: (Score:2)
Re: (Score:2)
I know everybody talks about encryption, but the word itself is just the tip of security.
Rknpgyl gung. "Rapelcgrq" qbrf abg nyjnlf zrna "Frpherq".
Ahh, the Clthulu algorithm
Re:If you believe this (Score:4, Interesting)
I know everybody talks about encryption, but the word itself is just the tip of security. What's the key size? What's the algorithm?
It uses Linux dm_crypt. Here's the source code that configures it, and protects the dm_crypt master key: https://android.googlesource.c... [googlesource.com]
What data is encrpyted?
The /data partition, which holds everything which isn't part of the system image. An easy way to understand the distinction is to note that on unrooted Android devices everything but /data is mounted read-only. So any data that is stored after the device leaves the factory is in /data, and is therefore encrypted, unless it's written to removable media (SD card).
Most of the rest of your post is speculation assuming that Google is intensively mining everything backed up. I'm quite certain that's not true, but I probably shouldn't comment in more detail.
The only thing it will do is keep your private information out of the hands of someone who picked up your lost phone and decided to keep it (or sell it).
Yes, that's what device encryption is for.
(Disclaimer: I'm an Android security engineer. I'm speaking for myself, not for Google.)
Re: (Score:3)
You need your head read. Google has shown time and again that it does not care about your security. There is no need to trade off convenience for security in cloud backup. Encrypt locally and send the data encrypted to backup. This would be great but i bet that Google also holds they keys and decrypts on their end. Google says it wouldn't be able to use your data for their massive data mining and information theft machine if it were properly encrypted. This is why the data sits on their servers unprotected by encryption, they are the antithesis of your guardians of security. If you value your data, turn off all Google services and manage your own backups.
There are two different threat models to consider. Device encryption protects against one, but not the other.
The purpose of device encryption is to protect your data from someone who obtains physical possession of it, because it was lost, stolen, confiscated, etc. The goal really isn't so much to protect it from law enforcement or the NSA -- if the NSA is interested in your data, they'll get it, period -- but against people who might want to, for example, steal your bank account information, etc.
Device
Re: (Score:2)
Also, I have to say that from my perspective as a security engineer at Google you couldn't be more wrong about Google's concern for user security. Actually, if you look at the company's track record on security technology creation and deployment, I think that point is unarguable.
From my perspective as a WiFi network administrator, for years you've been accepting any old certificate for WPA-Enterprise PEAP authentication and not allowing the users to configure certificate the subject_match option that have been available in the underlying wpa-supplicant software all this time. Nor is there any process for oboarding for using local PKIs for WPA-Enterprise. You don't even lock in the first encountered cert until the wifi profile is deleted as apple does. Despite persistently repeat [google.com]
Re: (Score:2)
Re: (Score:2)
Yeah, well, outside of a corporate IT despotism there is nearly no such thing as a "consumer space" at all. You can usually convince management to kick off everything that simply won't do WPA enterprise to get rid of the hassle of AAA web portals, but excluding Androids is not going to happen, so you fire up wpa-enterprise and let the chips fall where they may and try not to worry that all the Androids can get themselves phished. So it's been a more than just a "pain" but an actual security threat to mill
Re: (Score:3)
Re: (Score:2)
To what data are you referring? Google holds keys for some stuff like email, which is sent in plaintext anyway and which they need to offer webmail access. They claim not to have the keys to synced browser data though, and apart from some innuendo and "of course they do" you offer no evidence to the contrary.
Unlike Apple, Google can't recover your backups if you are completely locked out of your account and don't know the password. That suggests that they really don't have the key.
Besides which, local encry
Re: (Score:2)
Really? (Score:3, Interesting)
Why isn't it already the default setting?
Re:Really? (Score:4, Interesting)
Because some of us really don't care if some droid somewhere is poking around in the text massages in our droids.
And anyone stupid enough to take nude selfies, maybe they need to learn that selfies are neither an art nor an art form? Take a lesson from Mother Nature - clouds leak (it's called rain).
I don't encrypt my phone data because I don't see any benefit for my own use, just more hassles. Just like I don't encrypt my on-disk or on-usb-key data. If/when I come into a situation where I need to, I will, but really, so far that hasn't happened.
Re: (Score:3)
Re: (Score:3)
So many people have learned the hard way that sharing nude pics or a racy video with just ONE person can lead to the whole world having it. As the beer commercial says, "Ex" says it all ...
Quote from a 1950 movie [imdb.com], Born Yesterday:
He always used to say, "Never do nothing you wouldn't want printed on the front page of The New York Times."
It's still good advice today. We're inundated with examples of what can happen. In too many cases, the victim is guilty of contributory negligence, at the very least. Example: "What do you mean, 1-2-3-4-5 isn't a good password? [wikiquote.org]"
Dark Helmet: 1-2-3-4-5? That's the stupidest combination I've ever heard of in my life! That's the kinda thing an idiot would have on his luggage!
Banks have already established that your funds are
Re: (Score:2)
Re: (Score:2)
Nothing I wrote in any way gives an impression that I support, in any shape, manner or form, a "blame the victim" mentality. However, contributory negligence is a fact of life, and in no way is the same as saying "you deserved to get raped because of how you dressed."
Picking weak, easy-to-guess passwords is contributory negligence. Ask any bank. You're using a service with certain rules, including the responsibility to choose a reasonably secure password. There's no similar rule in our society saying "It
Re: (Score:2)
The biggest conceptual mistake people make about encryption is that it is only for protecting read access. It's also for protecting against write access. Specifically to your live sessions, so that you don't merrily think you are talking to your bank when you're actually talking to a thief.
Re: (Score:2)
Because some of us really don't care if some droid somewhere is poking around in the text massages in our droids.
Pretty much this.
If the law is interested in what I had for dinner last night, they dont really need to go through my text messages to get it.
Really important things I will not keep on my phone.
Re: (Score:3)
If you travel on any form of public transit, it's a risk. (Pickpockets, muggers, etc.)
Granted, most thieves are only after the phone for its hardware value. But others will dig into the phone and see what sort of personal information they can glean (emails, bank details, list of con
Re: (Score:2)
Unlike Apple's usual forms of encryption, once an Android device is encrypted, it is not reversible. There is no way to UN-encrypt it, except to back up all your programs, flash your original unencrypted OS back to the phone, then restore the programs. And that requires unlocking and rooting the phone.
There are LOTS of problems caused by that.
Re: (Score:2)
So if you encrypt your phone with a secure password, like upper-and-lower-case, numbers, non-alphanumeric, and 10 characters long, then every time your phone is locked and it rings, you have to enter the entire damned thing before you can answer.
Understandably, not many people want to do that. It's a huge pain in the ass.
I don't have a prob
Re:Really? (Score:5, Informative)
Why isn't it already the default setting?
(Android Security Team member here... though these are my own perceptions and opinions, not an official statement.)
Two reasons:
First, because it's not completely trivial to make it work correctly, all the time, every time, on hundreds of different devices. Android uses dm_crypt, so the foundation is solid, well-proven code, but that doesn't mean there aren't tricky corner cases. With the huge number and variety of Android devices out there, you can be certain that if there's a way it can go wrong, it will. So, conservatism suggests it's a good idea to make it optional for a while and shake out any issues. It's been optional for three years now, and is in use on many devices (I don't know how many; I'd guess tens of millions, though), so it's time to take the next step.
Second, performance was a problem. Not run-time performance -- AES is really fast -- but the initial encryption required reading and writing many gigabytes so it took a long time just to do that much I/O. Encrypting by default means that either the device has to be encrypted in the factory, which would be a major production bottleneck, or else users would have to wait 20 minutes for their phone/tablet to start up just after they unbox it. That's a bad user experience. For L this was optimized so it only encrypts blocks that are in use. Since on a new device very little of the data partition is in use, very little has to be encrypted. That makes the initial encryption very fast (a few seconds).
There's actually another device encryption-related improvement coming in L. I'd love to describe it in detail since I worked on parts of it, but the article doesn't mention it so I'll hold off.
Re: (Score:2)
Since you're in the security team, could you comment on why Android requires you to set up some sort of lock security just in order to have a VPN configured (even if it's not in use)?
That never made any sense to me. I believe it assumes corporate use of a VPN, which makes sense that it should be secure (you don't want an unidentified party with free access to your company's internal network), but for many users it's just a way to encrypt potentially unsafe connections, such as when you're connected to some
Re: (Score:2)
Re: (Score:2)
Since you're in the security team, could you comment on why Android requires you to set up some sort of lock security just in order to have a VPN configured (even if it's not in use)?
You know what makes even less sense than forcing people to use lock screens even if not saving VPN access credentials?
Having infrastructure with keychain and all of that in place and then not using it in browser and Android email client to secure stored credentials.
Even worse email client cannot be configured to prompt for passwords when checking/sending mail... you *have* to store your password.
Re: (Score:3)
Android security team, eh? Are you the guy who thinks that my phone implicitly trusting the Chinese government, Turktrust, et al is perfectly reasonable, while at the same that constantly complaining about my own personally verified CA is "WorkingAsIntended" [google.com]?
No.
Re: Really? (Score:1)
so use a complex password. It will allow a large pass phrase (and if you stick with numbers, it will just put up a number pad). Plus the device will wipe itself after so many tries, and if you think you can do it off line... Well, with complex passwords the device is protected by aes256 and good luck with that.
Re: (Score:3)
Not legal. Under CALEA telephone service providers must enable law enforcement monitoring of calls.
Re: (Score:1)
They are not required to deny/forbid the use of encryption on phone calls.
Re: Need to encrypt phone calls (Score:1)
all the law says is that they have to be able to tap into the phone call. It doesn't say that the people have to be talking in English,Swedish, French,Klingon, or clicks and squeals. In other words, encrypt your conversations, the law only says the telecos have to let them record. It doesn't say the recording has to be comprehensable to the eavesdropper.
CALEA doesn't apply to _everyone_ (Score:1)
That's why you do it in another layer, without a service provider being involved. OS and application developers aren't telephone service providers.
Verizon-to-government: "Here's the data you asked for."
Government: [pats gun, grinning] "Oh, I didn't ask for it..."
Verizon: "Just a polite euphemism."
Government: "This is ciphertext. Um, CALEA, remember?" [strokes gun handle, stares]
Verizon: "Sir, this binary snow is the plaintext. The ciphertext that we transported was this [more snow], and we reversed the
Need to encrypt phone calls (Score:1)
Doesn't need to be only wifi. BUT, if the provider had the key they would have to decrypt the call or turn over the key on request.
Nothing requires the provider to interfere with me making an end-to-end encrypted call to another similar phone user. There are reliability issues that would need to be addressed, but it can be theoretically be done
It would basically need PKI or a variant and we know how stupid people are when it comes to accepting unsigned or new certificates. I can only imagine the stupidit
In Other news... (Score:1)
In other news Google points out that although the Sun and stars shine with bright light they also have light bulbs in the Google offices and in their next office buildings they will be eliminating the light switches so that lights shine by default.
Re: (Score:2, Interesting)
You're right. Maybe Apple/Google cannot decrypt a phone that has been seized, but they can certainly be compelled by the government to push an OS update that enables a backdoor in a phone that is in active use.
Re: (Score:3)
Do Android phones automatically update to the latest version? iPhones do not, as far as I am aware, and require the user to manually initiate the download and installation of the newest iOS firmware; this - of course - requires the user to be logged in already, at which point the data is accessible anyway.
In other words, it sounds like this proposed vulnerability involves you being on the other side of the airlock hatchway [msdn.com] already.
Re: (Score:2)
It varies by phone and carrier. The HTC One (m8) that I have was updated this week to a new Android version. I had to approve the install and could have declined, but I did at least get an updated version.
OTOH, my Asus tablet... is probably still running the original Android that it shipped with.
Re: (Score:3)
Are they going to fix the bugs? (Score:5, Interesting)
If you enable device encryption on Android, you can no longer back up and restore your data over USB or through third party tools. You can create encrypted backups over USB, but you can't restore them because of bugs in the ADB tools. The only way to back up and restore is by uploading your data to Google's cloud servers, where your data is much more likely to be purloined than if you had just left your device unencrypted in the first place.
When you enable encryption, you set a password. The encryption password becomes your lock screen PIN and there is no way to change it. So, which are you going to choose? A secure encryption password that you'll spend 15 seconds entering on the tiny keyboard every time you want to unlock your phone? Or a useable PIN that is trivial to crack if an attacker gets your encrypted data?
It's clear someone added device encryption to Android to check it off the list and didn't intend for anyone to use it. I hope their product team realizes this before they bring it to a wider audience.
Re: (Score:1)
I agree with all your points. There are workarounds, for example third party backup based of rsync, but you got everything right with the annoyances. It's also tough to backup or rescue a system when you are encrypted.
For people reading this you might check the play store for "Cryptfs Password", it allows you to set an encryption password different than your unlock PIN. You will need to be rooted.
Re: (Score:1)
Encryption is the least of that problem! (Score:3)
The only way to back up and restore is by uploading your data to Google's cloud servers, where your data is much more likely to be purloined than if you had just left your device unencrypted in the first place.
As an Android fan, let me just say that these problems do not just stop with encryption. Unless you root your phone, you can't back it up properly because Google doesn't let you have access to your own files on your own f'ing device. Apparently nobody sees a problem in the fact that users are forced to make the decisions to either run stock or be able to access all their files. I'm sure it's to reduce piracy or something, but it's a nightmare. Unless your apps keep their data in an accessible folder or you
Re:Are they going to fix the bugs? (Score:4, Informative)
I have a Nexus 5 with a long boot time encryption password and a shorter unlock pin. Seems it was already fixed.
Re: (Score:3)
The encryption password becomes your lock screen PIN and there is no way to change it.
Wrong, the encryption password has to be entered when booting the phone only. It's even different screen (ugly Android 1.6-style buttons painted black).
I have a device with corporate policies enforced and have 3 codes to enter:
- Encryption password
- SIM PIN
- Lock PIN.
When device becomes locked after inactivity, I only need to use the lock PIN.
Re: (Score:3)
The cryptfs password/lock PIN issue is an open bug reported here [google.com].
Re: (Score:2)
Whoops, you're absolutely right. Just did a test and confirmed that indeed the pin changes the encryption password as well. Shame on me :(
When will Apple silently remove the encryption? (Score:1)
It is nice that Apple added encryption to iOS 4 including the encryption of email attachements. But it seems like it was a mistake to depend on it since the protection was silently removed from iOS 7. [thehackernews.com] Does additional encryption in iOS 8 really matter if the feature can be silently removed with an future revision?
I would prefer that data be encrypted by the application regardless of the OS so I can count of the behavior remaining consistent across OS upgrades.
piffle (Score:1)
Apple and Google (Android) are blowing smoke.
Passcode Options (Score:1)
Unless something has changed with a recent system update, last time I checked the local device encryption for Android disabled the Gesture and PIN input, leaving Password as the only option. I don't exactly care to enter a full-on alphanumeric password every time I take my phone out of stand-by, so the feature is of limited use.
I prefer to use TextSecure. This hooks into the SMS and MMS handlers and redirects them from the internal store, to an encrypted store with an application passphrase. Keeps my phone
show stopper (Score:5, Informative)
See also https://code.google.com/p/andr... [google.com]
Unfortunately, this is a total show stopper for full device encryption.
Re: (Score:3)
Re: (Score:3)
I've seen talk of automatically unlocking when connected to specific bluetooth devices or by location (which looks like it might require GPS?). That's handy, but I haven't seen anything about specific wifi networks. I don't want GPS running all the time because of the battery drain, but would like my phone unlocked on my home wifi. Preferably out of the box without needing a third party app that wants all sorts of permissions.
Off topic, but for me the biggest issue with (non-rooted) Android is the permissio
Re: (Score:2)
Re: (Score:2)
Well hopefully it's not too long to wait until L comes out and the first one will be answered. As for the second, it's just irritating that I can't get apps that just connect to their respective services. Not much chance of it, but it'd be great if the likes of Twitter and Facebook released cut down versions that only connected to them and didn't demand access to contacts, SMS etc. It's a refreshing change when an app requires no special permissions, or at least none that aren't obvious for its primary role
Which android version? (Score:2)
Well, it doesn't do any good right now if it's on an android version that nobody uses. What about Pre L versions?
And won't this really be a carrier option? And what about that sharing data part?
Re: (Score:2)
They will be required by July 2015 (Score:2)
California law will require that handsets be able to be remotely disabled by the user. This is one of the easiest ways to do that - to encrypt the phone so that there is no way to operate it without entering the passcode. No resets, no workarounds. Both Google and Apple know that this is the chance to get it into the only x.0 release before that deadline.
It's not high and mighty, it's just getting into compliance. IMHO, it's a good thing, but it's not some special high road either one is taking.
Re: (Score:1)
Encryption (Score:1)
Just so that I understand google play can install shit on your device when it feels like, google reads all of your email, google further nerfs intentionally nerfed permissions system and just about everything by volume in the app store is spyware designed to sell YOU to the highest bidder.
Relax folks your device is "encrypted" ...LOL..
Re: (Score:2)
Agreed.
But, please, what makes you think that Apple, or even Samsung, aren't doing exactly the same?
Apple can install stuff on your device when it feels like it. In fact, you have even less control over an Apple devices and its whims. You'll happily plug in your Exchange details into the Apple device, you have no idea what it is or isn't doing with that. Apple doesn't even have permission systems. You either install, or not. And Apple spyware is just as - if not more - rampant.
So, your concern is reall
Re: (Score:2)
Apple doesn't even have permission systems.
Apple doesn't have a permission system? Have you used iOS? It has an excellent on-demand permission system. An app wants both location, camera, and microphone access? But you don't want it to have location access? Deny it! Only want it to have microphone access sometimes? OK!
Re: (Score:2)
With Android you have to accept all permissions an app wants or not install it. On iOS apps have no permissions other than internet access and have to ask for permission. The permission can be refused, and the app still works just without the feature being requested - e.g. refuse location access and the app can't offer you location based features, obviously.
This granularity is not available with Android.
Re: (Score:2)
But, please, what makes you think that Apple, or even Samsung, aren't doing exactly the same?
I assume they are.
Apple can install stuff on your device when it feels like it. In fact, you have even less control over an Apple devices and its whims.
What does apple have to do with TFA? For the record Apple's actions ignoring factual inaccuracies in your comments are also inexcusable as are Microsofts...etc. It doesn't matter who's doing it.
So, your concern is really about modern devices, not anything to do with the meat of the story - encryption
Pointing out encryption is meaningless when you don't have control over your own devices is relevant.
P.S. With Android, you can see the source, and build from clean source, without any Google services whatsoever if you want. People have done it for you. Almost every big-selling Android phone is supported. You can get root access and check everything you like. And then encryption really means something.
Great for the technically inclined, not so great for everyone else.
Different things... (Score:3)
As others already said, iOS had mandatory full device encryption (that you even can't disable) since 2009, when the iPhone 3G added hardware for that. What was added now is a different thing (encryption of single apps data with the key dropped from memory as soon as the device is locked).
Full device encryption is not enough since the key needs to be in memory as long as the device runs (or no process will be able to access the file system when the device is locked).
Also Apple's full device encryption uses a key saved in a safe enclave in the SoC, while Google's uses the PIN or password you setup for unlocking your device. If you use a PIN, this is easily brute-forced. If you use a strong password you have to type this in every time you want to use your phone. With a swipe pattern you can't use encryption at all.
Still, it's a start. I would like to see some performance tests though, encryption in software isn't free.
Re: (Score:2)
If you set up your swipe pattern first, and then encrypt from the command line, you can have a strong password for boot with a swipe to bring it out of sleep.
I've got (Score:2)
They can keep it (Score:1)
After reading the FA today, I enabled encryption on my i9300 (after doing a backup, of course)
About an hour later, I had my phone back -- sluggish to do everything. And I had to enter a pin every time to unlock, not just at boot as promised (I'd be OK with that -- I can use the Android Device Manager if I lose my phone). Then I went for a TWRP restore -- and TWRP couldn't read my existing partition even after I entered my passkey, so I guess there's some mixup there... I restored from my sd card and it's li
Re: (Score:3, Funny)
All I see from your comment is that you're also not using the Google spellchecker.
Re: (Score:2)
And if you think I'd ever willingly put non encrypted data in any sot of could you're dreaming.
I thought this was about ON THE HANDSET encryption?
Which leads you to the key hiding problem.... Keys need to be plain text to be used, so they are in memory when you have a device that is encrypted. Which leads you to the problem of how to get a sufficiently complex key into the device on boot? Providing keys is where most crypto systems start to break down, and people do stupid stuff like reduce everything to a 4 digit pin or some such nonsense...
Re: (Score:2)
And if you think I'd ever willingly put non encrypted data in any sot of could you're dreaming.
I thought this was about ON THE HANDSET encryption?
Which leads you to the key hiding problem.... Keys need to be plain text to be used, so they are in memory when you have a device that is encrypted. Which leads you to the problem of how to get a sufficiently complex key into the device on boot? Providing keys is where most crypto systems start to break down, and people do stupid stuff like reduce everything to a 4 digit pin or some such nonsense...
Why not generate the key on the device and store it in a secure piece of hardware? That's been a pretty standard solution for a while now. I kind of imagined Android would also do the same.
Re: (Score:2)
So, riddle me this batman... If you store the key on the device and read it automatically on boot, how's that protect you? Or are you saying that it's on an external device so I now have to keep the "key" around to boot my phone? One offers zero protection, the other consumers will hate.
See this is what usually happens...The consumer doesn't want two devices to manage, they want one. We implement strong encryption using long keys, then we store these keys someplace "on the device" and protect them with a
Re: (Score:2)
ARM TrustZone can do it quite effectively... which brings about the opposite problem. The key isn't under the user's direct control, and can't be recovered by the user. The same evil can be used to encrypt proprietary binaries so they can't be pulled off and used with AOSP-derived ROMs. It doesn't matter how nominally-open the operating system is if the hardware it's running on is a black box without public documentation or drivers.
Robust encryption whose key is under YOUR direct control (as the device's ow
Re: (Score:2)
So, riddle me this batman... If you store the key on the device and read it automatically on boot, how's that protect you?
There are ways to store a key on the device and not need to read it automatically on boot. Page nine of the iOS Security Guide from September 2014 describes how Apple solves the problem.