android encryption

[fields12]

I have a few questions about encryption. Perhaps someone with knowledge can address?

1. how does android encryption currently compare with apple ios?

2. why does the government appear more focused on apple ios, if google android encryption enjoys the same level of security?

3. do both platforms (ios and android) currently furnish the user with the sole means of accessing an encrypted device?

the following links illuminate the issue.

it bears noting that while u.s. constitutional rights such as privacy here, are tested in the criminal arena, law abiding people benefit the most from preservation of such fundamental rights.

thanks for comments.


https://cyber.law.harvard.edu/pubre...rtphone_Encryption_Public_Safety_11182015.pdf

http://news.yahoo.com/top-york-law-...vbG8DYmYxBHBvcwMxBHZ0aWQDRkZVSUMwXzEEc2VjA3Nj

 

[aysiu]

1. how does android encryption currently compare with apple ios?[/SIZE]

Probably about the same in terms of being without the password renders you unable to access the encrypted data. You can use the device by wiping the data, but you can't just access the data directly.

That said, there are other factors to consider:

1. iOS will automatically wipe the device after too many failed password attempts. This is part of what the FBI is asking of Apple to bypass so they can try to brute-force their way into the iPhone in question. I don't believe Android universally has this feature enabled, even when the device is encrypted.

2. I'm not an encryption expert, but I've read that the encryption on the iPhone is at a hardware level and on Android it's at a software level (at least for the Nexus 6p and 5x). May have no bearing on how secure it is. That may be more about performance than security.

3. Android is open source and modifiable, so "Android" isn't implemented the same way all across the board. It's possible for manufacturers to modify Android before releasing it (including modifying the way encryption is implemented). iOS is always deployed the same way, because it's all under Apple's control.

2. why does the government appear more focused on apple ios, if google android encryption enjoys the same level of security?

In this particular case, it's a very specific phone from a very specific mass-shooting incident, and that very specific phone happens to be an iPhone.

3. do both platforms (ios and android) currently furnish the user with the sole means of accessing an encrypted device?

Right now, only the latest Android (Marshmallow) mandates (sans root) encryption, so it's possible in Lollipop and KitKat to not enable encryption, and I think in Jelly Bean and Ice Cream (not sure which), encryption wasn't even available as an option (I may be wrong on that last one—not sure at which point encryption for Android was introduced). Edit: Did some Googling, and apparently encryption became available as an option as of Gingerbread (not Froyo).

The other thing to consider is that a lot of Android phones allow for SD card storage (iPhones do not), so the SD card may not be (and probably isn't) encrypted.

 

[fields12]

thanks for your prompt, informative and responsive comments.

please allow me to respond.

1. the second link in my original post includes a news story where the manhattan district attorney reports holding 175 locked iphones that he desires/needs to unlock but cannot do so. ... the district attorney makes no mention however, of holding a single locked google/android device that he cannot unlock. ... this circumstance prompted my original post about potential weakness in the google/android encryption protocol relative to apple ios.

2. my particular android device, a 2016 model lg k7, furnishes me with the right to 30 attempts at decryption. I am disinclined at the moment to intentionally fail the password 30 times and see what happens. .... i prefer to avoid a factory reset; or worse, having to physically return to the store where i purchased the device for factory reset.

3. i read where some android devices permit the use of a google password as an alternative unlocking device to encryption? if google possesses my gmail password, then, in that event, encryption seems a bit weakened relative to apple ios.

4. i also note that lookout security on my device has administrator privileges in my phone; and may therefore be able to unlock the encrypted device?

5. i analogize encryption of data to human pregnancy. ... it's an "either or" and never halfway phenomenon. Hence, if a lot of exceptions to the android encryption lock exist, the encryption is really not encryption at all. ....

6. and that is what i am trying to figure out about android encryption ....; as the coca cola commercial used to announce: "it's the real thing?" ..... apple ios seems to be the real thing. is android encryption?

 

[Slug]

tthe manhattan district attorney reports holding 175 locked iphones that he desires/needs to unlock but cannot do so. ... the district attorney makes no mention however, of holding a single locked google/android device that he cannot unlock.

Maybe the bad guys in Manhattan prefer iPhones? Other than that, this tells us nothing.

i read where some android devices permit the use of a google password as an alternative unlocking device to encryption?

The users's Google credentials (username/password) are used if the pattern/PIN lock attempts are exceeded. Access to encrypted data is only allowed once the device has been unlocked.

i also note that lookout security on my device has administrator privileges in my phone; and may therefore be able to unlock the encrypted device?

Well, that's kind of the point... the user gives the app (Lookout) permission to perform as admin.

 

[fields12]

thanks for your responsive post.

i have reflected on this issue a bit more.

it seems to me that just as the most reliable way to determine the strength of a football team; proceed with a test; i.e., play the game; .... so the most reliable way to determine android encryption robustness .... a test, which unfortunately happens only in the criminal prosecution venue.

the government's apparent bigger interest at this time, in the iphone versus the android phone on both east and west coasts however, signals to me, that the encryption strength of the iphone appears better. .... we shall see if such conclusion holds as the matter percolates over time.

 

[aysiu]

1. the second link in my original post includes a news story where the manhattan district attorney reports holding 175 locked iphones that he desires/needs to unlock but cannot do so. ... the district attorney makes no mention however, of holding a single locked google/android device that he cannot unlock. ... this circumstance prompted my original post about potential weakness in the google/android encryption protocol relative to apple ios.

I don't think it points to a weakness in the encryption protocol. Apple has had mandatory encryption since iOS 8, and they're now on iOS 9.2.1. More importantly, more iPhone users actually do the upgrade because Apple allows them to do the upgrade themselves and actually pesters users to do upgrades.

Android upgrades are notoriously slow (we're up to 1.2% adoption for Marshmallow, which is the first Android release that mandates encryption). So if only 1.2% Android devices are definitely encrypted (maybe some of the other Lollipop and KitKat ones are encrypted, but they aren't necessarily) then it's no small wonder there isn't a large a pile of unbreakable devices with law enforcement.

2. my particular android device, a 2016 model lg k7, furnishes me with the right to 30 attempts at decryption. I am disinclined at the moment to intentionally fail the password 30 times and see what happens. .... i prefer to avoid a factory reset; or worse, having to physically return to the store where i purchased the device for factory reset.

Well, I guess you could consider that a "less secure" implementation than iOS, since iOS gives you only 10 attempts, but as far as brute-forcing practicality is concerned, 30 attempts isn't significantly more than 10 attempts, especially if your passcode is 4 or more characters long.

3. i read where some android devices permit the use of a google password as an alternative unlocking device to encryption? if google possesses my gmail password, then, in that event, encryption seems a bit weakened relative to apple ios.

I'm not sure about this. If this is correct, yes, it would put Google in an unfortunate position of having access to all its users' phones, which means law enforcement would pester them more for unlocks, and they wouldn't have a good excuse not to comply. If that is the case, I would think Google would take simple measures like "If the password is changed, then the override no longer works," which appears to be the case for the iCloud backup on the iPhone from the San Bernardino shooting. I don't know, because the press doesn't cover Android stuff as much as it does iPhone stuff.

4. i also note that lookout security on my device has administrator privileges in my phone; and may therefore be able to unlock the encrypted device?

What do you mean by "administrator privileges"? Is your phone rooted? If your phone is rooted, this discussion is moot. The vast majority of Android users do not root their phones.

That said, even root access doesn't give you the ability to bypass encryption. For example, if you do disk-level encryption on your laptop, it doesn't matter if you are a Windows administrator or Mac administrator account—the operating itself won't boot up until you have entered the encryption password.

5. i analogize encryption of data to human pregnancy. ... it's an "either or" and never halfway phenomenon. Hence, if a lot of exceptions to the android encryption lock exist, the encryption is really not encryption at all. ....

You can analogize it however you want. That's not how security works. If your question is "Is it encrypted or not?" then, yes, you're correct—it's either encrypted or it's not. But not all encryption implementations are the same, not by a long shot. Encryption relies on keys and passwords, and who has access to those keys and passwords changes how locked down the encryption is, but regardless... it's still encrypted.

Just as you can lock up your valuables in a safe. Anyone with the combination can unlock it, but it's locked either way. Whom you choose to share the combination with changes the overall security, but it doesn't change the fact that the safe is locked.

6. and that is what i am trying to figure out about android encryption ....; as the coca cola commercial used to announce: "it's the real thing?" ..... apple ios seems to be the real thing. is android encryption?

Yes, it's the real thing. Unless you can take an encrypted Android phone and break into it, don't spread FUD.

 

[fields12]

thanks for your comments.

page 5 of my first link in my original post speaks to your first point, i.e., the manhattan district attorney 11/15 report suggests android and its users deploy encryption at a considerably slower rate than the apple ios and its consumers. ... hence, the possible reason for lesser government interest in and frustration with locked android phones relative to iphones.

i would also hasten to add that i am not here to advocate for or against apple ios and/or android encryption software. .... i am simply trying to determine whether mobile phone technology has reached a level of security to reasonably justify and warrant storage and usage of sensitive information (professional, financial, health, etc.,) on it. ... and that decision making process requires critical analysis.

the lookout security software program pre-loaded on my phone, when administrator status is activated expressly authorizes lookout to:

1. erase all data;

2. change the screen-unlock password (is that different from the encryption password as i have only one password to unlock screen and encryption?);

3. set password rules;

4. monitor screen-unlock attempts;

5. lock the screen;

6. set lock-screen password expiration;

7. set storage encryption.

perhaps i should deactivate it, as it sounds like it can do more than i can ....

* * *

the only other administrator identified by android = android device manager which has far less authority than lookout.

 

[aysiu]

page 5 of my first link in my original post speaks to your first point, i.e., the manhattan district attorney 11/15 report suggests android and its users deploy encryption at a considerably slower rate than the apple ios and its consumers. ... hence, the possible reason for lesser government interest in and frustration with locked android phones relative to iphones.

This will change in the coming years, of course, but Android new-version adoption is very slow, so we're talking probably 2019 before the majority of Android users are using encryption.

i would also hasten to add that i am not here to advocate for or against apple ios and/or android encryption software.

Nor am I. I'm an Android user on an Android forum, but I fully recognize there are pros and cons to both phones. I just don't know that there's any evidence that Android phone encryption is lacking in some way.

.... i am simply trying to determine whether mobile phone technology has reached a level of security to reasonably justify and warrant storage and usage of sensitive information (professional, financial, health, etc.,) on it. ... and that decision making process requires critical analysis.

I think you have to figure out some practical scenarios and what you're worried about happening. Are you concerned about some random person just swiping your phone and getting into your stuff? Are you worried about professional thieves? Are you worried about the government snooping?

I'll tell you now in the first two scenarios, if the thieves see your phone is encrypted, it's way too much effort on their part to even try to bypass that, and their primary concern is the phone itself and being able to re-sell it at a 100% profit margin (they paid you nothing for the phone they stole, and they get to sell it for something, even if it's below market rate).

The government already knows anything that want to about your professional, financial, and health life. They have your social security number. They have your tax information. They know it all. They don't need your phone to get that information.

With the kind of information I have on my phone, I'm fully confident that the encryption on it offers the level of protection I need for my email account, my Candy Crush games, and my Facebook account.

the lookout security software program pre-loaded on my phone, when administrator status is activated expressly authorizes lookout to:

1. erase all data;

2. change the screen-unlock password (is that different from the encryption password as i have only one password to unlock screen and encryption?);

3. set password rules;

4. monitor screen-unlock attempts;

5. lock the screen;

6. set lock-screen password expiration;

7. set storage encryption.

perhaps i should deactivate it, as it sounds like it can do more than i can ....

* * *

the only other administrator identified by android = android device manager which has far less authority than lookout.

Well, as I mentioned before, Android is open source, so manufacturers have their own implementations of Android. Android isn't one thing. It is a basic thing that other things can be based on. It's possible, if Lookout was preinstalled on your phone, that your phone manufacturer somehow tailored Android's encryption and authentication to be tied to Lookout somehow. That's different from a Nexus user downloading Lookout as a separate application.

 

[fields12]

thanks for your comments.

you make some good points that assuage a number of my concerns.

1. physical thieves who steal physical mobile phones .... generally seek "low hanging fruit" or unencrypted phones. ... hence, android encryption will generally dissuade the physical thief from attempting to penetrate the data encrypted ... and in favor of throwing the device away or doing a factory reset and corresponding erasure of data.

2. the government already has my personal information or much of it.

* * * *

that leaves category "3," the electronic access of my data by third parties.

a. apple claims google/android monetizes its customers, i.e., google sale of customer data. i don't know the truth or falsity of this point or the extent of it; but i do know numerous google programs (photos, slide, etc., etc.) regularly update on my smartphone and came pre-installed.

b. hackers, who constitute electronic thieves. i understand third party software generally forms the entry point for this element; and i don't use much third party software outside of the pre-installed software.

i am not really sure what to make of category "3."

* * * *

i suppose i can summarize the situation for me ....

a. i deal with confidential information on a professional basis, but i do not see such information as susceptible to monetization (i.e., sale) by a thief, electronic or physical ....; so i don't see a big risk of that data stored on my mobile phone.

b. my financial data could be a source of money to a thief; and hence, i am not willing to use my mobile phone for that purpose.

c. health data .... i don't particularly see a concern about theft.


* * * *

it would be interesting to have some reliable and current statistical information about smartphone use. ... for example, what percent of persons with bank accounts access those accounts by mobile phone? what percent of persons with credit/debit card accounts make purchases by mobile phone?

 

[aysiu]

a. apple claims google/android monetizes its customers, i.e., google sale of customer data. i don't know the truth or falsity of this point or the extent of it; but i do know numerous google programs (photos, slide, etc., etc.) regularly update on my smartphone and came pre-installed.

Of course Google monetizes its customers. The huge bulk of Google's revenue comes from advertisements. That said, they don't "s[ell] ... customer data," at least not individual customer data. They sell in aggregate. If you have ever worked for an organization that uses Google Adwords, you'll know exactly what information you get from Google. It isn't "fields12, living in blah-blah-blah, searched for this exact term and has this kind of job and likes to order blah off Amazon."

b. hackers, who constitute electronic thieves. i understand third party software generally forms the entry point for this element; and i don't use much third party software outside of the pre-installed software.

This has nothing to do with encryption, though. Once your phone is on and unlocked, it's essentially unencrypted (at least for that session, until it's locked again). If you install third-party apps that ask for totally unnecessary permissions, you are granting those third-party apps your information. They don't have to "hack" anything. You've just given them everything.

it would be interesting to have some reliable and current statistical information about smartphone use. ... for example, what percent of persons with bank accounts access those accounts by mobile phone? what percent of persons with credit/debit card accounts make purchases by mobile phone?

I don't see accessing bank accounts through a mobile phone as any riskier than accessing them through a computer, unless you're also arguing (totally legit to do so) that you should never access banking information from a computer, either—go only in person; don't even use an ATM.

 

[fields12]

thanks for your comments.

let's see if i understand mobile phone security landscape?

1. mobile phone encryption software applies solely to protect data from physical, unauthorized, access of the mobile phone.

2. protection from electronic, remote, unauthorized access to the device, on the other hand, accomplishes by a combination of:

a. anti-malware software; and

b. prudence and caution on the part of the user to avoid downloading harmful third party applications.

3. the extent to which google, apple, microsoft, the government, etc., electronically and remotely access mobile phone data does not differ in quality and quantity from the extent to which those entities access personal computer data.

4. the link below includes the 2015 u.s. federal reserve system report on mobile banking. it indicates in pertinent part that some fifty percent of mobile phone users with a bank account in calendar year 2014, performed banking via the mobile phone. .... that is a significant statistic. i do not know at present whether that level of usage satisfies my concerns, but nonetheless mobile phone security for the average consumer seems fairly robust.

http://www.federalreserve.gov/econresdata/consumers-and-mobile-financial-services-report-201503.pdf

 

[aysiu]

1. mobile phone encryption software applies solely to protect data from physical, unauthorized, access of the mobile phone.

Yes. Once you log in and start using the device, it is in a temporarily decrypted state. The main benefit to encryption is the prevention of random thieves (or the government, should it seize your phone) randomly poking around on your phone. This also assumes that the thief or other third party can't somehow get the password (or your fingerprint) from you:
https://xkcd.com/538/

a. anti-malware software; and

In my seven years of using Android phones, I've seen zero evidence of "anti-malware software" improving security for Android users. If anything, it makes a subset of users complacent about real security best practices.

b. prudence and caution on the part of the user to avoid downloading harmful third party applications.

Absolutely this. This 100%.

3. the extent to which google, apple, microsoft, the government, etc., electronically and remotely access mobile phone data does not differ in quality and quantity from the extent to which those entities access personal computer data.

As far as I can tell, yes.

4. the link below includes the 2015 u.s. federal reserve system report on mobile banking. it indicates in pertinent part that some fifty percent of mobile phone users with a bank account in calendar year 2014, performed banking via the mobile phone. .... that is a significant statistic. i do not know at present whether that level of usage satisfies my concerns, but nonetheless mobile phone security for the average consumer seems fairly robust.

http://www.federalreserve.gov/econresdata/consumers-and-mobile-financial-services-report-201503.pdf

Every user has to balance security and convenience. There is a good deal of security in mobile banking. It isn't impervious and it's obviously far safer to bank in person, but the added convenience, for a lot of people, is worth the very slight diminishing in security from in-person transactions. In fact, if you want to be way more secure, don't do anything online. Do everything in person. It will be extremely inconvenient, but it will be far more secure.

 

[fields12]

thanks for your informative comments.

i don't have anything to add at the moment.

 

[RazzMaTazz]

There are a couple different issues at play, encryption, firmware, and where/how one stores and backs-up data.

Practically anybody or any company can implement ridiculously secure encryption of data. You don't need any special hardware (iPhone or Android) to encrypt data. You can get cheap/free encryption programs that will run on Macs, PCs, Linux, etc. that will encrypt data on a hard drive or flash drives such that it would take a massive effort by NSA supercomputers to decrypt the data. So it's not that Apple or Google has better encryption-- it's whether the phone makers force everyone to use encryption. Apparently Apple does on newer phones.

The real problem for law enforcement is that the firmware for recent models of iPhones (5 and up?) only allows 10 wrong password attempts before it wipes the data. That would be a problem even if the iPhone used weak encryption.

Most of us backup our data to the cloud and we willingly give Google/Gmail, Apple, Microsoft (Hotmail), Yahoo, Facebook, etc. the names, numbers, addresses, email addresses, birthdays, job titles, photos, employers, etc. for everybody we know in what is an amazing violation of our friends and family members' privacy. And many people use really easy passwords on their cloud accounts. So I find it amusing that people get worried that the government or terrorists might gain access to their personal information if their phone isn't securely encrypted. If the government or terrorists want your data and they don't already have it, they're not going to steal your phone. They'll just hack into your cloud accounts (probably with a password attack) for Gmail, iCloud, Hotmail, Box, Dropbox, health insurance company, IRS, etc. I wonder if the San Bernadino terrorist set their phones such that they didn't backup to the iCloud.

I don't even put a password on my phone and I would never buy a phone based on its encryption because there about 100 features that are more important to me when purchasing a phone.

I don't think Google sells our personal data. They use our personal data to better target us with ads. Apparently Apple isn't so pure in that regard either.

The reason why criminals in NYC use iPhones more than Android is simple. Criminals are stupid.

 

[aysiu]

I don't think Google sells our personal data. They use our personal data to better target us with ads.

I fully agree with you, but it's not a matter of opinion. If you've ever worked at an organization or company that uses Google AdWords, you know exactly what data Google gives you, and you are indeed paying to just get better targeted ads—you aren't paying to get personal data (and most advertisers don't really want personal individual non-aggregate data).

 

[fields12]

thanks for your comments, razzma taz;

do you know what happens with android 5.1? .... i am informed i have 30 attempts to enter the correct password. ... what happens after failing the password 30 times?

i would assume that most people who engage encryption would also disengage back up on the cloud?

 

[RazzMaTazz]

I'm not sure but I think that the 30-attempts thing is a phone-maker-specific feature, not an Android global feature. I'd guess that your data (whether or not you've chosen to encrypt it) gets deleted after 30 attempts. Not sure.

Encrypting data is an option on Android 4+. I don't think Google would ever make it mandatory because encrypting/decrypting data requires processing horsepower that may cause noticeable performance decreases-- especially on less-powerful phones. You may find the following articles illuminating.
http://bgr.com/2015/03/25/android-lollipop-encryption/
http://www.androidcentral.com/what-full-disk-encryption-android-lollipop

I have no idea if criminals and terrorists commonly avoid cloud backups. Not being able to backup my data would be an absolute deal-breaker for my recruitment.

 

[electricpete]

There is an android app named locker that will give you the wipe after too many unsuccessful attempts.

I'm pretty sure my oldest Samsung (Infuse) had something similar built in, because there was a separate password ( puk = on unlock key) , different from your pin, then you could set up ahead of time in order to be able recover after too many unsuccessful pin attempts. I think if you had unsuccessful puk attempts on that second round, then it would wipe

Android Encryption doesn't buy you much if someone can keep guessing until he guesses your pin (10,000 guesses for four digit pin). I'm surprised that's possible. (Am i missing something) . I'm surprised some kind of lock after unsuccessfull attempts is not built into android by default.

 

[fields12]

thanks razzmatazz and electricpete for your informative comments.

i guess i am going to have to intentionally fail the password 30 times ... and see what happens.

i am not looking forward to factory reset ...; but i do think that data wipe, or not ... becomes a significant component of the encryption platform; eliminating unlimited guesses seems highly relevant to the purpose of encryption.

 

[electricpete]

i guess i am going to have to intentionally fail the password 30 times ... and see what happens.

i am not looking forward to factory reset ...; but i do think that data wipe, or not ... becomes a significant component of the encryption platform; eliminating unlimited guesses seems highly relevant to the purpose of encryption.

haha, I wouldn't go that far myself. But if you're willing to "take one for the team" I'd be interested to see what you find. (No pressure).

 

[mikedt]

There are a couple different issues at play, encryption, firmware, and where/how one stores and backs-up data.

Practically anybody or any company can implement ridiculously secure encryption of data. You don't need any special hardware (iPhone or Android) to encrypt data. You can get cheap/free encryption programs that will run on Macs, PCs, Linux, etc. that will encrypt data on a hard drive or flash drives such that it would take a massive effort by NSA supercomputers to decrypt the data. So it's not that Apple or Google has better encryption-- it's whether the phone makers force everyone to use encryption. Apparently Apple does on newer phones.

The real problem for law enforcement is that the firmware for recent models of iPhones (5 and up?) only allows 10 wrong password attempts before it wipes the data. That would be a problem even if the iPhone used weak encryption.

I think Apple has storage encryption by default on all their recent products now. A Macbook Air I bought late last year.

Not sure if it's set to destroy data after X number of attempts with wrong password though, will have to look into that.

 

[fields12]

electricpete;

i need to wait a few days, before doing so, as i have some things going on; and i don't want to "brick" the phone in that time period.

i suspect i won't have too much of a problem for the following reasons:

1. the following software currently and independently enjoys administrator privileges (i.e., among other things, remote access to change passwords?) on my device:

a. microsoft exchange;

b. lookout security;

c. android device manager.

2. encryption only applies when the phone is physically "off?" ... and hence, decryption only applies when the phone is physically turned "on" from physical "off?" hence, i am not sure whether the phone data is even encrypted during the time when the device has power "on," but when it reverts to "screen lock?"

3. my password for screen unlock and decryption are the same. i understand screen lock is much easier to bypass than encryption.

4. i plan to intentionally fail the password, ..... not when the phone is initially turned on, but rather after the initial "mounting" "decrypting" of the hard disk; and .... and when the phone "screen locks," such as might occur during a theft.

i will supplement this thread ... with the results.

 

[psionandy]

For a good description of how apple encryption works on the iPhone... Have a look through the past episodes of Security Now a podcast by Steve Gibson on The TWIT network... They went through it in incredible detail over the course of two or three episodes.

There are also written transcripts of them on Steve's GRC.Com website

 

[fields12]

thanks for your comments, andy. ...

that is one of the reasons why i began this thread ...

the government for some reason has a disproportionate interest in ios encryption ...

http://www.wsj.com/articles/justice...t-data-from-about-12-other-iphones-1456202213

why isn't the government interested similarly in android phones?

 

[psionandy]

Suspect that the answer is that if your dealing with Apple , you can deal with one organisation once and then get access to all of their devices...

If you try this on Android you have to send the legal team to Google.. Samsung... Huawei... HTC... And all of them as they have different implementations of hardware and firmware.

Once you've beaten apple though it's a lot easier to win against everyone else (which is why non of us should be feeling smug here... Whichever side you sit on in the terms of FBI vs apple we all have a lot riding on this)

So it's as much about tactics as technology