Slashdot Mirror

← Back to Stories (view on slashdot.org)

Next Android To Enable Local Encryption By Default Too, Says Google

Posted by timothy on from the keep-it-to-yourself-bub dept.

An anonymous reader writes The same day that Apple announced that iOS 8 will encrypt device data with a local code that is not shared with Apple, Google has pointed out that Android already offers the same feature as a user option and that the next version will enable it by default. The announcements by both major cell phone [operating system makers] underscores a new emphasis on privacy in the wake of recent government surveillance revelations in the U.S. At the same time, it leaves unresolved the tension between security and convenience when both companies' devices are configured to upload user content to iCloud and Google+ servers for backup and synchronization across devices, servers and content to which Apple and Google do have access.

6 of 126 comments (clear)

  1. If you believe this by zeigerpuppy · · Score: 5, Insightful

    You need your head read. Google has shown time and again that it does not care about your security. There is no need to trade off convenience for security in cloud backup. Encrypt locally and send the data encrypted to backup. This would be great but i bet that Google also holds they keys and decrypts on their end. Google says it wouldn't be able to use your data for their massive data mining and information theft machine if it were properly encrypted. This is why the data sits on their servers unprotected by encryption, they are the antithesis of your guardians of security. If you value your data, turn off all Google services and manage your own backups.

    1. Re:If you believe this by steelfood · · Score: 4, Interesting

      I know everybody talks about encryption, but the word itself is just the tip of security. What's the key size? What's the algorithm? What data is encrpyted? Is it even relevant to talk about local encryption with respect to metadata (which is just as if not more useful to the NSA than the actual data). What about backups? Is it a snapshot of the encrypted contents each time? Or does the backup use a different encryption key, and the data transferred securely? There are so many layers to security (including the user), the "encryption" buzzword is meaningless without full context.

      My guess is, Google's not encrypting anything they're really interested in. They're probably not nearly as interested in your pictures or your contact list as say, Facebook. That's data they may currently collect, but ultimately throw away. They're probably more interested in the websites you go to, the links you used followed to get there, the links you followed from that site, the people you actually contact (text, chat, etc.), the geographical location of that person as well as your location, the date and times of your conversations, the contents of your conversations, etc. Local encryption does not apply to any of that data.

      In fact, local encryption doesn't even matter much with regards to securing your phone's data. Your phone is probably leaking the encrypted data through one if not more applications. Facebook, Candy Crush, Twitter, etc. largely negate the effects of local encryption. The only thing it will do is keep your private information out of the hands of someone who picked up your lost phone and decided to keep it (or sell it).

      --
      "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  2. Are they going to fix the bugs? by wronkiew · · Score: 5, Interesting

    That's great that Google is going to enable device encryption by default. But are they going to fix the usability and security problems for Android L?

    If you enable device encryption on Android, you can no longer back up and restore your data over USB or through third party tools. You can create encrypted backups over USB, but you can't restore them because of bugs in the ADB tools. The only way to back up and restore is by uploading your data to Google's cloud servers, where your data is much more likely to be purloined than if you had just left your device unencrypted in the first place.

    When you enable encryption, you set a password. The encryption password becomes your lock screen PIN and there is no way to change it. So, which are you going to choose? A secure encryption password that you'll spend 15 seconds entering on the tiny keyboard every time you want to unlock your phone? Or a useable PIN that is trivial to crack if an attacker gets your encrypted data?

    It's clear someone added device encryption to Android to check it off the list and didn't intend for anyone to use it. I hope their product team realizes this before they bring it to a wider audience.

  3. show stopper by multi+io · · Score: 4, Informative
    The device encryption feature is apparently designed to always use the lock screen password. So you're forced to have such a password, which you have to enter every time the device comes out of sleep mode, AND (much worse) it breaks essential apps like SkipLock that want to disable the lock screen under certain conditions, e.g. when you're within range of a known WiFi network, thereby relieving you of the need to enter your PIN about 5,000 times a day while you're sitting on your couch at home.

    See also https://code.google.com/p/andr...

    Unfortunately, this is a total show stopper for full device encryption.

  4. Re:Really? by swillden · · Score: 4, Informative

    Google has pointed out that Android already offers the same feature as a user option and that the next version will enable it by default.

    Why isn't it already the default setting?

    (Android Security Team member here... though these are my own perceptions and opinions, not an official statement.)

    Two reasons:

    First, because it's not completely trivial to make it work correctly, all the time, every time, on hundreds of different devices. Android uses dm_crypt, so the foundation is solid, well-proven code, but that doesn't mean there aren't tricky corner cases. With the huge number and variety of Android devices out there, you can be certain that if there's a way it can go wrong, it will. So, conservatism suggests it's a good idea to make it optional for a while and shake out any issues. It's been optional for three years now, and is in use on many devices (I don't know how many; I'd guess tens of millions, though), so it's time to take the next step.

    Second, performance was a problem. Not run-time performance -- AES is really fast -- but the initial encryption required reading and writing many gigabytes so it took a long time just to do that much I/O. Encrypting by default means that either the device has to be encrypted in the factory, which would be a major production bottleneck, or else users would have to wait 20 minutes for their phone/tablet to start up just after they unbox it. That's a bad user experience. For L this was optimized so it only encrypts blocks that are in use. Since on a new device very little of the data partition is in use, very little has to be encrypted. That makes the initial encryption very fast (a few seconds).

    There's actually another device encryption-related improvement coming in L. I'd love to describe it in detail since I worked on parts of it, but the article doesn't mention it so I'll hold off.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  5. Re:Good by Mike+Buddha · · Score: 4, Informative

    iOS, like Android, only encrypts all data if a user opts to put a pin in. iOS8 might be different, but all prior version of iOS only encrypted when a pin was entered.

    --
    by Mike Buddha -- Someday the mountain might get him, but the law never will.