Google Makes Full-Disk Encryption Mandatory For Some Android 6.0 Devices (itworld.com)

← Back to Stories (view on slashdot.org)

Google Makes Full-Disk Encryption Mandatory For Some Android 6.0 Devices (itworld.com)

Posted by samzenpus on Wednesday October 21, 2015 @06:01AM from the raise-shields dept.

itwbennett writes: Google's plan to encrypt user data on Android devices by default will get a new push with Android 6.0, also known as Marshmallow. Devices with enough memory and decent cryptographic performance will need to have full-disk encryption enabled in order to be declared compatible with the latest version of the mobile OS. From the ITWorld article: "The move is likely to draw criticism from law enforcement officials in the U.S. who have argued over the past year that the increasing use of encryption on devices and online communications affects their ability to investigate crimes. In addition to encryption, Google also mandates verified boot for devices with AES performance over 50MB/s. This is a feature that verifies the integrity and authenticity of the software loaded at different stages during the device boot sequence and protects against boot-level attacks that could undermine the encryption."

150 comments

Min score:

Reason:

Sort:

Sigh by Trailer+Trash · 2015-10-21 06:03 · Score: 3, Funny

The terrorists and criminals have won :(

--
Do you have ESP?
1. Re:Sigh by tripleevenfall · 2015-10-21 06:05 · Score: 1
  
  Apple has won, at least until the array of Andriod devices available catches up to all be resistant to government snooping.
  *ducks*
2. Re:Sigh by mlw4428 · 2015-10-21 06:07 · Score: 1
  
  What does Apple have to do with this? Are you that much of an Apple freak?
3. Re:Sigh by Anonymous Coward · 2015-10-21 06:16 · Score: 0
  
  Apple started the whole device encryption by default on large scale that they don't hold the keys to decrypt.
4. Re:Sigh by UnknowingFool · 2015-10-21 06:30 · Score: 3, Interesting
  
  As per the post earlier today, Apple said it was "impossible" for them to access the files on a customer's iPhone if they had a newer phone. In essence, what Apple is saying is that if law enforcement brings them only the phone of a suspect, Apple cannot technically access the files on the phone without the help of the phone's owner. They did it using a number of processes including full data storage encryption. I suspect that it has been optional on Android since not all devices had the all the hardware pieces in place to secure the phone completely.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
5. Re:Sigh by narcc · 2015-10-21 06:39 · Score: 1
  
  You mean Blackberry.
  
  --
  Required reading for internet skeptics
6. Re:Sigh by Anonymous Coward · 2015-10-21 07:11 · Score: 0
  
  Apple was required to make this statement after it was issued with a FISA warrant. In reality Apple can decrypt these devices but the government doesn't want users avoiding Apple devices or using there own encryption.
7. Re:Sigh by 0123456 · 2015-10-21 07:13 · Score: 1
  
  You mean Blackberry.
  He did say 'large scale'.
  But, I must admit, I almost got a Blackberry when my old phone broke, because I don't trust Android 'security' at all. Unfortunately, the only reason to have a smartphone was for the one app I have to run for work, and I wasn't sure whether it would run on a Blackberry.
8. Re:Sigh by Anonymous Coward · 2015-10-21 07:22 · Score: 0
  
  The only organization I'm aware of that's acknowledged auditing ios I the NSA. Trust them as much as you want to.
9. Re: Sigh by Redbehrend · 2015-10-21 07:44 · Score: 1
  
  Um my android phone from 3 years ago came encrypted, what does apple have to do with this? BlackBerry, and even some old dumb phones had full encryption by default. Apple fan boys always think they invented the wheel....
10. Re: Sigh by BronsCon · 2015-10-21 08:16 · Score: 1
  
  This. Full-disk encryption has been an option on Android for some time now and my Nexus 6 shipped with it on by default and unable to be turned off (without hacks, at least, which involve wiping all encrypted partitions, so they'd be quite obvious if attempted).
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
11. Re: Sigh by UnknowingFool · 2015-10-21 08:49 · Score: 1
  
  Due to the wide variety in Android hardware, not all Android devices could do this so it was optional. Even after this announcement, not all Android devices will be capable, only those that meet a minimum threshhold. Since Apple controls both hardware and software, making full disk encryption for all their iPhones the default was easier.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
12. Re: Sigh by Anonymous Coward · 2015-10-21 09:04 · Score: 0
  
  Android is open source so everything is optional. But apparently this is a pissing contest. How about this then: Show me a device that only phones home when I want it to and that will not hand over my private data to anyone. Oh, and an assurance is not enough. I need proof. Apparently both Android and IOS suck donkey balls.
13. Re:Sigh by Anonymous Coward · 2015-10-21 09:20 · Score: 0
  
  Woohoo!!! Go terrorist and criminals! I rarely see eye to eye with them, but it's good see we both value our rights and due process.
14. Re: Sigh by bill_mcgonigle · 2015-10-21 10:45 · Score: 3, Informative
  
  And now (finally) in 6.0 it'll be hardware-accelerated. So it'll be usable and not panned like the Nexus 6.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
15. Re: Sigh by BronsCon · 2015-10-21 10:53 · Score: 1
  
  The Snapdragon 805 in the Nexus 6 has hardware encryption support and it has been supported since Android 5.1.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
16. Re:Sigh by antdude · 2015-10-21 19:22 · Score: 1
  
  I don't trust companies that they don't have access to their on encrypted datas if they (creat/mad)e them. How did they develop and test them then?
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
17. Re:Sigh by UnknowingFool · 2015-10-22 01:10 · Score: 2
  
  Um, it's not their data. It their customer's data. That's like saying you won't buy a Dell server if Dell can't break into your server.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
18. Re:Sigh by macs4all · 2015-10-22 04:48 · Score: 1
  
  You mean Blackberry.
  Are they still in business?
19. Re:Sigh by macs4all · 2015-10-22 04:49 · Score: 1
  
  Apple was required to make this statement after it was issued with a FISA warrant. In reality Apple can decrypt these devices but the government doesn't want users avoiding Apple devices or using there own encryption.
  Prove it, or STFU.
20. Re:Sigh by macs4all · 2015-10-22 04:53 · Score: 1
  
  As per the post earlier today, Apple said it was "impossible" for them to access the files on a customer's iPhone if they had a newer phone. In essence, what Apple is saying is that if law enforcement brings them only the phone of a suspect, Apple cannot technically access the files on the phone without the help of the phone's owner. They did it using a number of processes including full data storage encryption. I suspect that it has been optional on Android since not all devices had the all the hardware pieces in place to secure the phone completely.
  And since part of Apple's solution is hardware-based (and this is the reason that their "can't decrypt" statement does not apply to iPhones prior to either the 5 or 4s) or to phones running earlier to iOS 8 (I believe).
  
  If Google's solution is not at least partially hardware-based, then it is only a partial solution, which is tantamount to Security Theatre.
  
  Not that it matters, because most existing Android phones will never see Android 6.0, anyway.
21. Re:Sigh by macs4all · 2015-10-22 04:54 · Score: 1
  
  I don't trust companies that they don't have access to their on encrypted datas if they (creat/mad)e them. How did they develop and test them then?
  You are a well and proper idiot, idiot.
22. Re:Sigh by UnknowingFool · 2015-10-22 06:52 · Score: 1
  
  If Google's solution is not at least partially hardware-based, then it is only a partial solution, which is tantamount to Security Theatre.
  That's not my reading of the situation. The benefit of Android is that it will run on many different devices. The drawbacks of Android is that it has to run on many different devices. Some Android devices have all the hardware in place to implement full encryption. Some already have. But since Google cannot dictate what hardware runs on Android, it can only dictate minimums.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
23. Re:Sigh by Shirley+Marquez · 2015-10-22 07:16 · Score: 1
  
  Yes. They even still make phones. They released a couple of new BlackBerry models (the Passport and the Classic) last year, though those phones may be the last classic BlackBerry phones. They recently announced a new phone, Priv, which is based on Android with added BlackBerry services and security software. (According to Engadget it will start shipping on November 16 - http://www.engadget.com/2015/1... )
24. Re:Sigh by macs4all · 2015-10-22 08:01 · Score: 1
  
  If Google's solution is not at least partially hardware-based, then it is only a partial solution, which is tantamount to Security Theatre.
  That's not my reading of the situation. The benefit of Android is that it will run on many different devices. The drawbacks of Android is that it has to run on many different devices. Some Android devices have all the hardware in place to implement full encryption. Some already have. But since Google cannot dictate what hardware runs on Android, it can only dictate minimums.
  Ok, then I will revise my comment to read "On Devices which do not provide for some hardware security component with keys that are unknown and unreadable except within said security component (e.g., Apple's Security Enclave), Google's approach is tantamount to Security Theatre; because said methods are at least potentially compromise-able through legal process or "rubber-hose" crypto-analysis techniques."
  
  There, is that precise enough for ya?
25. Re:Sigh by macs4all · 2015-10-22 08:03 · Score: 1
  
  Yes. They even still make phones. They released a couple of new BlackBerry models (the Passport and the Classic) last year, though those phones may be the last classic BlackBerry phones. They recently announced a new phone, Priv, which is based on Android with added BlackBerry services and security software. (According to Engadget it will start shipping on November 16 - http://www.engadget.com/2015/1... )
  The comment was actually intended as a joke; however, if their new phones are based on Android, then they are a Joke. See this, and other similar articles regarding Android's "Security".
26. Re:Sigh by niftymitch · 2015-10-22 11:07 · Score: 1
  
  You mean Blackberry.
  He did say 'large scale'.
  But, I must admit, I almost got a Blackberry when my old phone broke, because I don't trust Android 'security' at all............
  The troubles at Blackberry have opened the door for others.
  At one time Blackberry had a lock on industrial and government blessed portable
  phones and devices. They lost a lot when some nations mandated side doors.
  Now some of those nations have been hacked by international, state, local bad guys.
  These hacks have renewed the demand for security enhancements.
  Time to update something -- always something in need of an update ....
  
  --
  Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
27. Re:Sigh by UnknowingFool · 2015-10-22 17:12 · Score: 1
  
  It would have sufficed to say some Androids employ full disk encryption but like all things Android the consumer has to really research whether their Android phone has that feature.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
28. Re:Sigh by Trailer+Trash · 2015-10-23 07:29 · Score: 1
  
  Amazingly, I have the only top-level post on this story two days later.
  
  --
  Do you have ESP?
Link doesn't mention encryption at all by gweilo8888 · 2015-10-21 06:06 · Score: 1, Informative

Does anybody even proofread these summaries? What, precisely, is the point of a link from the words "need to have full-disk encryption enabled" to a page that doesn't mention the word encryption even a single time?
1. Re:Link doesn't mention encryption at all by gstoddart · 2015-10-21 06:23 · Score: 2
  
  Ummm ... what? If you mean the first link, "crypto" appears like 25 times.
  So what, precisely, are you trying to say? Because the ENTIRE TFA is about encryption.
  
  --
  Lost at C:>. Found at C.
2. Re:Link doesn't mention encryption at all by HairyNevus · 2015-10-21 06:23 · Score: 1
  
  True, the second link that you call out doesn't mention encryption at all. It's another story about the technical details (specifically app permissions and how that might influence the security of the new OS) of Android 6.0, but not entirely relevant to the encryption issue brought up in TFS. It belongs up there, just maybe should have gotten its own sentence introducing it. But, that might be being a little nitpicky for a site that runs on user-generated summaries for the articles it posts.
  
  --
  You were critically hit for no damage. The bruise will look nice, and maybe the scars will make good party talk.
3. Re:Link doesn't mention encryption at all by HairyNevus · 2015-10-21 06:28 · Score: 1
  
  Ahh, they've taken his complaint to heart, and now moved the second link to the words "Android 6.0". Was "need to have full-disk encryption enabled" before.
  
  --
  You were critically hit for no damage. The bruise will look nice, and maybe the scars will make good party talk.
4. Re:Link doesn't mention encryption at all by gweilo8888 · 2015-10-21 07:29 · Score: 1
  
  Probably should've read my full post before you replied, because I identified exactly which link I was talking about. I provided the exact phrase on which the link was placed; that link has since been moved to the words Android 6.0. (And the fact those words no longer had a link should probably have tipped you off.)
Verified boot by who? by erapert · 2015-10-21 06:06 · Score: 5, Insightful

Google also mandates verified boot for devices with AES performance over 50MB/s.
Who verifies it?

Google verifies it (with NSA consent)?
Or is it completely, 100% open source such that I can compile my own boot loader and sign it with my own key and install it myself?

Anything else really just means that the NSA have a backdoor to your device that you cannot remove because your boot loader is locked against you.
1. Re:Verified boot by who? by behrooz0az · 2015-10-21 06:17 · Score: 1
  
  It has been opensource for ages.
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
2. Re: Verified boot by who? by Anonymous Coward · 2015-10-21 06:25 · Score: 1, Informative
  
  Android's full disk encryption is just an adaptation of dm-crypt. All the source code is in AOSP and the Linux kernel.
  Yes, the radio firmware has privileged access and is closed. But that is true for ANY cell phone. If you're concerned about that, then don't use a cell phone, because malicious firmware can potentially pull anything else out of memory if it wanted.
  To call this anything but an improvement is extremely short sighted. Take off your tinfoil hat, please.
3. Re: Verified boot by who? by hawguy · 2015-10-21 06:46 · Score: 4, Interesting
  
  Android's full disk encryption is just an adaptation of dm-crypt. All the source code is in AOSP and the Linux kernel.
  Yes, the radio firmware has privileged access and is closed. But that is true for ANY cell phone. If you're concerned about that, then don't use a cell phone, because malicious firmware can potentially pull anything else out of memory if it wanted.
  To call this anything but an improvement is extremely short sighted. Take off your tinfoil hat, please.
  Is there any way to audit whether the dm-crypt installed on your device matches the source code? Few people compile their own kernel, so it seems that it would be easy for Google or cellular carrier to slip a back door into the module.
  Likewise, I wonder how secure Apple's encryption is -- their very public fight against the DoJ could just be a smokescreen to hide the fact that the government can trivially crack the phones, they just don't want anyone to know. Their fight against the DoJ brings this quote to mind: "The lady doth protest too much, methinks."
4. Re: Verified boot by who? by Anonymous Coward · 2015-10-21 06:56 · Score: 0
  
  This is Slashdot. They issue you a tinfoil hat when you log in.
5. Re:Verified boot by who? by skids · 2015-10-21 07:07 · Score: 1
  
  Except that the verification keys used are not public, and in general, no option to install additional trusted keys is made available. It basically kills the ability to have custom boot loaders for backup/restore or for any other reason and makes it rather easy to hard-brick the device as no utility to undo an unverifiable bootloader is made availble to the public. The age of mods is coming to an end unless consumer demand for devices that they can add keys to rises to unlikely levels.
  (Often the keys are manufacturer specific and roms from different carriers can be booted on the same device, but the carriers could easily lobby the manufacturers to truly lock the devices they sell to their network.)
  
  --
  Someone had to do it.
6. Re: Verified boot by who? by 0123456 · 2015-10-21 07:14 · Score: 3, Insightful
  
  This is Slashdot. They issue you a tinfoil hat when you log in.
  If you're not wearing a tinfoil hat, you haven't been reading the news for the last few years.
7. Re:Verified boot by who? by behrooz0az · 2015-10-21 07:38 · Score: 4, Informative
  
  Keys are generated on the fly, Go read the source code for fucks sakes. It's there.
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
8. Re: Verified boot by who? by behrooz0az · 2015-10-21 07:45 · Score: 1
  
  yes, there are compiler flags to help you ensure that.
  You can get the source code and compile it once and match it against all phones. It's pretty easy to verify you can just dd if=/dev/mmcblk0p## | sha1sum -
  This is a good example of how linux distributions are trying to achieve this.
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
9. Re: Verified boot by who? by Redbehrend · 2015-10-21 07:49 · Score: 1
  
  Also Locked boot loaders are for carrier locking and nothing else. Since the source is available online...
10. Re:Verified boot by who? by swillden · 2015-10-21 07:51 · Score: 1
  
  Or is it completely, 100% open source such that I can compile my own boot loader and sign it with my own key and install it myself?
  Yes.
  The Android verified boot specification requires that unlockable devices allow you to install your own verification key, to verify your own system images. Boot loaders mostly aren't open source, unfortunately, so it'll be an OEM-provided bootloader that's using your key. Google is working on that. The starting point is the new Pixel C tablet, which uses ChromiumOS's open source boot loader, so the full stack is open (though there are still bits of closed firmware, sigh).
  Oh, and note that I said *unlockable* devices. Verified boot will cause non-unlockable devices to be even harder to muck with. I'm actually hopeful that this will increase the availability of unlockable devices by increasing demand for them. We'll see if it works out that way.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
11. Re: Verified boot by who? by hawguy · 2015-10-21 07:56 · Score: 1
  
  yes, there are compiler flags to help you ensure that.
  What are those compiler flags?
  How do I know what flags and which version of which compiler Google used to compile the binaries on my phone? Does Verizon use the same flags and compiler as everyone else?
  
  You can get the source code and compile it once and match it against all phones. It's pretty easy to verify you can just dd if=/dev/mmcblk0p## | sha1sum -
  So if I run that on a Verizon phone and an AT&T phone is the difference due to different packages put there by the carriers, different compiler flags and/or compiler version, or because someone put a backdoor in some module?
  
  This is a good example of how linux distributions are trying to achieve this.
  Is Google going to include this in their Android bulids?
12. Re:Verified boot by who? by Anonymous Coward · 2015-10-21 08:08 · Score: 0
  
  you do not know that. what is known is that the code on your phone is NOT same as what google releases as 'open source'.
13. Re:Verified boot by who? by Anonymous Coward · 2015-10-21 08:17 · Score: 0
  
  100% open source, part of the Linux kernel for a long time, and vetted by the NSA and NIST for FIPS/Common Criteria/EAL certification.
  If you have root, you can split your screen locker PIN from the passphrase to unlock /data, which means if a bad guy steals the device, then tries to decode it from the pre-boot screen or dd off the filesystem, they have a really hard passphrase to guess... not just 4-6 digits. Even "correct horse battery staple" will foil almost anyone except a /. reader.
  Android's encryption of /data is as good as it gets, and some devices use EncFS to encrypt SD cards (which provides file based, not image based encryption.)
14. Re:Verified boot by who? by Anonymous Coward · 2015-10-21 08:18 · Score: 0
  
  Anything else really just means that the NSA have a backdoor to Google's device that you cannot remove because your boot loader is locked against you.
  FTFY. You're apparently under the mistaken impression that it's your device. Silly disembodied eyeballs. Now get back to reading advertisements.
15. Re:Verified boot by who? by BronsCon · 2015-10-21 08:23 · Score: 4, Informative
  
  The actual OS portion of it is, actually. It is the Google apps and framework (e.g. non-AOSP) and hardware-specific drivers (e.g. not part of Android) that are not open source. Test this by fetching a system image for your phone (assuming a Nexus device, where Google is actually the one releasing the binaries; there is no guarantee that a different OEM doesn't change things, in fact that is quite common.. so, again, a Nexus device), extract the /system partition, and replace the binaries with your own versions compiled from source (same version of Android, of course, so drivers and the Google bits still work), roll that back into the image, and flash it.
  
  10 to 1 it'll boot and work just fine. If you weren't an AC I'd put money on it.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
16. Re: Verified boot by who? by Anonymous Coward · 2015-10-21 08:28 · Score: 0
  
  No security is absolute. It's always a trust game.
  I'm going to go with "Secure enough" - Secure enough to protect you against crooks looking to steal your banking details, secure enough to keep jealous ex boyfriends from stalking the people on your contact list, secure enough to keep the work emails on your phone away from competitors, secure enough to keep lazy pigs at traffic stops from slurping up your phone's contest wit a handheld lazy pig point-and-dool privacy invasion devices.
  And secure enough, it seems, too to keep ordinary law enforcement out. If you're doing anything interesting enough to garner the interest of the NSA, however, you probably should not use a smartphone. That's just common sense.
17. Re: Verified boot by who? by ColdWetDog · 2015-10-21 08:33 · Score: 1
  
  You clearly should not use a cell phone. Your plans to ... well, whatever ... are clearly too sensitive to risk it.
  Call the Mossad.
  
  --
  Faster! Faster! Faster would be better!
18. Re: Verified boot by who? by hawguy · 2015-10-21 08:38 · Score: 1
  
  You clearly should not use a cell phone. Your plans to ... well, whatever ... are clearly too sensitive to risk it.
  Call the Mossad.
  I questioned whether or not Google (or Apple's) assurance that cell phone encryption is secure, and that means I shouldn't use a cell phone?
  I also questioned whether or not the tree in my front yard is going to grow roots through the sewer line (it did), should I stop using the toilet as well?
19. Re:Verified boot by who? by Anonymous Coward · 2015-10-21 09:22 · Score: 0
  
  I won't say I'm not worried from governments and associated crooks (considering I write about important social changes), but for my mobile phone that I don't use much for important stuffs, I will be happy to have full-disk encryption by default in case of loss and common thievery. And I will be happy when people I contact will have the same level of protection (if they use a proper lockscreen, because of course, their mobile phone will be on in 99% cases... the screen will be unlocked in a good number of cases though, if robbed while in hand... in the future, thieves might be more careful not to even let the lockscreen timeout come, nor press the lock button, until they're safe to disable the timeout -I don't suppose you're asked for your password/hand gesture/photo/fingerprint for this-, and to plug a USB cable for a complete data dump...).
20. Re: Verified boot by who? by Anonymous Coward · 2015-10-21 09:58 · Score: 0
  
  And when told "yes" and given evidence to this fact you still persist with your "what if" game. Clearly you are not interested in the answer unless it is "no" and will be unlikely to believe anything else. Your cognitive bias is getting in your way here.
21. Re:Verified boot by who? by Beat+The+Odds · 2015-10-21 10:00 · Score: 1
  
  Keys are generated on the fly, Go read the source code for fucks sakes. It's there.
  I'd feel better if the key was generated BY a fly, because they really know their shit!
22. Re: Verified boot by who? by behrooz0az · 2015-10-21 10:07 · Score: 1
  
  the usual flags are the ones that make sure extra debug info like kernel version and name of the source files are not included in the build. just using gcc -o a.out file.c produces a reproducable binary most of the times(sometimes it depends on the source code, freakishly weird macros and crazy stuff we programmers do because of our pride)
  
  verizon is legally required to provide the flags they used as per GPL license for the GPL licensed part of code.
  I guess the only way is to check each one on its own.
  
  Google already does provide everything, didn't you get the famous twit?
  
  IIRC samsung was sued over this(not very recent) and they said they will try to be more transparent and make reproducable builds easier to build for normal haxors.
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
23. Re: Verified boot by who? by hawguy · 2015-10-21 10:44 · Score: 1
  
  And when told "yes" and given evidence to this fact you still persist with your "what if" game. Clearly you are not interested in the answer unless it is "no" and will be unlikely to believe anything else. Your cognitive bias is getting in your way here.
  Referencing some unnamed compiler flags, comparing block devices across "all phones" even when those block devices differ among carriers and phones, and pointing to an experimental Debian project is not really a "yes", it's a "well, it could be".
  This is Slashdot, not a consumer news site, no need to use vague handwaving to explain why something is or is not possible. If you know it's possible, then just say why.
24. Re: Verified boot by who? by rtb61 · 2015-10-21 15:57 · Score: 1
  
  In this case the encryption has more to do with marketing than anything else. With M$ going in the opposite direction probing every millimetre of your technological life they can and basically claiming ownership of your hard disk and network connection and saying it's OK because Android does something sort of in some ways somewhat similar. Google is looking to distance Android from that so a surge in security measure as being the opposite of M$'s windows 10 every computer orifice probe. Apple is also starting to push security for the same marketing advantage, M$ is going to get hammered and it will create some huge product problems with them pushing no security for your from them and Google and Apple pushing (in terms of marketable products rather than actually full privacy and security) security for you from everyone, even the government. This will be used to create the right psychological framework to push that security advantage into business and educational operating systems. They are going to milk M$s blunder for all that it is worth and they are likely to succeed, especially if they can push anti M$ windows 10 legislation targeting invasion of privacy, especially business, medical and educational computer based interactions. Windows 10SE might be a lot closer than M$ would care to admit, yet.
  
  --
  Chaos - everything, everywhere, everywhen
25. Re:Verified boot by who? by Anonymous Coward · 2015-10-22 01:30 · Score: 1
  
  But this is exactly the point. If your modified OS can be installed and run in place of the original, then what was the point of "verified boot"? If it can't, that's tivoization and fundamentally anti-software-freedom.
  *Unless* you skipped a step where you installed a custom signing key somehow.
26. Re:Verified boot by who? by behrooz0az · 2015-10-22 02:58 · Score: 1
  
  Well, You could literally do that if You put a fly in a box with your phone in it and ground the fly with a thin wire.
  This is the GUI used by the connectbot ssh client:
  https://techronilces.files.wor...
  source:
  https://techronilces.wordpress...
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
27. Re: Verified boot by who? by macs4all · 2015-10-22 05:11 · Score: 1
  
  Likewise, I wonder how secure Apple's encryption is -- their very public fight against the DoJ could just be a smokescreen to hide the fact that the government can trivially crack the phones, they just don't want anyone to know. Their fight against the DoJ brings this quote to mind: "The lady doth protest too much, methinks."
  I'm sure the Government is going to get two branches to collude, plus Apple's counsel, all to bolster Apple's iOS sales, when everyone on Slashdot keeps saying that Android is the dominant platform, and that Apple isn't used by anyone but clueless morons with too much spendable cash and teenage girls wanting an iFashion Accessory.
  
  Afterall, if you're a Terrist, why get an iPhone that all-but-requires an Apple ID, when you can get a "burner" Android phone for free, or nearly free, at every Mom and Pop "Cellular Phone Shack" in the world?
  
  Slashdot wisdom (and real wisdom) handily defeats the "logic" of your argument, you ignorant slut.
28. Re: Verified boot by who? by macs4all · 2015-10-22 05:12 · Score: 1
  
  And when told "yes" and given evidence to this fact you still persist with your "what if" game. Clearly you are not interested in the answer unless it is "no" and will be unlikely to believe anything else. Your cognitive bias is getting in your way here.
  Personally, I think it has more to do with his IQ score, and less to do with Cognitive Bias.
29. Re:Verified boot by who? by Anonymous Coward · 2015-10-22 05:33 · Score: 0
  
  Who verifies it?
  Google verifies it (with NSA consent)?
  If you want to see the right way to do these things, look at ChromeOS. There's a developer switch with boot warnings for users, but you can always flip the switch. Then there is a developer _screw_ inside the device, that lets you overwrite the first bit of code to run, the one that contains Google's public keys, so you can put your own public keys in there, or disable the boot warning. The developer switch has three positions, not two, so you can enable things that allow greater attack service, like shell and 'su', without disabling verified boot.
  The point of verified boot is to defeat persistence. If you are exploited by one of the 0-days surely left in Chrome and in Linux, you will be compromised, and your Chromebook will be perverted. Perhaps the exploit will write itself to disk so it can survive reboot. Nothing can stop it. But once you reboot, the machine will panic the first time it tries to reload the exploit from disk.
  There is still a DRM system, for "attestation," unfortunately: remote web sites can confirm you have not flipped your developer switch, iff you enable this system. The user can disable it by unchecking a box. It's supposed to be useful for getting the high resolution videos that Amazon for example only allows to stream to sticks and rokus, not to desktops, but of course Amazon does not use the system. Once again, engineers who "don't care about politics, just want to get work done," and lick the jackboot, are disappointed in step 2. . . but, that is the intent, anyway: to qualify for DRM regimes that normal desktops don't, but without violating privacy to the extent other qualifying devices do. I think it's also useful for the enterprise stuff: companies can build VPNs that keep Chromebooks off unless they are in verified boot mode.
  The signing key for verified boot is controlled by Google.
  The update mechanism doesn't offer hardware serial numbers, so there is some barrier Google could use as an excuse if ordered by American National Security fascists to push a poison update to just one device to catch some suspected paedophile and Occupy Wall Street organizer. This could be improved, but there is at least a little thought given to it.
  There is a TPM-based rollback prevention state machine. You can always install an older ChromeOS, but it will wipe userdata first, so you can't install an old version with a bug in it to read out the user's data.
  If you want to see the wrong way to do these things, look at Android.
  - keys controlled by manufacturer, not Google. Go ahead, fuss about the NSA. At least it is slightly more surprising if NSA steals Google's private key than steals Samsung's, or Huawei's.
  - no dev switch. Users are locked out of their devices.
  - verifies the kernel only. no verification on userland. The userland is not even fully read-only to the extent ChromeOS's is.
  - there are more keys than "verification" keys. There are also update signing keys. This does not count as "verification" for me because it doesn't defeat persistence in presence of 0-days. Keys are chained in a highly goofy manner: the OS has included in it the keys of the updates it will accept, so you can push an update that updates the list of keys. The chain of keys and key updates stretches over the device's history, facilitating persistence. In ChromeOS, the chain is unwound on every boot: read-only firmware checks signature on read-write firmware. The read-write firmware checks the signature on the kernel binary and its commandline. The kernel's command line includes the key for verifying the read-only filesystem. The top of the chain, the read-only firmware, is _read-only_ and contains Google private key, so the list of dependent keys can be narrowed by a combination of expiry, updates, and TPM rollback prevention, but it cannot be expanded outside a chain rooted in the read-only firmware unless you rem
30. Re: Verified boot by who? by hawguy · 2015-10-22 05:39 · Score: 1
  
  Likewise, I wonder how secure Apple's encryption is -- their very public fight against the DoJ could just be a smokescreen to hide the fact that the government can trivially crack the phones, they just don't want anyone to know. Their fight against the DoJ brings this quote to mind: "The lady doth protest too much, methinks."
  I'm sure the Government is going to get two branches to collude, plus Apple's counsel, all to bolster Apple's iOS sales, when everyone on Slashdot keeps saying that Android is the dominant platform, and that Apple isn't used by anyone but clueless morons with too much spendable cash and teenage girls wanting an iFashion Accessory.
  Sure, I mean, what are the chances that the DoJ would collude with the NSA to keep secret surveillance secret? The DoJ is there to protect us from the excesses of the NSA, right?
  http://yro.slashdot.org/story/...
31. Re: Verified boot by who? by macs4all · 2015-10-22 05:48 · Score: 1
  
  Sure, I mean, what are the chances that the DoJ would collude with the NSA to keep secret surveillance secret? The DoJ is there to protect us from the excesses of the NSA, right?
  ...and what about the rest of my argument, that you so disingenuously ignored?
32. Re: Verified boot by who? by hawguy · 2015-10-22 06:04 · Score: 1
  
  Sure, I mean, what are the chances that the DoJ would collude with the NSA to keep secret surveillance secret? The DoJ is there to protect us from the excesses of the NSA, right?
  ...and what about the rest of my argument, that you so disingenuously ignored?
  Well, I didn't think it was a serious argument:
  
  Afterall, if you're a Terrist, why get an iPhone that all-but-requires an Apple ID, when you can get a "burner" Android phone for free, or nearly free, at every Mom and Pop "Cellular Phone Shack" in the world?
  I have no answer for that since I don't know what phone a "Terrist" would use, nor do I think that Android is any more secure than Apple from NSA surveillance. And of course, the real problem of invasive government surveillance is that it doesn't just target terrorists, since anyone can be branded as terrorist with no evidence of wrongdoing at all, the problem is that it targets *everyone*.
33. Re:Verified boot by who? by karmatic · 2015-10-22 07:17 · Score: 1
  
  Who verifies it?
  http://source.android.com/devi...
  http://source.android.com/devi...
  It's a hardware key. The good news is that you can unlock it if you want.
  When you transition from a locked state to an unlocked state, the device is wiped. If the device is unlocked, there is a warning on the boot screen.
  So, if an evil organization tries to backdoor your phone (or you just want to flash another OS on it), the data is lost and a warning comes on. You are free to do as you want with the device. Should you wish to re-sell the phone, you can restore it to factory.
  If you can replace the keys, the NSA can too.
34. Re: Verified boot by who? by karmatic · 2015-10-22 07:19 · Score: 1
  
  Is there any way to audit whether the dm-crypt installed on your device matches the source code? Few people compile their own kernel, so it seems that it would be easy for Google or cellular carrier to slip a back door into the module.
  It's intended to have a chain of trust. The hardware verifies the boot partition, and the boot partition verifies the other partitions. If the signature on the system partition matches, then dm-crypt was not tampered with.
35. Re: Verified boot by who? by hawguy · 2015-10-22 07:54 · Score: 1
  
  Is there any way to audit whether the dm-crypt installed on your device matches the source code? Few people compile their own kernel, so it seems that it would be easy for Google or cellular carrier to slip a back door into the module.
  It's intended to have a chain of trust. The hardware verifies the boot partition, and the boot partition verifies the other partitions. If the signature on the system partition matches, then dm-crypt was not tampered with.
  But that only verifies that dm-crypt was the one that Google (or verizon, or whoever) put there, I'm more interested in validating that the dm-crypt that's there matches the source code that everyone has looked at and trusts. It doesn't even have to be malicious, how do you know that a carrier doesn't say "Hey, if we comment out the slow parts of the encryption library, it's 90% faster and it sure looks like the data is still encrypted, so it should be safe".
36. Re:Verified boot by who? by BronsCon · 2015-10-22 13:17 · Score: 1
  
  You do have a point with this. With verified boot, you'll have to compile with the same compiler, compiler version, and compiler flags, which will wield identical binaries and the signature will remain valid after you replace the binaries with your self-compiled versions. After all of that, you've accomplished nothing, but hey, at least you know the binaries belong to the code, right?
  
  In case anyone is confused about my position on open source: Yes, it has benefits in that you can review the code if you care to do so, and you can compile from source if so inclined. However, it has drawbacks in the form of the circlejerk that is the open source community at large. "Oh, it's open source? It's automatically better." No, sorry, it's not, remove your hand from the penis of the man to your right and remove your penis from the hand of the man to your left and realize that there are many facets to good software. Honestly, most open source projects lack most of the qualities of good software, namely usability and stability, and that's ignoring the security aspect; most projects follow a development pattern along the lines of "we're a small team of nerds who need a specific tool that works a specific way, we know what we need and how it should work so we don't need documentation, any automation we can bring to this task is an improvement over the current state of things so we don't care if it's stable; it'll be modeled after our current process which probably won't make sense to most people but it'll be usable for us and that's what matters. Oh, and being an internal tool used by this small group of trusted individuals, it will be secure by default... in our environment, at least". Does a project like that work? Perhaps, if you're a member of the development team and actually don't need documentation, if you're familiar with the workflow the program was written to follow and that workflow makes sense for your use case, if you're willing to accept software that crashes if you don't feed it exactly the input it expects, and especially if you don't care about security. Or if you have time to review the source and fix these issues.
  
  But really, software is a tool. Find the tool that works for you, the one that does the best job with the least effort, and if security is a concern (and it should be), you should already be using a layered approach that negates the absolute need to review the source code and compile your own binaries (not that anyone honestly does this anyway). Is it nice to be able to do that? Sure, but if you think it is necessary, you are taking the wrong approach to security.
  
  So yes, I use (and support) open source where open source actually works, and I pay for software where open source does not. I pay for a lot of software. Android works better for me than iOS on my phone (which I use differently than a tablet), but iOS works better for me on a tablet; for some reason this blows peoples' minds, but that's the reality of the current market, for me. Oh, and I quite enjoy stirring the pot with regard to choice of platform, especially given that I use all of the major platforms at least once in the course of any given workday.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
So when I upgrade my existing phone to a Nexus 6.. by mmell · 2015-10-21 06:07 · Score: 1

...they'll have already done what I do the instant the battery is over 85% charged (with my current Nexus 5, that's right out of the box).
Complain all you want. by Anonymous Coward · 2015-10-21 06:10 · Score: 0

Seeing as most people are NOT criminals, we have every right to encrypt our data and keep it out of the police's hands. This being said, it would be logical to take this right away from digital offenders (child porn, people selling prostitutes, etc) in order to prevent continued offenses. I fully support encryption getting better and better, because increasing amounts of our lives are on our devices. Not encrypting is a lot like leaving our door unlocked and putting a sign up for thieves that says "Come get free stuff"
1. Re:Complain all you want. by Anonymous Coward · 2015-10-21 06:15 · Score: 0
  
  "Seeing as most people are NOT criminals" If we already knew this we wouldn't have a knock-down, drag-out over firearms every month.
2. Re:Complain all you want. by spire3661 · 2015-10-21 07:06 · Score: 1
  
  "This being said, it would be logical to take this right away from digital offenders (child porn, people selling prostitutes, etc) in order to prevent continued offenses"
  
  FUCK YOU
  
  Sincerely,
  
  Liberty
  
  --
  Good-bye
3. Re:Complain all you want. by BronsCon · 2015-10-21 08:28 · Score: 1
  
  Fuck the police, we have every right to encrypt our data to keep it out of the hands of criminals. Criminals, who, of course, will encrypt it if they get it. Except that most criminals aren't that smart.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
4. Re: Complain all you want. by Anonymous Coward · 2015-10-21 09:50 · Score: 0
  
  There are more laws on the books for any area of the US than any one person can read in a year. Of course everyone is a criminal. We just rely (too heavily) on selective enforcement not to select us.
Honestly, this is good by surfdaddy · 2015-10-21 06:17 · Score: 4, Interesting

First Apple and now Google are pushing back on the US government, which is trying its hardest to spy on people. These companies are compelled to give up information, in secret, without warrants, due to PATRIOT Act and other government "intelligence". This has hurt business for Apple, Google, Microsoft, and others. It seems that they've decided that they are going to make it hard/impossible for the US government to steal their customers' data. Bravo to them.
1. Re:Honestly, this is good by pla · 2015-10-21 06:27 · Score: 5, Insightful
  
  Bravo to them.
  
  Make no mistake, they don't do this out of some love of privacy or benevolence toward their customers. Outside the US, the phrase "Made in America" has become synonymous with "pre-cracked by the NSA". Companies have no more noble goal with efforts like whole-device encryption than not watching their global sales drop to zero over the next few years.
2. Re:Honestly, this is good by Anonymous Coward · 2015-10-21 06:38 · Score: 1
  
  Whatever works. The end result is what matters.
3. Re:Honestly, this is good by Anonymous Coward · 2015-10-21 06:38 · Score: 0
  
  They are not doing it for the goodness of their heart, they see lawsuits coming for taking part during investigations or wiretapping programs and they are probably having increasing costs from court mandated "go decrypt that shit for us" orders, so they are implementing an encryption wall that allows them to wash their hands about it.
  It will certainly benefit them, but governments will most likely move onto installing root-kits though Cellphone company preinstalled bloat software or software embedded in the SIM cards so i do not expect for our situation to be that much better.
4. Re:Honestly, this is good by UnknowingFool · 2015-10-21 06:40 · Score: 5, Insightful
  
  I suspect also that Apple and Google don't want to be responsible any more for law enforcement duties. I can only imagine how many requests they get every week to break into someone's phone. Now they can legitimately say that they can't do it.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
5. Re:Honestly, this is good by Anonymous Coward · 2015-10-21 08:08 · Score: 0
  
  Except that Apple was providing encryption for their phones before the Snowden leaks.
6. Re:Honestly, this is good by Dixie_Flatline · 2015-10-21 08:34 · Score: 1
  
  They love what their customers love. The system works.
7. Re:Honestly, this is good by Anonymous Coward · 2015-10-21 15:31 · Score: 0
  
  Google is trying it's hardest to spy on people. It doesn't matter if the filesystem of the device is encrypted. Google keeps its surveillance records on its servers anyway. Encrypting the hard drive of the device is no better than putting lipstick on a pig.
8. Re:Honestly, this is good by Anonymous Coward · 2015-10-21 20:26 · Score: 0
  
  which is probably exactly the same thought that the NSA has....
9. Re:Honestly, this is good by macs4all · 2015-10-22 05:51 · Score: 1
  
  I suspect also that Apple and Google don't want to be responsible any more for law enforcement duties. I can only imagine how many requests they get every week to break into someone's phone. Now they can legitimately say that they can't do it.
  Exactly.
DRM by ickleberry · 2015-10-21 06:22 · Score: 3, Interesting

I'm gone a bit too cynical to think this is an altruistic effort by Google to protect De People from the government spying on them. Could it just be an attempt to make their DRM more robust?
1. Re:DRM by gstoddart · 2015-10-21 06:28 · Score: 5, Insightful
  
  Possibly, but you can be cynical and not think this is altruistic ... they get the PR of saying "we're on your side" to consumers, as well as eventually saying "now piss off, we can't help you" to law enforcement.
  It can benefit consumers AND be self-serving.
  
  --
  Lost at C:>. Found at C.
2. Re:DRM by swillden · 2015-10-21 06:46 · Score: 1
  
  I'm gone a bit too cynical to think this is an altruistic effort by Google to protect De People from the government spying on them. Could it just be an attempt to make their DRM more robust?
  No, this doesn't do anything to improve the DRM, which is already done in a separate secure OS that has always been cryptographically verified by the bootloader.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
3. Re:DRM by DrJimbo · 2015-10-21 07:58 · Score: 1
  
  It [mandatory full-disk encryption] can benefit consumers AND be self-serving.
  Not according to the standard definitions of self-serving which includes:
  
  1. Serving one's own interests, especially without concern for the needs or interests of others.
  2. Exhibiting concern solely for one's own interests: serving one's own interests often in disregard of the truth or the interests of others.
  It would be more accurate to say that this may be a case where benefiting consumers also benefits the corporate interest. It is curious that you have managed to twist around something good Google has done and spin it as something negative (self-serving). I'm not claiming it was intentional on your part or that it is part of a vast conspiracy but it is part of a larger pattern. Most news stories I've seen about Google doing something good have been spun into stories about Google being evil. Recent memorable examples are Google's fight against software patents and Google's fight for network neutrality. Both of these stories were shrouded with lies about Google doing the exact opposite of what they actually did.
  
  --
  We don't see the world as it is, we see it as we are.
  -- Anais Nin
4. Re:DRM by ColdWetDog · 2015-10-21 08:40 · Score: 1
  
  It's called enlightened self interest. Interesting concept.
  
  --
  Faster! Faster! Faster would be better!
5. Re:DRM by BronsCon · 2015-10-21 08:57 · Score: 1
  
  Something someone does without concern for your needs or interests can still benefit you. For example, the guy who puts a bullet between the eyes of a gunman who's already shot 3 people, and is aiming at you now, probably did so not to save you, but to save himself. You still benefit, though, by not getting shot.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
6. Re: DRM by Anonymous Coward · 2015-10-21 10:03 · Score: 0
  
  That's odd, because LG has their DRM stuff right where anyone can find it using something like Total Commander. It isn't hidden in some secret OS, it is right in the root directory of Android. Ditto on Samsung devices. It's probably not wise to muck with said files, but there they sit.
7. Re: DRM by swillden · 2015-10-21 13:28 · Score: 1
  
  That's odd, because LG has their DRM stuff right where anyone can find it using something like Total Commander. It isn't hidden in some secret OS, it is right in the root directory of Android. Ditto on Samsung devices. It's probably not wise to muck with said files, but there they sit.
  No, they don't. Those are only the Android components that communicate with the trusted OS to do the actual decryption, using keys that are not available to the Android OS. If you remove or muck with the Android components, you'll make DRM-protected video undecryptable, but that doesn't mean they're what is actually doing the decryption.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
8. Re:DRM by gstoddart · 2015-10-21 14:00 · Score: 1
  
  It is curious that you have managed to twist around something good Google has done and spin it as something negative
  Then perhaps you should read the damned comment I replied to instead of pulling this gibberish out of your backside.
  Google is a corporation. By definition, they are self-serving. It just so happens that in order to be self serving, they need to periodically align with consumer interests. But they sure don't do it all the time.
  The GP said they couldn't accept it as altruistic. I agree, there is no way in hell a company does anything for altruistic. Least of all Google. They were doing what was in their own self-interest, ie, it was self serving.
  
  I'm not claiming it was intentional on your part or that it is part of a vast conspiracy but it is part of a larger pattern. Most news stories I've seen about Google doing something good have been spun into stories about Google being evil.
  Boo fucking hoo.
  Because you know what I've concluded about Google over the last bunch of years? Their motto to do no evil is bullshit. It's a cute slogan, nothing more.
  Pretty much everything Google does is for their own means, like I expect every corporation to do.
  In the same way, I trust Google and any other corporation to act like a sociopath -- I can 100% trust them to look out for their own interests, periodically things will align and actually be good for the consumer. But that doesn't mean I believe Google gives a damn about the consumer. It means they can't afford to be too antagonistic.
  Even if Google is "fighting the good fight", it's to protect their own damned financial interests. Ie, it's self serving.
  I have great faith and trust that Google are greedy, self-serving bastards, who may or may not consciously do evil things, and who are easy to vilify as a large and untrustworthy corporation.
  But I will never attribute any of their motivations as altruistic, or focused on the needs of the populace, except where it benefits them.
  So you'll excuse me if I don't care about your semantic wishful thinking about what I meant when I said self serving and aligned with consumer interests. Because I know damned well what I meant.
  And it sure as hell didn't include a benevolent Google looking out solely for our interests. Every damned thing Google does is self serving, that's pretty much the definition of a corporation.
  Get this through your head: Google doesn't give a fuck about you except in terms of how they make money from you. They may not actively seek your destruction, but they sure as hell don't give a crap about you. Which means they're not doing anything for you.
  
  --
  Lost at C:>. Found at C.
9. Re:DRM by macs4all · 2015-10-22 05:59 · Score: 1
  
  Most news stories I've seen about Google doing something good have been spun into stories about Google being evil.
  
  Welcome to the world of Apple News on Slashdot; where this exact form of yellow journalism has been practiced for over a Decade.
  
  Slashdot's just now applying the same form of Editorialism with Google.
No Worries by Anonymous Coward · 2015-10-21 06:27 · Score: 0

Google will surely "do the right thing" and keep their encryption keys for easy government decryption.
Thanks, but I'll stick with my iPhone.
Priorities by Anonymous Coward · 2015-10-21 06:28 · Score: 4, Interesting

Though this is a welcome move, Google has its priorities totally wrong.
As it stands right now, a large percentage of the Android population is running insecure software which, in some cases, is remotely exploitable without user intervention, with no way to mitigate the risk.
This is utterly embarrassing for Android if you think about it. Here we have a (mostly) open source stack that is MUCH LESS secure than its most significant opposition - Apple, which is closed source and absolutely restricted - but we can't do anything about the vulnerabilities because someone in the supply chain decided that it isn't cost-effective to provide something as simple as root access to the OS.
This is partly the manufacturer's and carrier's fault, but it is very much also Google's fault.
If I understand correctly, Google has a set of conditions that manufacturers must meet to be able to ship Google apps with their phone. One of the conditions that Google should be forcing RIGHT NOW is that manufacturers (and carriers) must provide a mechanism to allow updating the operating system (or to replace it entirely).
This shouldn't be a hard thing for Google to do. Heck, for all the evil they do, Microsoft gives you unrestricted access to the Operating System (recent host file shenanigans notwithstanding), and I've never seen a x86 PC that doesn't allow you to wipe Windows and install something else, despite the whole "secure boot" scare.
So, Google, good move, but get your priorities straightened out.
1. Re:Priorities by ancientt · 2015-10-21 08:18 · Score: 1
  
  Disclaimer: While educated speculation, the following is still speculation and therefore this is not libel.
  Do you know why the new Windows phones won't work on Verizon despite having all the necessary hardware? It's because Verizon has decided to not authenticate those phones, in essence blocking a completely capable phone from their network. They get away with it because nobody cares about Windows phones. I mention that to highlight the power the carriers have over the manufacturers and OS companies.
  You wouldn't believe how much of a pain it is to get Cyganomod on my phone, and it's because my carrier is one of the ones that included everything they could to prevent customers from having the ability to really control their phone. Other people with the same phone I have, but with a different carrier, have no trouble at all.
  Apple can dictate terms to the carriers, because people will switch carriers to get an iPhone. That's the only company that has ever succeeded in dictating terms. The carriers have a lock-in by controlling the phone and they don't want to lose that. The only exception is Apple and Apple is just as bad, if not worse, about locking you out of controlling your phone.
  Google does not have the muscle to force carriers to go along with built in OS updating capability and it's hurt them time and time again.
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
2. Re:Priorities by Archangel+Michael · 2015-10-21 08:18 · Score: 1
  
  Carriers should support Phones for 2 years after the last day it was available for sale. I mean, they could simply hand over the blobs needed to get CyanogenMod running on said phone, and unlock the bootloader and pay CM to actually fulfill the need, rather than crying "Proprietary" (no, it isn't).
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
3. Re:Priorities by swillden · 2015-10-21 08:32 · Score: 1
  
  One of the conditions that Google should be forcing RIGHT NOW is that manufacturers (and carriers) must provide a mechanism to allow updating the operating system (or to replace it entirely).
  That mechanism exists, and has existed, and has been mandated, for years.
  The challenge is getting manufacturers and carriers to use it.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
4. Re:Priorities by BronsCon · 2015-10-21 09:04 · Score: 1
  
  Heck, for all the evil they do, Microsoft gives you[1] unrestricted access to the Operating System
  [1]: And everybody else
  
  I kid, of course. But not by much.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
5. Re:Priorities by Anonymous Coward · 2015-10-21 09:13 · Score: 0
  
  Samsung could dictate the terms though. They don't want to though. For example the Knox on my phone is there because it benefits both Verizon and Samsung.
6. Re:Priorities by Anonymous Coward · 2015-10-21 09:14 · Score: 0
  
  So does Microsoft let you do any of that with their phones? No, your comparison sucks.
7. Re:Priorities by Anonymous Coward · 2015-10-21 09:44 · Score: 0
  
  firstly, it's debateable whether android is less secure than ios. ios has had many many times as many CVEs over the years than Android has had.
  Your criticism of Android and Google has little to do with Android and Google. Phones where the carriers let you flash the OS are the exceptions, not the rule.
8. Re:Priorities by thegarbz · 2015-10-21 21:57 · Score: 1
  
  As it stands right now, a large percentage of the Android population is running insecure software which, in some cases, is remotely exploitable without user intervention, with no way to mitigate the risk.
  I'd like you to cite which of the vulnerabilities actually have a real world value in being exploited. I mean there's been plenty that have come out in the past few years but they all fall into the category of:
  1. So old that they don't affect common versions of Android in use.
  2. Work on some very device specific edge case only that is completely mitigated by other security features of the devices (stagefright)
  3. Require physical access to the device.
  4. Require the user's consent. (the single most common form of android vulnerability is the idiot pushing the buttons)
  5. Require the user to do some strange uncommon thing (like the bypass on the lock screen that crashes the camera app).
  So please tell me what I should be scared about.
9. Re:Priorities by tepples · 2015-10-22 00:05 · Score: 1
  
  So old that they don't affect common versions of Android in use.
  You'd be surprised how many 2.2 and 2.3 devices are still in use because Google refused to make Android updates that fit in older devices' smaller RAM.
10. Re:Priorities by thegarbz · 2015-10-22 03:46 · Score: 1
  
  I don't need to be surprised. It's 4%. These figures are published by Google. Also I'm not surprised. If this were a virus we're talking about we could claim herd immunity. If it were a targeted attack it would fail unless you're really REALLY good at picking a target demographic where you're likely to hit one of those phones, and if you look hard enough you may find these are not the kind of high-tech people who link their personal lives with their devices or have loads of international premium SMS time on their contract. Which is probably why I've yet to hear of a widely exploited vulnerability.
  It's just so much easier to publish a nefarious app in an app store. Why put the effort in with targeting vulnerable phones when for no effort you can have a much greater success rate?
11. Re:Priorities by macs4all · 2015-10-22 06:13 · Score: 1
  
  If I understand correctly, Google has a set of conditions that manufacturers must meet to be able to ship Google apps with their phone. One of the conditions that Google should be forcing RIGHT NOW is that manufacturers (and carriers) must provide a mechanism to allow updating the operating system (or to replace it entirely).
  This.
  
  I have been saying this same thing for years now, everytime some Fandroid makes an excuse that it isn't Google's fault that Android phones never (for nearly all values of "never") get Security Updates.
  
  Google certainly has enough clout with the OEMs and Carriers to enforce more reasonable Update policies; but they just. Don't.
  
  Why?
  
  Because ultimately, they simply don't give a shit.
12. Re:Priorities by macs4all · 2015-10-22 06:54 · Score: 1
  
  firstly, it's debateable whether android is less secure than ios. ios has had many many times as many CVEs over the years than Android has had.
  Your criticism of Android and Google has little to do with Android and Google. Phones where the carriers let you flash the OS are the exceptions, not the rule.
  And yet, curiously, none have them have actually been exploited as far as I know.
  
  Yes, I am sure the NSA watches the CVE postings very carefully (most of them are probably old news to them anyway), but the NSA isn't every stupid local LE. Their methods are simply nothing compared with what the NSA can do.
  
  OTOH, most of us are like the buzzing of flies to the NSA. Not saying what they do is right (because it isn't); but generally, they really do have bigger fish to fry.
13. Re:Priorities by ancientt · 2015-10-23 01:47 · Score: 1
  
  It's surprising how effective trolls like this are. I present a logical perspective with supporting information and they reply "nah" with no support for their stated stance. It shouldn't bother me, but somehow it still does manage to irk me slightly.
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
So basically, if I'm a government... by tlambert · 2015-10-21 06:40 · Score: 0, Troll

So basically, if I'm a government... all I have to do is deny you regulatory certification because "you have too much RAM" or because "your encryption runs too fast", and the you, the phone vendor, get to walk the regulatory and Android licensing tightrope of breaking either the RAM or the encryption library to get your certification.
Check.
Who holds the keys by shuz · 2015-10-21 06:42 · Score: 2

Encryption is great! It keeps data private. However only private to those who hold the keys to the encryption. What is preventing Google from creating a master key that would allow them or a government to decrypt the data. Without such a backdoor mechanism are there some countries where Google would not be allowed to deploy the newest OS? I will be curious about the legal ramifications and privacy notice connected to this next update. What legal recourse would consumers have if it were found out later that Google did in fact create a backdoor. In the US, for instance, would the patriot act absolve Google of any class action even if they did not disclose facts to the consumer?

--
There is or can be built a machine that can simulate any physical object. -Church-Turing principle
Makes no sense by aaaaaaargh! · 2015-10-21 06:52 · Score: 1

I know this is an unpopular opinion but most people don't need to encrypt their phone because they have no sensitive data on it. There is always a trade-off between encryption and data integrity, and the latter is way more important for most ordinary use cases. Good voluntary encryption is nice and important for business, but mandatory encryption ... why?
1. Re:Makes no sense by 0123456 · 2015-10-21 07:07 · Score: 1
  
  I know this is an unpopular opinion but most people don't need to encrypt their phone because they have no sensitive data on it.
  Ha-ha-ha. Ha-ha-ha-ha-ha. Ha-ha-ha-ha-ha-ha-ha-ha-ha.
  You don't think that your bank app on your phone, and your email app for the email address the bank account is registered to, might be considered 'sensitive'?
  (And, no, I don't do that, because I'm not dumb enough to let anyone who steals my phone take over my bank account)
2. Re:Makes no sense by spire3661 · 2015-10-21 07:09 · Score: 2
  
  EVERY mobile computer has sensitive data on it. IM not talking about your blog... It has locations, logs of keystrokes, visited web pages on and on. All that data is INCREDIBLY PRIVATE. You lack imagination.
  
  --
  Good-bye
3. Re:Makes no sense by Primate+Pete · 2015-10-21 07:10 · Score: 3, Insightful
  
  I think your assumption about lack of sensitive data is incorrect.
  
  Virtually all android phones have a Google account password that should be protected. Many (probably most) phones have other passwords, personal data, financial data, credit cards, and other information that needs to be protected. Really, the idea that all phones need to be encrypted to prevent loss of data in case of phone theft or similar event makes sense as a default assumption. It may not protect you against the various governments, but it will help protect you against common criminals.
4. Re:Makes no sense by WaffleMonster · 2015-10-21 07:24 · Score: 1
  
  I know this is an unpopular opinion but most people don't need to encrypt their phone because they have no sensitive data on it. There is always a trade-off between encryption and data integrity, and the latter is way more important for most ordinary use cases. Good voluntary encryption is nice and important for business, but mandatory encryption ... why?
  From section 9.9
  https://static.googleuserconte...
  It appears to be required to be enabled by default yet nothing seems to prevent users from disabling it.
5. Re:Makes no sense by Anonymous Coward · 2015-10-21 07:36 · Score: 0
  
  Full disk encryption does ABSOLUTELY NOTHING to protect that data. You're a sucker. It's only a marketing tool. Nothing more. Google is doing it as a me too after Apple did it. It doesn't protect anything on the phone from a compromised OS, only from LEOs that don't use the $5 hammer approach.
6. Re:Makes no sense by 0123456 · 2015-10-21 07:55 · Score: 1
  
  Full disk encryption does ABSOLUTELY NOTHING to protect that data.
  OK, you steal my phone. It's encrypted, and has a secure password.
  How are you planning to get my data?
  Remember, the encryption does ABSOLUTELY NOTHING to protect the data, so you won't have any trouble, right?
7. Re:Makes no sense by Overzeetop · 2015-10-21 08:09 · Score: 1, Flamebait
  
  Cut off one of your child's fingers every hour until you unlock it.
  How hard was that?
  
  --
  Is it just my observation, or are there way too many stupid people in the world?
8. Re:Makes no sense by CastrTroy · 2015-10-21 08:32 · Score: 2
  
  What would really be protecting the phone would be the secure password. Most people who found/stole a phone would not have a single clue about how to go about getting the data off a phone if it presented them with a password screen. Even some moderately technically people wouldn't really know where to start.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
9. Re:Makes no sense by Anonymous Coward · 2015-10-21 09:08 · Score: 0
  
  I have a Windows Phone, not bank app!
10. Re:Makes no sense by BronsCon · 2015-10-21 09:11 · Score: 1
  
  Well if it's my bank account you're after, you'd be better off cutting off one of my kid's fingers every hour until I hand over the account numbers and/or contents rendering my phone's encryption irrelevant either way. However, if you're a nonviolent offender, by far the most common class of criminal, that encryption certainly stops you dead in your tracks.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
11. Re:Makes no sense by Holi · 2015-10-21 09:18 · Score: 1
  
  I don't have any children, I don't have a significant other, try again.
  
  --
  Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
12. Re:Makes no sense by Anonymous Coward · 2015-10-21 09:18 · Score: 0
  
  Some even have private data on their keyboards!
13. Re: Makes no sense by Anonymous Coward · 2015-10-21 09:39 · Score: 0
  
  Hurt my child and zi'll give you all you ask for.
  And when I'm old and tired of it all I'll drive a truck full of explosives through the front wall of the office where you work instead of enduring a lingering old age.
  A man must protect his children. It is one of the more important things we are here for.
14. Re:Makes no sense by aaaaaaargh! · 2015-10-22 00:55 · Score: 1
  
  Apart from the fact that the author of an app can choose to encrypt data as he wishes, anyone who uses his phone for banking is just plain stupid and no amount of encryption will help that person.
15. Re:Makes no sense by aaaaaaargh! · 2015-10-22 00:58 · Score: 1
  
  It goes without saying that apps that deal with sensitive data must encrypt it before writing it to disk. The authors of such apps should even be legally required to do so. But that has nothing to do with full disk encryption, which in most use cases is simply not needed and counter-productive (higher resource usage, lower data integrity).
16. Re:Makes no sense by Overzeetop · 2015-10-22 11:38 · Score: 1
  
  There are all sorts of ways to cause pain without permanent physical damage. You could be there for quite a long, long time.
  Of course, that requires walking a finer line, as we don't want you to *actually* forget your password. We might just torture innocent people and make you watch. That's not as good as your own flesh and blood, but it truly takes a heartless human being to watch someone suffer, let them beg you personally for relief, and then watch them suffer again.
  It's, admittedly, quite an outside case. But then again, you're worrying about someone actually using the data in your phone against you for some reason that has greater value than someone else's life. We're already talking strawmen here.
  
  --
  Is it just my observation, or are there way too many stupid people in the world?
Good point... by sirwired · 2015-10-21 07:04 · Score: 2

Full encryption does nobody any good if the OS, as deployed, is so full of holes that the encryption isn't much of an impediment to gaining full access to everything on the device.
I'm pretty sure that neither Android nor iOS is a true bar to getting at what's on your phone (iOS almost certainly has plenty of exploitable bugs your tax dollars have discovered or paid for information on), though it might not be information that's going to be admissible in a trial.
1. Re:Good point... by 0123456 · 2015-10-21 07:10 · Score: 0
  
  Full encryption does nobody any good if the OS, as deployed, is so full of holes that the encryption isn't much of an impediment to gaining full access to everything on the device.
  Sure, you could start the browser and go to www.hackmyphone.com to install malware that would take over the phone you stole.
  But how do you do that if the phone is encrypted, and you don't know the password?
  Any mobile device should be encrypted by default, because it's the one you're likely to lose, or have stolen.
this is possible if Apple and Google are lying by raymorris · 2015-10-21 07:04 · Score: 2

This is technically possible IF Apple and Google are lying about how the symmetric key itself is generated and stored.
The passcode is used to secure the "real" key, which is used for data encryption. This symmetric key is supposedly not predictable or retrievable. However, it could in fact be the output of crypt('$1$hfgfydhjd$', imei + masterkey)
That would allow anyone who knows the imei and master key to derive the symmetric key.
1. Re:this is possible if Apple and Google are lying by swillden · 2015-10-21 08:34 · Score: 1
  
  This is technically possible IF Apple and Google are lying about how the symmetric key itself is generated and stored.
  The passcode is used to secure the "real" key, which is used for data encryption. This symmetric key is supposedly not predictable or retrievable. However, it could in fact be the output of crypt('$1$hfgfydhjd$', imei + masterkey)
  That would allow anyone who knows the imei and master key to derive the symmetric key.
  For Android, the code you're wondering about is all open source. Go take a look: https://android.googlesource.c...
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
2. Re:this is possible if Apple and Google are lying by D.McG. · 2015-10-21 08:47 · Score: 1
  
  https://www.apple.com/business...
  According to Apple, one of the many keys in the chain is unique to each device, imprinted into the silicon when the chip is fabricated, and not exposed on any pins of the chip. This doc is a great read, and even goes into how each file is encrypted with a different key.
About that boot encryption... by cloud.pt · 2015-10-21 07:20 · Score: 5, Interesting

So, if I get this right, Google just made boot-level customization useless, because verified boot will pretty much prevent CWM, TWRP, unlocking the bootloader etc. There goes also easy rooting, easy custom ROMs (CyanogenMod), easy backups, MultiROM, fastboot de-bricking for the semi-knowledgeable, sideloading, custom flashing............. Right? RIGHT?
1. Re: About that boot encryption... by Anonymous Coward · 2015-10-21 10:15 · Score: 0
  
  It's already been headed that way. There are several major carriers around the world that have been asking Samsung, LG, to lock down the devices at manufacturing, and they've only been too happy to comply. There are fewer devices being sold that you can put CWM or CyanogenMOD on now than there was even two years ago.
2. Re:About that boot encryption... by rduke15 · 2015-10-21 10:23 · Score: 1
  
  Mod parent up! That is exactly what I fear. The motive is not to protect the user from some government which couldn't care less about what's on my phone, but to prevent me from rooting my own device and get rid of all the crap I don't want on my phone.
3. Re:About that boot encryption... by Linnerd · 2015-10-21 18:38 · Score: 1
  
  Mod parent up! This looks to me like Google is trying to lock out the competition under the guise of offering improved privacy for the customer.
Tsk tsk tsk by Dutchmaan · 2015-10-21 07:46 · Score: 1

"The move is likely to draw criticism from law enforcement officials in the U.S. who have argued over the past year that the increasing use of encryption on devices and online communications affects their ability to investigate crimes."
...the move is also more likely to hinder U.S. law enforcement from ABUSING their power... so you'll forgive me if I'm a little salty in saying...
" You kinda brought this on yourselves. "
Read the subject, or what you quoted by raymorris · 2015-10-21 13:53 · Score: 1

They have published some code which they say is used to generate the initial master key. They are probably telling the truth, but there's no way to know - they master key looks like random bits.
1. Re:Read the subject, or what you quoted by swillden · 2015-10-21 17:32 · Score: 1
  
  They have published some code which they say is used to generate the initial master key. They are probably telling the truth, but there's no way to know - they master key looks like random bits.
  Actually, I wrote chunks of that code, and work with the guys who wrote the rest, so I know *exactly* how the key is generated. The master key is generated on line 1497, by reading 32 bytes from /dev/urandom. If you'd like, you can also go verify that the Android random number generator is the standard Linux RNG, unmodified (I have, but don't trust me). Then you can verify that the RNG is fed the normal stuff... network packets, user input data, etc. On devices that have one (most, these days), it's also fed by the CPU's hardware random number generator. We're careful not to trust the hardware too much, though.
  Of course, as with any software delivered in binary form, it's always possible that the binary wasn't actually built from the provided source. For that matter, excepting Nexus devices, even Google can't know for sure that the OEMs didn't modify the code before building it. However, you can compile the source yourself and then compare the resulting binaries with the shipped binaries... it's not that hard, and it's been done. Or if you want to work a little harder, you can take the shipped binaries and decompile them to compare with the source.
  Verification isn't trivial, but it has been done, and I'm sure you'll note the distinct lack of security conference talks on the differences between the source and shipped binaries. That's because there's no interesting story there.
  Or if you only care about protecting yourself, you can simply buy an unlockable phone and compile the binaries yourself. To be really certain, I recommend that you modify the source so that rather than generating a random master key on-device you hard-code one that you generated elsewhere (perhaps by rolling dice). Then, after you've got that key installed in the crypto footer, you can swap out the binary for one that won't generate a new key (and doesn't contain your hand-rolled key). Oh, and you should probably not install radio firmware. That makes the "phone" significantly less useful, but the radio firmware is a big binary blob with deep access in the system. In Lollipop and Marshmallow it's fairly strongly walled off with SELinux, but while that's useful, it's not a guarantee.
  Please note the existing vulnerabilities in the encryption process, though. Conveniently enough, I wrote about them just this morning: http://slashdot.org/comments.p.... The upshot is that if you want security you should use a good password, otherwise no matter how nicely random the master key is, your password could still be brute forced.
  Also note that a sufficiently-capable attacker (like a nation state's intelligence agencies) can still get through all of it, unless your password is really, really long. If the NSA is your adversary, I recommend using a password with at least 70 bits of entropy, and keeping your phone turned off most of the time. I also recommend not knowing your password, to defeat rubber-hose cryptanalysis.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Xbox One by tepples · 2015-10-22 00:02 · Score: 1

for all the evil they do, Microsoft gives you unrestricted access to the Operating System (recent host file shenanigans notwithstanding)
As of Windows 10, you need to buy and renew an EV code signing certificate in order to run any drivers that you have built. This is cost prohibitive for many individual hardware hackers.

I've never seen a x86 PC that doesn't allow you to wipe Windows and install something else
Xbox was this way, at least until mods were figured out. So is Xbox One. So is PlayStation 4, though it comes with a FreeBSD-based operating system called Orbis OS instead of Windows.
Another issue is drivers. A PC maker can ship Windows on its PCs and refuse to ship drivers for other operating systems, as ASUS does with its current EeeBook and Transformer Book laptops.
Quotation by Anonymous Coward · 2015-10-22 00:58 · Score: 0

That one does not mean what you think it does. "Protest" meant promise, specifically the protestations of eternal love and faithfulness of the queen to her husband. I know the bar for literacy isn't very high around here, but still.
1. Re:Quotation by hawguy · 2015-10-22 03:29 · Score: 1
  
  That one does not mean what you think it does. "Protest" meant promise, specifically the protestations of eternal love and faithfulness of the queen to her husband. I know the bar for literacy isn't very high around here, but still.
  I don't see how I used it incorrectly:
  https://en.wikipedia.org/wiki/...
  
  "The lady doth protest too much, methinks" is a quotation from the 1599/ 1600 play Hamlet by William Shakespeare. It has been used as a figure of speech, in various phrasings, to indicate that a person's overly frequent or vehement attempts to convince others of something have ironically helped to convince others that the opposite is true, by making the person look insincere and defensive.
  In rhetorical terms, the phrase can be thought of as indicating an unintentional apophasis—where the speaker who "protests too much" in favor of some assertion puts into others' minds the idea that the assertion is false, something that they may not have considered before.
  Regardless of whether the original Old English meaning of 'protest' is used or its more modern meaning, its still applies to a situation where someone is so effusive with their actions that it makes the actions seem insincere.
  Literacy is more than looking at the literal definition of each word.
In that case perhaps you can clarify. Keyed once by raymorris · 2015-10-22 02:22 · Score: 1

Thanks for taking the time to reply with such a reply response.
> Actually, I wrote chunks of that code, and work with the guys who wrote the rest, so I know *exactly* how the key is generated.
In that case perhaps you can clarify whether I'm misunderstanding or just didn't communicate clearly. My understanding is:
The symmetric AES key is generated ~once, then that key is encrypted based on the password or pattern.
By the time an end-user is using the device, the key has -already- been generated (or may have been).
Therefore the binary will not generate a new key, because it's already there in the footer.
Therefore even if the binary matches the source - it won't generate a key from /dev/urandom because the key is already there.
Therefore even if we knew that the binary matches the source, we don't know how the (pre-existing) key was generated.
In other words, everything about generating the key is conditional on there not already being a key. IF an OEM put a bad key in the footer, it would stay there.
On a somewhat different topic, it's nice to meet someone will similar interests. I don't really remember names on Slashdot, don't remember who said what. I don't know if you've noticed I post a lot on information security since that's what I've been doing for fifteen years. Feel free to shoot me a message sometime if you ever care to - if you're looking for a job in the Dallas, Houston, Denver, or Cardfiff areas, or if you have an open source project that could use an extra hand.
Re:In that case perhaps you can clarify. Keyed onc by swillden · 2015-10-22 03:02 · Score: 1

Thanks for taking the time to reply with such a reply response.
> Actually, I wrote chunks of that code, and work with the guys who wrote the rest, so I know *exactly* how the key is generated.
In that case perhaps you can clarify whether I'm misunderstanding or just didn't communicate clearly. My understanding is:
The symmetric AES key is generated ~once, then that key is encrypted based on the password or pattern.
It's generated once when the file system is first encrypted, yes.

By the time an end-user is using the device, the key has -already- been generated (or may have been).
May have been, but generally isn't. Usually the first time a device is booted is when the customer turns it on. Key generation and encryption happens at that point in time. This used to be a usability problem because dm-crypt didn't distinguish between in-use and unused blocks, which meant that when the user first turned on a device with on-by-default encryption, they immediately had to wait several minutes for the device to encrypt a whole bunch of empty space before they could use it. We fixed that so it only encrypts in-use blocks, and since there are very few of those on a new device, it's fast.
A related problem is the fact that the key is generated very early during first boot, when /dev/random's pool hasn't accumulated much entropy. So we do in fact end up leaning more heavily on the hardware RNG than I'd like.

Therefore the binary will not generate a new key, because it's already there in the footer.
Therefore even if the binary matches the source - it won't generate a key from /dev/urandom because the key is already there.
Therefore even if we knew that the binary matches the source, we don't know how the (pre-existing) key was generated.
In other words, everything about generating the key is conditional on there not already being a key. IF an OEM put a bad key in the footer, it would stay there.
I suppose, though I've never seen any evidence of OEMs shipping devices with keys in the footer at all.
If you want to fix this, though, there's a very easy way: Just factory-reset the device. That wipes all user data, including the crypto footer, so on next boot a new key will be generated. You can validate that this happened by looking at logcat.

On a somewhat different topic, it's nice to meet someone will similar interests. I don't really remember names on Slashdot, don't remember who said what. I don't know if you've noticed I post a lot on information security since that's what I've been doing for fifteen years.
I don't notice names so much, either. I post quite a bit on topics related to information security, and especially crypto. Though lately it seems like I post more corrections of erroneous assumptions/beliefs about Google than anything else. I should probably stop doing that.

Feel free to shoot me a message sometime if you ever care to - if you're looking for a job in the Dallas, Houston, Denver, or Cardfiff areas,
I'm quite happy at Google, but thanks.

or if you have an open source project that could use an extra hand.
Keyczar could use some assistance. https://github.com/google/keyc.... Theoretically I'm the lead maintainer, though I cringe to say that given how little time I put into it.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Good News From Google! by cloud.pt · 2015-10-29 06:50 · Score: 1

I just dug deeper into this issue and found some Google documentation stating it might not be as bad as I initially thought:

Note that if verification fails at any stage, the user must be visibly notified and always be given an option to continue using the device at their own discretion. (source: https://source.android.com/dev...)
So everything I expected could be rendered useless will actually still have a chance to run. *Exales in relief*