Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Makes Full-Disk Encryption Mandatory For Some Android 6.0 Devices (itworld.com)

Posted by samzenpus on from the raise-shields dept.

itwbennett writes: Google's plan to encrypt user data on Android devices by default will get a new push with Android 6.0, also known as Marshmallow. Devices with enough memory and decent cryptographic performance will need to have full-disk encryption enabled in order to be declared compatible with the latest version of the mobile OS. From the ITWorld article: "The move is likely to draw criticism from law enforcement officials in the U.S. who have argued over the past year that the increasing use of encryption on devices and online communications affects their ability to investigate crimes. In addition to encryption, Google also mandates verified boot for devices with AES performance over 50MB/s. This is a feature that verifies the integrity and authenticity of the software loaded at different stages during the device boot sequence and protects against boot-level attacks that could undermine the encryption."

5 of 150 comments (clear)

  1. Link doesn't mention encryption at all by gweilo8888 · · Score: 1, Informative

    Does anybody even proofread these summaries? What, precisely, is the point of a link from the words "need to have full-disk encryption enabled" to a page that doesn't mention the word encryption even a single time?

  2. Re: Verified boot by who? by Anonymous Coward · · Score: 1, Informative

    Android's full disk encryption is just an adaptation of dm-crypt. All the source code is in AOSP and the Linux kernel.

    Yes, the radio firmware has privileged access and is closed. But that is true for ANY cell phone. If you're concerned about that, then don't use a cell phone, because malicious firmware can potentially pull anything else out of memory if it wanted.

    To call this anything but an improvement is extremely short sighted. Take off your tinfoil hat, please.

  3. Re:Verified boot by who? by behrooz0az · · Score: 4, Informative

    Keys are generated on the fly, Go read the source code for fucks sakes. It's there.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
  4. Re:Verified boot by who? by BronsCon · · Score: 4, Informative

    The actual OS portion of it is, actually. It is the Google apps and framework (e.g. non-AOSP) and hardware-specific drivers (e.g. not part of Android) that are not open source. Test this by fetching a system image for your phone (assuming a Nexus device, where Google is actually the one releasing the binaries; there is no guarantee that a different OEM doesn't change things, in fact that is quite common.. so, again, a Nexus device), extract the /system partition, and replace the binaries with your own versions compiled from source (same version of Android, of course, so drivers and the Google bits still work), roll that back into the image, and flash it.

    10 to 1 it'll boot and work just fine. If you weren't an AC I'd put money on it.

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  5. Re: Sigh by bill_mcgonigle · · Score: 3, Informative

    And now (finally) in 6.0 it'll be hardware-accelerated. So it'll be usable and not panned like the Nexus 6.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)