Google Makes Full-Disk Encryption Mandatory For Some Android 6.0 Devices

itwbennett writes: Google's plan to encrypt user data on Android devices by default will get a new push with Android 6.0, also known as Marshmallow. Devices with enough memory and decent cryptographic performance will need to have full-disk encryption enabled in order to be declared compatible with the latest version of the mobile OS. From the ITWorld article: "The move is likely to draw criticism from law enforcement officials in the U.S. who have argued over the past year that the increasing use of encryption on devices and online communications affects their ability to investigate crimes. In addition to encryption, Google also mandates verified boot for devices with AES performance over 50MB/s. This is a feature that verifies the integrity and authenticity of the software loaded at different stages during the device boot sequence and protects against boot-level attacks that could undermine the encryption."

Sigh

[Trailer+Trash]

The terrorists and criminals have won :(

Re:Sigh

[UnknowingFool]

As per the post earlier today, Apple said it was "impossible" for them to access the files on a customer's iPhone if they had a newer phone. In essence, what Apple is saying is that if law enforcement brings them only the phone of a suspect, Apple cannot technically access the files on the phone without the help of the phone's owner. They did it using a number of processes including full data storage encryption. I suspect that it has been optional on Android since not all devices had the all the hardware pieces in place to secure the phone completely.

Re: Sigh

[bill_mcgonigle]

And now (finally) in 6.0 it'll be hardware-accelerated. So it'll be usable and not panned like the Nexus 6.

Re:Sigh

[UnknowingFool]

Um, it's not their data. It their customer's data. That's like saying you won't buy a Dell server if Dell can't break into your server.

Verified boot by who?

[erapert]

Google also mandates verified boot for devices with AES performance over 50MB/s.

Who verifies it?

Google verifies it (with NSA consent)?
Or is it completely, 100% open source such that I can compile my own boot loader and sign it with my own key and install it myself?

Anything else really just means that the NSA have a backdoor to your device that you cannot remove because your boot loader is locked against you.

Re: Verified boot by who?

[hawguy]

Android's full disk encryption is just an adaptation of dm-crypt. All the source code is in AOSP and the Linux kernel.

Yes, the radio firmware has privileged access and is closed. But that is true for ANY cell phone. If you're concerned about that, then don't use a cell phone, because malicious firmware can potentially pull anything else out of memory if it wanted.

To call this anything but an improvement is extremely short sighted. Take off your tinfoil hat, please.

Is there any way to audit whether the dm-crypt installed on your device matches the source code? Few people compile their own kernel, so it seems that it would be easy for Google or cellular carrier to slip a back door into the module.

Likewise, I wonder how secure Apple's encryption is -- their very public fight against the DoJ could just be a smokescreen to hide the fact that the government can trivially crack the phones, they just don't want anyone to know. Their fight against the DoJ brings this quote to mind: "The lady doth protest too much, methinks."

Re: Verified boot by who?

[0123456]

This is Slashdot. They issue you a tinfoil hat when you log in.

If you're not wearing a tinfoil hat, you haven't been reading the news for the last few years.

Re:Verified boot by who?

[behrooz0az]

Keys are generated on the fly, Go read the source code for fucks sakes. It's there.

Re:Verified boot by who?

[BronsCon]

The actual OS portion of it is, actually. It is the Google apps and framework (e.g. non-AOSP) and hardware-specific drivers (e.g. not part of Android) that are not open source. Test this by fetching a system image for your phone (assuming a Nexus device, where Google is actually the one releasing the binaries; there is no guarantee that a different OEM doesn't change things, in fact that is quite common.. so, again, a Nexus device), extract the /system partition, and replace the binaries with your own versions compiled from source (same version of Android, of course, so drivers and the Google bits still work), roll that back into the image, and flash it.

10 to 1 it'll boot and work just fine. If you weren't an AC I'd put money on it.

Honestly, this is good

[surfdaddy]

First Apple and now Google are pushing back on the US government, which is trying its hardest to spy on people. These companies are compelled to give up information, in secret, without warrants, due to PATRIOT Act and other government "intelligence". This has hurt business for Apple, Google, Microsoft, and others. It seems that they've decided that they are going to make it hard/impossible for the US government to steal their customers' data. Bravo to them.

Re:Honestly, this is good

[pla]

Bravo to them.

Make no mistake, they don't do this out of some love of privacy or benevolence toward their customers. Outside the US, the phrase "Made in America" has become synonymous with "pre-cracked by the NSA". Companies have no more noble goal with efforts like whole-device encryption than not watching their global sales drop to zero over the next few years.

Re:Honestly, this is good

[UnknowingFool]

I suspect also that Apple and Google don't want to be responsible any more for law enforcement duties. I can only imagine how many requests they get every week to break into someone's phone. Now they can legitimately say that they can't do it.

DRM

[ickleberry]

I'm gone a bit too cynical to think this is an altruistic effort by Google to protect De People from the government spying on them. Could it just be an attempt to make their DRM more robust?

Re:DRM

[gstoddart]

Possibly, but you can be cynical and not think this is altruistic ... they get the PR of saying "we're on your side" to consumers, as well as eventually saying "now piss off, we can't help you" to law enforcement.

It can benefit consumers AND be self-serving.

Re:Link doesn't mention encryption at all

[gstoddart]

Ummm ... what? If you mean the first link, "crypto" appears like 25 times.

So what, precisely, are you trying to say? Because the ENTIRE TFA is about encryption.

Priorities

Though this is a welcome move, Google has its priorities totally wrong.

As it stands right now, a large percentage of the Android population is running insecure software which, in some cases, is remotely exploitable without user intervention, with no way to mitigate the risk.

This is utterly embarrassing for Android if you think about it. Here we have a (mostly) open source stack that is MUCH LESS secure than its most significant opposition - Apple, which is closed source and absolutely restricted - but we can't do anything about the vulnerabilities because someone in the supply chain decided that it isn't cost-effective to provide something as simple as root access to the OS.

This is partly the manufacturer's and carrier's fault, but it is very much also Google's fault.

If I understand correctly, Google has a set of conditions that manufacturers must meet to be able to ship Google apps with their phone. One of the conditions that Google should be forcing RIGHT NOW is that manufacturers (and carriers) must provide a mechanism to allow updating the operating system (or to replace it entirely).

This shouldn't be a hard thing for Google to do. Heck, for all the evil they do, Microsoft gives you unrestricted access to the Operating System (recent host file shenanigans notwithstanding), and I've never seen a x86 PC that doesn't allow you to wipe Windows and install something else, despite the whole "secure boot" scare.

So, Google, good move, but get your priorities straightened out.

Who holds the keys

[shuz]

Encryption is great! It keeps data private. However only private to those who hold the keys to the encryption. What is preventing Google from creating a master key that would allow them or a government to decrypt the data. Without such a backdoor mechanism are there some countries where Google would not be allowed to deploy the newest OS? I will be curious about the legal ramifications and privacy notice connected to this next update. What legal recourse would consumers have if it were found out later that Google did in fact create a backdoor. In the US, for instance, would the patriot act absolve Google of any class action even if they did not disclose facts to the consumer?

Good point...

[sirwired]

Full encryption does nobody any good if the OS, as deployed, is so full of holes that the encryption isn't much of an impediment to gaining full access to everything on the device.

I'm pretty sure that neither Android nor iOS is a true bar to getting at what's on your phone (iOS almost certainly has plenty of exploitable bugs your tax dollars have discovered or paid for information on), though it might not be information that's going to be admissible in a trial.

this is possible if Apple and Google are lying

[raymorris]

This is technically possible IF Apple and Google are lying about how the symmetric key itself is generated and stored.

The passcode is used to secure the "real" key, which is used for data encryption. This symmetric key is supposedly not predictable or retrievable. However, it could in fact be the output of crypt('$1$hfgfydhjd$', imei + masterkey)

That would allow anyone who knows the imei and master key to derive the symmetric key.

Re:Makes no sense

[spire3661]

EVERY mobile computer has sensitive data on it. IM not talking about your blog... It has locations, logs of keystrokes, visited web pages on and on. All that data is INCREDIBLY PRIVATE. You lack imagination.

Re:Makes no sense

[Primate+Pete]

I think your assumption about lack of sensitive data is incorrect.

Virtually all android phones have a Google account password that should be protected. Many (probably most) phones have other passwords, personal data, financial data, credit cards, and other information that needs to be protected. Really, the idea that all phones need to be encrypted to prevent loss of data in case of phone theft or similar event makes sense as a default assumption. It may not protect you against the various governments, but it will help protect you against common criminals.

About that boot encryption...

[cloud.pt]

So, if I get this right, Google just made boot-level customization useless, because verified boot will pretty much prevent CWM, TWRP, unlocking the bootloader etc. There goes also easy rooting, easy custom ROMs (CyanogenMod), easy backups, MultiROM, fastboot de-bricking for the semi-knowledgeable, sideloading, custom flashing............. Right? RIGHT?

Re:Makes no sense

[CastrTroy]

What would really be protecting the phone would be the secure password. Most people who found/stole a phone would not have a single clue about how to go about getting the data off a phone if it presented them with a password screen. Even some moderately technically people wouldn't really know where to start.