How Android Encryption Works

Android Encryption

Did you ever write notes or messages that you wanted to keep a secret from adults or your kid brother?

The term encryption may sound mysterious or complicated, but you may have used it to write or decode messages as a kid.

Maybe you replaced certain symbols, words, or phrases with other words, symbols, or phrases. In order for your message to be decipherable to its recipient, you would need to share your code’s strategy with your friends.

You could compile a guide of what terms or characters were substituted (like a key), but if this fell into the wrong hands, your secret code was no longer a secret.

Computer algorithms can take that encoding process to whole new level. Additionally, cryptographers have found better ways to distribute the encryption key to only those that are supposed to have it.

The encryption that occurs within your Android is based upon many years of brilliant minds developing better techniques so that hackers can’t simply sit down and try to reassemble the data. Or at least that it would require too much time, efforts, and resources to be worthwhile. Encryption can be used to protect your data in transit (across a network) or while it is at rest (on your drive).


Why Would I Want to Encrypt My Android?

At this point, nearly all Androids carry the ability to encrypt the disk, but if you don’t use your phone for business, you may not feel that it’s necessary to encrypt your data. And encryption does require some processing power.

All data has to be encrypted before saving to the disk, and then all data is automatically decrypted before returning it to the calling process. This can slow down your Android a little, and it might be more noticeable if you have a slower phone, to begin with.

That’s why Google quietly reversed its decision to require full disk encryption on devices with Lollipop. Encryption has been shown (via benchmark testing) to penalize performance at least to some degree.

confidentialAnd who is dying to slow his or her Android’s speed?

Not me, that’s for sure.

As of Android 5.0, devices do utilize fast encryption, which increases boot speed by only encrypting the sections of the hard drive that have been used.

When you really think about it, you most likely really do have some valuable stuff on your phone. Do you have any contact information, photos, passwords, emails, text conversations, documents, or banking information?

If so, your lock screen (without encryption enabled) will only go so far to help protect these things. While you may feel that you have nothing to hide, you might still want some privacy.

Must Read: How to Disable Encryption on Nexus 6 to Enable Lightning-Fast Performance

So How Exactly Does This Work?

Security is absolutely more challenging in an open platform like Android’s. It can be difficult to keep the platform flexible yet protected. But Google does take measures to address this while simultaneously trying not to stifle creativity and freedom. It can be tricky, but there are some ways of doing it, and one of the best is encryption.

Android full disk encryption is based on dm-crypt, and takes place within the level of the hardware itself. After enablement, it requires no effort on the user’s part; data is automatically encrypted and decrypted as it is written and read. The encryption algorithm that is used is 128 Advanced Encryption Standard (AES) with cipher-block chaining (CBC) and ESSIV: SHA256.

This type of encryption process is adequate to handle top juicy government secrets and therefore can definitely handle your boring text conversation with your mom. Since the Android 5.0 release, your device creates a random 128-bit master key, hashes it with a default password and stored salt (an extra layer of defense accomplished by hashing a password or passphrase). There are 10 rounds of processing that use transposition, substitution, and mixing of the input plain text to create that 128-bit key.Password Security

AES uses symmetric encryption, meaning that the encryption and decryption processes use the same key. The key is the shared secret code between the two. Through this encryption, a would-be-hacker won’t be able to access the data on your phone without the decryption key, which you can access by entering the correct PIN, fingerprint, pattern, or password.

This can still leave the device susceptible to smudge problems (where a hacker can see the smudges left from entering the PIN or pattern on your phone) or brute force attacks (more unlikely due to a limited number of allowed attempts to enter the correct PIN, password, or pattern).

What Does It Protect?

Let’s assume that you have no encryption, but you do have a lock screen PIN or pattern. There are ways of bypassing the lockscreen PIN, and because the request for that PIN occurs only after your device has already booted, your data is actually unprotected and available at boot.

So if someone were to hook your phone up to a PC and use a program called ADB to delete the password file, or just use a custom recovery on certain phones, all of your data would be at risk. Add to that the inherent flaws of the lock screen. The fingertip oils that we discussed earlier can make the lock screen PIN or pattern highly visible, or the fact that there are ways of crashing the lock screen user interface. If encryption is enabled, the data is encrypted at boot.

Even if you erase your device and totally wipe the drive, data recovery software may still allow access to files. That’s because most wipes don’t really erase the physical data, so much as lose the path to retrieve the file or soData Securityme actually do write over it. Encrypting the data renders recovery useless. It will still appear as gibberish without the key.

This protection is very effective for the data stored on your disk, but just because you use or look at certain data on your phone doesn’t mean that it’s all committed to the hard drive. And even if it is, it may also be stored elsewhere in a server somewhere in the cloud.

Your Android cannot encrypt data on Facebook’s or Yahoo’s servers, nor is it reasonable to expect it to. Encryption is not a panacea for all security problems with every app or service you may use.

When it comes to the government or law enforcement requesting access to the contents of your device, Google won’t have the key. Android phones also don’t back up to the cloud until they are unlocked. There is, however, no guarantee that each phone’s manufacturer won’t introduce vulnerabilities, or that they won’t comply with an FBI request to change the code that boots your device.

Overall, security for your device is still the responsibility of the user, namely—you. You will still want to use passwords that are complex for each account. Know that you could be taking a risk when you connect to unsecured wireless networks. Be careful what apps you download. Read permissions. And where possible, take advantage of opportunities to use multiple steps or forms of authentication. There are some apps out there that can assist.

How to Encrypt Your Android

Although they were unable to enforce it on Lollipop, Google has taken a firmer stance on new devices with Marshmallow 6.0, making encrypted storage a requirement for phones that meet certain specifications. It’s still optional on devices that are upgraded to Marshmallow. A few devices have always been encrypted by default—Nexus 5X, 6, 6P, and 9. For these devices, you only need to choose a pattern, PIN, or password to be used after boot.

The encryption process can take an hour or more, so you might want to start out by plugging your phone in. If the phone doesn’t have 80% or greater battery life, let it charge for a while first. The actual length of time that encryption requires depends on how much data you have. If the process is interrupted, you could lose some or even all of your data, so perform a backup first. If you have a device running 4.4 or below, follow instructions specific to that version of Android.

When you’ve set aside that hour, go to your device’s Settings menu. On most devices, you will then need to tap on Security. Within Security, choose Encrypt Device, or on some devices, Screen Lock. If you haven’t yet set a PIN, pattern, or password, you will be prompted to do so soon.

You will need that password every time you start or reboot your device. If the device asks you to confirm that you want it to require the PIN, pattern, or password that you chose, say yes. It’s necessary for encryption to work as designed. To confirm that your device is now encrypted, revisit Settings.

Within Security, you should see a badge or other indication that your device is encrypted. Some devices also allow SD cards to be encrypted. If so, you will usually find this option amongst the system security settings. You can disable encryption only by performing a factory reset, which will wipe your data.

Is Encryption for You?

If you have sensitive and confidential information about other people on your phone, encryption might even be the ethical thing to do. If it is only your data, and you aren’t overly concerned about it, at the very least set up your lock screen. Encryption is better, but quite often someone who steals your phone won’t go to great lengths to access your data if they only want a free phone. There are people out there, however, who are up for and who like a manageable challenge—and that’s what a lock screen password, PIN, or pattern is—so choose carefully.

Hacker

Conclusion

If it isn’t already the case, sometime in the not-so-distant future, you will probably have an Android device that is encrypted by default. Honestly, you probably won’t notice the slight decrease in performance accompanying it. To ensure the best security when using a pattern or PIN, make a habit of wiping your screen or select a pattern that doubles back on itself if possible.

Currently, there is a stark contrast between the percentage of iPhones that are encrypted versus Androids. This is likely to change as more devices with 6.0 continue to roll out also with encryption enabled by default.

Do you think encryption is important? What security do you use on your Android? Has it been effective? Send us your thoughts on all of these topics.

Featured Image Credit

 

Leave a Reply

Your email address will not be published. Required fields are marked *