Results 1 to 15 of 15
  1. Thread Author  Thread Author    #1  

    Default How Secure Is Android?

    I've got a Samsung Galaxy SII Skyrocket (2.3.6) and was wondering how secure the device itself is.

    I've set a password on it, but if I lose the phone...what are the chances of someone breaking into it before I get a chance to remotely wipe the device?

    Say for example on a 4 character, all lowercase alpha password.
  2. #2  

    Default Re: How Secure Is Android?

    Depends on how easy to guess your password is. If you make it something obvious then I wouldn't get my hopes up that it'll stay secure.
  3. #3  
    PvilleComp's Avatar

    Posts
    4,261 Posts
    Global Posts
    4,265 Global Posts
    ROM
    CM-7

    Default Re: How Secure Is Android?

    A 4 digit pin only has 10,000 possible solutions. So yes it can eventually be cracked.

    I just tested the pin unlock in Gingerbread (CM7) and it will "lock you out" after 5 attempts. The lockout is only 30 seconds, but it adds time to the equation.
    Some say that his dormant chips were left that way for YOUR SAFETY... Others say that once "turned on," he can not be turned off... All we know is... He's called The Stig.
  4. #4  

    Default Re: How Secure Is Android?

    Quote Originally Posted by PvilleComp View Post
    A 4 digit pin only has 10,000 possible solutions. So yes it can eventually be cracked.
    That's only if you set up a 4 digit numeric password. He was asking about alphanumeric (letters and numbers), which significantly increase the number of combinations:

    Sticking with only lower case letters (26) + numbers (0-9) = 36 ^ 4 = 1,679,616 possible combinations
    Including upper and lower case increases that to 64 ^ 4 = 14,776,336 combinations.

    So I would say a 4 digit alphanumeric password (even if you stick with all lower case letters) is relatively secure and should buy you quite a bit of time, especially if there's a 30 second lockout after 5 failed attempts, since even if they have some kind of automatic program that will quickly try 5 combinations then wait 30 seconds, it's still going to slow them down a LOT to get through 1.6+ million combinations (or more accurately, however many combinations they have to try before they hit the correct one)

    If you want more security then that, use upper and lower case, or set up your password with 6 or 8 or 10 characters (which makes it more of a pain to unlock the phone of course)
    Last edited by EvilMonkey; 05-23-2012 at 02:04 PM.
  5. Thread Author  Thread Author    #5  

    Default Re: How Secure Is Android?

    Thanks for the replies.

    I guess I should've been more clear. I'm not too worried about some random kid at a Taco Bell picking up my phone and trying passwords.

    I was wondering about someone actually cracking/hacking the phone. Or perhaps law enforcement access, and things like that.
  6. #6  

    Default Re: How Secure Is Android?

    Quote Originally Posted by Sajan Parikh View Post
    Thanks for the replies.

    I guess I should've been more clear. I'm not too worried about some random kid at a Taco Bell picking up my phone and trying passwords.

    I was wondering about someone actually cracking/hacking the phone. Or perhaps law enforcement access, and things like that.
    I'm almost positive that it's impossible to hack a phone, they're not like computers. But I guess anything's possible these days.
  7. #7  
    KMyers's Avatar

    Posts
    34 Posts
    Global Posts
    37 Global Posts
    ROM
    JB

    Default Re: How Secure Is Android?

    Android is inherently secure by design. Some tips are

    1) Encrypt the phone AND sd card if your version supports it (Prevents nandroid backups from being read)
    2) Turn off USB Debugging when not needed
    3) Use strong passwords rather then PINS
    4) BARK Twice
    5) Read and Understand all app permissions
  8. #8  

    Default Re: How Secure Is Android?

    Quote Originally Posted by Sajan Parikh View Post
    I was wondering about someone actually cracking/hacking the phone. Or perhaps law enforcement access, and things like that.
    Well, I guess it's as secure as you make it. I mean, if you have a removable SD card that's not encrypted, all someone has to do is take it out and put it in a card reader, right? So that's not very secure, so it won't matter how hard your password on the device is if you can just bypass it by taking out the SD card.

    I don't think you really have to worry about someone hacking the device itself. Follow KMyer's advice and you'll be fine, I would think.

    Don't get me wrong, if the FBI confiscates the phone, they probably have all sorts of ways to get the stuff (I'm guessing...but I watch a lot of movies that may not be entirely accurate)
  9. #9  

    Default Re: How Secure Is Android?

    Nothing is or will be 100% secure on any platform...


    But Read This:

    "LOL! FBI Can't Unlock Pimps Android Phone, Serves Warrant To Google! by Eric McBride on Mar 14, 2012 10:25:59 PM"



    "FBI Asks Google to Unlock Android Phone " from "mashable"



    Use all your security features of your phone!



    Tip: Never rush to download any APP "Updates", read the feedback for a few days so that you can see if other people are having issues with it and/or changes to permissions or other you may not want! Always use a Back Up APP!
    ----------------------------------------------------------------------------------------------------------------------------------------------
    Free DropBox! Back up to & Sync your Phone to your Computer Free! Always have your stuff when you need it with @ Dropbox . 2GB Plus account is Free! Plus earn up to 500 Mb's for each referral! Up to 32GB Free! http://db.tt/szmjeyX
  10. #10  
    Anthonicia's Avatar

    Posts
    189 Posts
    ROM
    tommytomato evo classic

    Default

    Quote Originally Posted by Cellmeister View Post
    Nothing is or will be 100% secure on any platform...


    But Read This:

    "LOL! FBI Can't Unlock Pimps Android Phone, Serves Warrant To Google! by Eric McBride on Mar 14, 2012 10:25:59 PM"



    "FBI Asks Google to Unlock Android Phone " from "mashable"



    Use all your security features of your phone!

    That's awesome! Been a long time since I used pattern lock. Remember getting really messed up one night and changed it. Took me a little bit to get it right, but was never locked out. Seems to me that anyone could figure it out, let alone the FBI.

    Pimps up, feds down I guess, LOL.

    Sent from my PC36100 using Android Central Forums
    Sailing the Amazon river with Jacques Cousteau looking for my EVO LTE.
  11. #11  

    Default Re: How Secure Is Android?

    Quote Originally Posted by xlDeMoNiClx View Post
    I'm almost positive that it's impossible to hack a phone, they're not like computers. But I guess anything's possible these days.
    I don't know about "hack" but it is totally possible for a phone to be compromised if there is a bad app that you don't pay attention to. That along with rooting your phone could present some serious problems.
  12. #12  
    Anthonicia's Avatar

    Posts
    189 Posts
    ROM
    tommytomato evo classic

    Default

    Quote Originally Posted by EvilMonkey View Post
    That's only if you set up a 4 digit numeric password. He was asking about alphanumeric (letters and numbers), which significantly increase the number of combinations:

    Sticking with only lower case letters (26) + numbers (0-9) = 36 ^ 4 = 1,679,616 possible combinations
    Including upper and lower case increases that to 64 ^ 4 = 14,776,336 combinations.

    So I would say a 4 digit alphanumeric password (even if you stick with all lower case letters) is relatively secure and should buy you quite a bit of time, especially if there's a 30 second lockout after 5 failed attempts, since even if they have some kind of automatic program that will quickly try 5 combinations then wait 30 seconds, it's still going to slow them down a LOT to get through 1.6+ million combinations (or more accurately, however many combinations they have to try before they hit the correct one)

    If you want more security then that, use upper and lower case, or set up your password with 6 or 8 or 10 characters (which makes it more of a pain to unlock the phone of course)
    Check your numbers again. Upper+lower+0-9=52, not 64. The odds are against a brute force attack. Not near impossible tho.

    Sent from my PC36100 using Android Central Forums
    Sailing the Amazon river with Jacques Cousteau looking for my EVO LTE.
  13. #13  

    Default Re: How Secure Is Android?

    Quote Originally Posted by Anthonicia View Post
    Check your numbers again. Upper+lower+0-9=52, not 64. The odds are against a brute force attack. Not near impossible tho.
    Actually it's 62 (not 64 or 52). But I just made a typo and the number of combinations (14,776,336) is still correct.
  14. #14  
    Anthonicia's Avatar

    Posts
    189 Posts
    ROM
    tommytomato evo classic

    Default

    Right, I knew it was off. Shouldn't have mentioned it.

    Sent from my PC36100 using Android Central Forums
    Sailing the Amazon river with Jacques Cousteau looking for my EVO LTE.
  15. #15  

    Default Re: How Secure Is Android?

    Phone password security is nonexistent if there isn't any sort of auto-wipe feature baked into the system (like on BlackBerry devices if you enter the password wrong 10 times, it wipes everything), and even then a clever person can get around the auto-wipe.

    Password security these days requires what's called a "work factor" in the algorithm to secure the data. This means that a series of computations are conducted in order to even test the password. A work factor equivalent to one second of processing on your desktop computer is generally enough to stop a would-be attacker dead in his tracks even if he rented a supercomputer for a day (this is assuming you have a "secure password," which I'm assuming everyone here knows what that entails). The problem with phones and other mobile devices is that their processors are so wimpy that they can't handle any sort of worthwhile work factor. It might as well not exist at all, which is almost as bad as brute-forcing a password that's protected by nothing more than a simple hash algorithm.


    All of this is to say that a "secure password" will not stop a clever person from getting into your phone. Your phone is simply incapable of it.



    As a side note, I use a 5-second work factor on my desktop to store some encrypted files. I once tried accessing them from my phone and it took the phone about 15 minutes to finish the calculations. It was hilarious but it's also what made me realize that phones are far, far, too weak to prevent a brute-force.

Posting Permissions

B