6p and encryption

Toggle sidebar Toggle sidebar
zkSharks

zkSharks

Retired Moderator
Mar 15, 2011
2,013
75
0
Visit site
For anyone who wants a bit more information on the status of disk encryption and other features going forward...

Google updates its Android OEM requirements for use of doze, fingerprint sensors and more
Android Compatibility Definition: Android 6.0

From the ACD document:

9.9. Full-Disk Encryption

Optional for Android device implementations without a lock screen.

If the device implementation supports a secure lock screen reporting "true" for KeyguardManager.isDeviceSecure() [Resources, 131], and is not a device with restricted memory as reported through the ActivityManager.isLowRamDevice() method, then the device MUST support fulldisk encryption [Resources, 132] of the application private data (/data partition), as well as the application shared storage partition (/sdcard partition) if it is a permanent, non-removable part of the device.

For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience. If a device implementation is already launched on an earlier Android version with full-disk encryption disabled by default, such a device cannot meet the requirement through a system software update and thus MAY be exempted. Encryption MUST use AES with a key of 128-bits (or greater) and a mode designed for storage (for example, AES-XTS, AES-CBC-ESSIV). The encryption key MUST NOT be written to storage at any time without being encrypted. Other than when in active use, the encryption key SHOULD be AES encrypted with the lockscreen passcode stretched using a slow stretching algorithm (e.g. PBKDF2 or scrypt). If the user has not specified a lockscreen passcode or has disabled use of the passcode for encryption, the system SHOULD use a default passcode to wrap the encryption key. If the device provides a hardware-backed keystore, the password stretching algorithm MUST be cryptographically bound to that keystore. The encryption key MUST NOT be sent off the device (even when wrapped with the user passcode and/or hardware bound key). The upstream Android Open Source project provides a preferred implementation of this feature based on the Linux kernel feature dm-crypt.
Click to expand...

Theoretically at least, the Nexus devices reflect the "ideal" implementation of the Android Compatibility Definition.
 
J

jojoe42

Well-known member
Sep 14, 2015
204
0
0
Visit site
Slightly off topic, but given the storage is encrypted and the bootloader locked, does this mean if someone steals my phone with Activation Lock on, they can't boot into recovery and flash a ROM/access the phone? The encryption would deal with the data on the phone being inaccessible, but I found mixed info on Android phones still being flashable with the bootloader locked and Activation Lock on.
 
You must log in or register to reply here.

Similar threads

AC News
News Meta brings default end-to-end encryption, new features to Messenger
Replies
0
Views
1K
Android Central News Discussion
AC News
AC News
J
  • Question
Question Whatsapp restore issue.
Replies
2
Views
437
Ask a Question
JerryMak
J
H
No Backup To Restore
Replies
3
Views
834
Google Pixel 8 & Pixel 8 Pro
Kizzy Catwoman
Kizzy Catwoman
A
  • Question
Why is there a recent timestamp in the message of someone I haven't spoken to in over a year?
Replies
1
Views
341
Ask a Question
SpookDroid
SpookDroid
Aflaaaak
  • Locked
  • Question
Question Transfer everything from old Pixel 6P to replacement Pixel 6P
Replies
1
Views
208
Ask a Question
mustang7757
mustang7757

Latest posts

Members online

Total: 2,355 (members: 11, guests: 2,344)

Trending Posts

Forum statistics

Threads
943,150
Messages
6,917,531
Members
3,158,850
Latest member
kerokekerol

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom