How Secure Is Android?

Toggle sidebar Toggle sidebar
S

Sajan Parikh

Active member
Jan 6, 2011
27
0
0
I've got a Samsung Galaxy SII Skyrocket (2.3.6) and was wondering how secure the device itself is.

I've set a password on it, but if I lose the phone...what are the chances of someone breaking into it before I get a chance to remotely wipe the device?

Say for example on a 4 character, all lowercase alpha password.
 
Depends on how easy to guess your password is. If you make it something obvious then I wouldn't get my hopes up that it'll stay secure.
 
A 4 digit pin only has 10,000 possible solutions. So yes it can eventually be cracked.

I just tested the pin unlock in Gingerbread (CM7) and it will "lock you out" after 5 attempts. The lockout is only 30 seconds, but it adds time to the equation.
 
Thanks for the replies.

I guess I should've been more clear. I'm not too worried about some random kid at a Taco Bell picking up my phone and trying passwords.

I was wondering about someone actually cracking/hacking the phone. Or perhaps law enforcement access, and things like that.
 
Sajan Parikh said:
Thanks for the replies.

I guess I should've been more clear. I'm not too worried about some random kid at a Taco Bell picking up my phone and trying passwords.

I was wondering about someone actually cracking/hacking the phone. Or perhaps law enforcement access, and things like that.
Click to expand...

I'm almost positive that it's impossible to hack a phone, they're not like computers. But I guess anything's possible these days.
 
Android is inherently secure by design. Some tips are

1) Encrypt the phone AND sd card if your version supports it (Prevents nandroid backups from being read)
2) Turn off USB Debugging when not needed
3) Use strong passwords rather then PINS
4) BARK Twice
5) Read and Understand all app permissions
 
Cellmeister said:
Nothing is or will be 100% secure on any platform...


But Read This:

"LOL! FBI Can't Unlock Pimps Android Phone, Serves Warrant To Google! by Eric McBride on Mar 14, 2012 10:25:59 PM"

LOL! FBI Can't Unlock Pimps Android Phone, Serves Warrant To Google! - AndroidPIT

"FBI Asks Google to Unlock Android Phone " from "mashable"

http://mashable.com/2012/03/16/fbi-android-phone/

Use all your security features of your phone!

:D
Click to expand...

That's awesome! Been a long time since I used pattern lock. Remember getting really messed up one night and changed it. Took me a little bit to get it right, but was never locked out. Seems to me that anyone could figure it out, let alone the FBI.

Pimps up, feds down I guess, LOL.

Sent from my PC36100 using Android Central Forums
 
xlDeMoNiClx said:
I'm almost positive that it's impossible to hack a phone, they're not like computers. But I guess anything's possible these days.
Click to expand...

I don't know about "hack" but it is totally possible for a phone to be compromised if there is a bad app that you don't pay attention to. That along with rooting your phone could present some serious problems.
 
EvilMonkey said:
That's only if you set up a 4 digit numeric password. He was asking about alphanumeric (letters and numbers), which significantly increase the number of combinations:

Sticking with only lower case letters (26) + numbers (0-9) = 36 ^ 4 = 1,679,616 possible combinations
Including upper and lower case increases that to 64 ^ 4 = 14,776,336 combinations.

So I would say a 4 digit alphanumeric password (even if you stick with all lower case letters) is relatively secure and should buy you quite a bit of time, especially if there's a 30 second lockout after 5 failed attempts, since even if they have some kind of automatic program that will quickly try 5 combinations then wait 30 seconds, it's still going to slow them down a LOT to get through 1.6+ million combinations (or more accurately, however many combinations they have to try before they hit the correct one)

If you want more security then that, use upper and lower case, or set up your password with 6 or 8 or 10 characters (which makes it more of a pain to unlock the phone of course)
Click to expand...

Check your numbers again. Upper+lower+0-9=52, not 64. The odds are against a brute force attack. Not near impossible tho.

Sent from my PC36100 using Android Central Forums
 
Right, I knew it was off. Shouldn't have mentioned it.

Sent from my PC36100 using Android Central Forums
 
Phone password security is nonexistent if there isn't any sort of auto-wipe feature baked into the system (like on BlackBerry devices if you enter the password wrong 10 times, it wipes everything), and even then a clever person can get around the auto-wipe.

Password security these days requires what's called a "work factor" in the algorithm to secure the data. This means that a series of computations are conducted in order to even test the password. A work factor equivalent to one second of processing on your desktop computer is generally enough to stop a would-be attacker dead in his tracks even if he rented a supercomputer for a day (this is assuming you have a "secure password," which I'm assuming everyone here knows what that entails). The problem with phones and other mobile devices is that their processors are so wimpy that they can't handle any sort of worthwhile work factor. It might as well not exist at all, which is almost as bad as brute-forcing a password that's protected by nothing more than a simple hash algorithm.


All of this is to say that a "secure password" will not stop a clever person from getting into your phone. Your phone is simply incapable of it.



As a side note, I use a 5-second work factor on my desktop to store some encrypted files. I once tried accessing them from my phone and it took the phone about 15 minutes to finish the calculations. It was hilarious but it's also what made me realize that phones are far, far, too weak to prevent a brute-force.
 
You must log in or register to reply here.

Similar threads

Bootl00p
Is data by default encrypted on Android 14? Is my account safe?
Replies
5
Views
1K
Android 14
mustang7757
mustang7757
S
Android phone is being hacked.
Replies
3
Views
1K
General Help and How To
Mooncatt
Mooncatt
AC News
News Find My Device: What it is and how to use it to find your Android phone
Replies
0
Views
1K
Android Central News Discussion
AC News
AC News
T
Persistent Authentication Issues on Android Devices Across Different Routers
Replies
2
Views
2K
General Help and How To
tommysee
T
E
Secure folder and notifications being sent to it! Advice please
Replies
5
Views
3K
Samsung Galaxy S20 & S20+ & S20 Ultra
mustang7757
mustang7757

Latest posts

Trending Posts

Members online

Total: 6,040 (members: 10, guests: 6,030)

Forum statistics

Threads
955,958
Messages
6,966,221
Members
3,163,442
Latest member
Barry Desborough

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom