New System of Encryption of User Data in Android 5.0
Want to learn more about the latest additions to encryption technology on Android devices? Click here to learn more about Android 5.0 and user data.
Join the DZone community and get the full member experience.Join For Free
The latest versions of the mobile OS from Apple and Google will encrypt user data in a way that excludes access to these data from the companies themselves — developers of operating systems. Let's try to figure out what this means.
Encrypting Files "Out of the Box"
Law enforcement agencies are not very happy with this news. The rules of the games are changing. Now, even the presence of an order does not guarantee that they will be able to access the data that the user stores on his smartphone check all smartphones price here. Therefore, officials try to frighten the public and make them believe that the encryption of user data is bad and dangerous. To do this, they use their favorite slogans about pedophiles and terrorists.
In the meantime, advocates for the protection of personal information approve of new ways of encryption, which, apparently, finally give us a chance to safely store private data.
In general, while one of these innovations seem unreasonable, others consider them a natural reaction to conditions that are too comfortable for state people, in which special services easily and without special control could access any personal data.
The latest version of #Google #Android will receive file encryption from the box — as in #Apple #iOS
We already wrote about the new scheme of data encryption, which Apple used in the new version of iOS. And, if this topic interests you from the point of view of the relationship with law enforcement agencies, we recommend that you check it out. Here, we will try to focus on what changes Google, in the newest version of Android, known as Lollipop, Android 5.0, and Android L (L is both the first letter of the word "Lollipop" and the Roman symbol for the number 50).
A Brief History of Encryption on Android
For the first time, the ability to encrypt the flash drive appeared in Android users in version 3.0, also known as Honeycomb. For about two years, this function existed almost in its original form, while in Android 4.4 KitKat Google did not strengthen the encryption algorithm. In Android, L reliability will be further increased. But, more importantly, if the inclusion of file encryption was left at the user's discretion, it will now be activated by default.
As for the reliability of encryption, the algorithm is chosen at the time, Google for Android 3.0, was not so bad. Another thing is that a specific implementation turned out to be quite problematic. A subtle security point resulted in the breaking-in of the PIN or password, which is used to block the mobile device.
Here is what Nikolai Elenkov says about encryption methods in different versions of Android: "If the key used to encrypt user data is long and complex, then it will take years to crack. However, since Android uses the PIN or screen lock password (which in principle cannot be longer than 16 characters) as the basis of this key, in practice, most users have encrypted the data with a very weak key. "
The password or PIN-code can be well protected from unlocking the smartphone since they can be entered a limited number of times. However, with encryption of data, everything is not so easy. With the help of certain manipulations, an attacker can get an image of a drive, transfer it to a powerful computer, and engage in a burglary with much greater efficiency.
We will not go into the technical details, if you want, you can read them in the link above. The fact is that hacking is possible. Again, if the passwords were complex and the encryption keys based on them were reliable, then there would be no problem. However, the specificity of mobile devices is that no one wants to use long codes to unlock them. Therefore, a modern computer copes with cracking the encryption of user data Android 3.0 in just seconds.
In the example below, it took 59 seconds, despite the fact that the password was much more complicated than those people actually use to block smartphones in Pakistan.
In Android version 4.4, developers used a different encryption system that was much more robust. However, the main drawback remained the same — the same user password / PIN was used as the basis. As a result, the reliability of encryption, due to the new algorithm, has increased by an order of magnitude, but in absolute terms, there is no particular difference — instead of several seconds, the cracking took several minutes.
What Will Change in Android 5.0
With the release of Android, L encryption will become much more reliable. In the new version of the OS, the key will only be based, in part, on the user's password.
As a result of his research, Nikolai Yelenkov came to the conclusion that Android L will use the second component for file encryption, probably hardware. Apparently, among other things, hardware acceleration of encryption will also be used. Breaking through the "brute force" method will still be possible, but it will take much longer.
Let's summarize, in the latest version of the world's most popular mobile OS, the user's files will finally be encrypted in a reliable way, if not eliminating hacking completely, then making it much more time-consuming. With that said, all smartphone users on Android can sleep a little more peacefully.
Opinions expressed by DZone contributors are their own.