Android encryption

Encryption for what application? Storing files? Text Messages? etc?

 

I highly doubt you'll find anything worthwhile. If it's a commercial application and some govt body wanted access, all they would have to do is subpoena the company that made the app for their encryption scheme.

To be truly protected you would need to come up with a one of a kind encryption scheme that was very strong and only you had the decryption scheme.

However, even that isn't practical. You would have to encode/decode your data every time you wanted to access it, which would equal very poor performance.

You could just enable the android lock screen where you have to swipe it in sequence to unlock it. That would give you some level of protection.

 

You raise a good point. I've used TrueCrypt in the past for my thumb drive and PC's and it works very very well. I'm going to research that.

 

That law was in Commiefornia. Not here.
I'm insured I'll just smash mine to bits if I had to. Grab a new one, no problems.
Also if the battery is missing, well....

 

Agreed. As I recall, the decision was reached in the Kommiefornia Supreme Court. I don't believer the decisions of that judge is binding on any legal cases but those deliberated in his/her state.

 

This may not fall within the bounds of even that silly court decision. A search incident to arrest, even given this decision and in my opinion, would not cover taking out an SD card, mounting it in a different device, and manually browsing the files.

 

http://www.lifehacker.com.au/2011/01/ho ... martphone/

http://gizmodo.com/5547858/encrypt-call ... droid-apps

http://www.hacker10.com/tag/android-aes-encryption/

Start with a good swipe pattern or password. Also look at mobile defender. Perhaps you could teach one of your friends how to do a remote wipe in the event of your "absence" for a couple of days

You can also sync android with dropbox and secure that with a good password. Dropbox can also be encrypted at the PC level and they are working on dropbox encryption between phone and PC. Should be coming soon. Open source, ftw.

 

Your statement is completely untrue.

It is a terrible idea, from a security standpoint, to come up with your own encryption scheme.

The strongest cryptographic systems must be open source and peer-reviewed to be trusted. It should always be assumed that the adversary knows everything about the scheme. The key is what has to be kept secret. Everything else is public. When passwords are used, they must be of sufficient length and entropy to withstand cracking attempts for a long time.

 

Android has public key and symmetric key crypto support through the SSL library
http://developer.android.com/reference/ ... descr.html.

Despite the implications of its name, the SSL routines can be used to protect data not only for transit across the network but also for storage.

However, this support would have to be worked into individual Android applications to secure their data from forensics.

I do not know that a full-disk encryption scheme is available for a non-rooted device. Android is built on top of Linux, which does have encrypted partition support:
http://encryptionhowto.sourceforge.net/ ... WTO-4.html

 

With a custom rom (I'm using Cyanogenmod) you can assign any sort of gesture swipe as your unlock pattern. Swirly S, figure 8, whatever. Beats using the connect the dots method. Makes it harder to figure out.

 

your paddling upriver

http://androidvoid.wordpress.com/2009/0 ... -and-luks/

 

I'll have to check out cyanogen. I'm using Darky's Mod right now and really like it.

The point is, OP, there are lots of ways to secure your android. Keep an eye on the android forums and websites such as lifehacker which are good at posting comprehensive how-tos for stuff like you are asking. The technology is still at that point where lots of disparate people know how to do it, and you can do it if you try hard enough, but you'll have to wait a little bit if you want to be walked through the process (and I don't blame you, it's complicated).

For now, focus on basic security stuff (strong passwords, remote wipe/off-site backup, etc) and that should keep ya safe from most prying eyes.

 

Locks (screen swipes) will not keep anyone out. The units (Cellebite) used to transfer contacts and such at your local wireless store will bypass any lock you have on the phone, even with a custom ROM. These units are available to law enforcement agencies and more and more are making use of them. We have supplied quite a few to various agencies in GA and Alabama.

 

Now that is certainly interesting. I've seen Cellebrite mentioned before.

 

I have played with 'em a few times. Very powerful machines. They are only available to wireless service providers and law enforcement.

http://www.cellebrite.com/

 

Exactly. If someone really wants the data they'll get it. A good password and such goes a long way in preventing casual thieves and such from poking around.

Just saw this today on lifehacker:
http://lifehacker.com/5727548/wallet-se ... roid-phone

*data encryption app for personal data*

If you don't have lifehacker on your RSS feed you should -- great site.

 

There is an XKCD cartoon that explains security risk environment around encrypted computers/cell phones pretty well:



http://xkcd.com/538/

I hear the Chinese are especially adept at rubber hose cryptanalysis In the United Kingdom, they lock you away in prison for 5 years for refusing to disclose a password. In the US, it is up in the air right now if a defendant can be compelled to disclose a password despite the 5th amendment.

From Mr. Volok:
http://volokh.com/archives/archive_2007 ... 1197763604