Android encryption

Discussion in 'Off-topic' started by phyllapine, Jan 5, 2011.

  1. phyllapine

    phyllapine Member

    86
    0
    6
    In light of recent court decisions concerning mobile phone searches, I am looking for information on file encryption technologies for the Android OS. Does anyone here have any first-hand experience with free or reasonably priced encryption that works well on this platform? Google returns a lot of obscure/sketchy looking results. I'm not sure which apps to trust.
     
  2. sirkut

    sirkut Member

    880
    0
    16
    Encryption for what application? Storing files? Text Messages? etc?
     

  3. dcannon1

    dcannon1 New Member

    6,548
    0
    0
    I highly doubt you'll find anything worthwhile. If it's a commercial application and some govt body wanted access, all they would have to do is subpoena the company that made the app for their encryption scheme.

    To be truly protected you would need to come up with a one of a kind encryption scheme that was very strong and only you had the decryption scheme.

    However, even that isn't practical. You would have to encode/decode your data every time you wanted to access it, which would equal very poor performance.

    You could just enable the android lock screen where you have to swipe it in sequence to unlock it. That would give you some level of protection.
     
  4. AMD

    AMD Member

    93
    0
    6
    You raise a good point. I've used TrueCrypt in the past for my thumb drive and PC's and it works very very well. I'm going to research that.
     
  5. Puffyfish

    Puffyfish New Member

    1,182
    0
    0
    That law was in Commiefornia. Not here.
    I'm insured I'll just smash mine to bits if I had to. Grab a new one, no problems.
    Also if the battery is missing, well....
     
  6. phyllapine

    phyllapine Member

    86
    0
    6
    The screen lock is a good first step but can be easily defeated by removing the SD card and mounting the file system in a PC card reader. Is there a way to encrypt the SD card so that only the android device has the encryption keys thus making the SD card useless outside of the phone.?
     
  7. moga

    moga New Member

    5,194
    0
    0
    Agreed. As I recall, the decision was reached in the Kommiefornia Supreme Court. I don't believer the decisions of that judge is binding on any legal cases but those deliberated in his/her state.
     
  8. kkennett

    kkennett New Member

    2,139
    0
    0
    This may not fall within the bounds of even that silly court decision. A search incident to arrest, even given this decision and in my opinion, would not cover taking out an SD card, mounting it in a different device, and manually browsing the files.
     
  9. spector

    spector New Member

    1,849
    0
    0
    http://www.lifehacker.com.au/2011/01/ho ... martphone/

    http://gizmodo.com/5547858/encrypt-call ... droid-apps

    http://www.hacker10.com/tag/android-aes-encryption/

    Start with a good swipe pattern or password. Also look at mobile defender. Perhaps you could teach one of your friends how to do a remote wipe in the event of your "absence" for a couple of days :wink:

    You can also sync android with dropbox and secure that with a good password. Dropbox can also be encrypted at the PC level and they are working on dropbox encryption between phone and PC. Should be coming soon. Open source, ftw.
     
  10. frankr

    frankr Active Member

    1,122
    0
    36
    Your statement is completely untrue.

    It is a terrible idea, from a security standpoint, to come up with your own encryption scheme.

    The strongest cryptographic systems must be open source and peer-reviewed to be trusted. It should always be assumed that the adversary knows everything about the scheme. The key is what has to be kept secret. Everything else is public. When passwords are used, they must be of sufficient length and entropy to withstand cracking attempts for a long time.
     
  11. frankr

    frankr Active Member

    1,122
    0
    36
    Android has public key and symmetric key crypto support through the SSL library
    http://developer.android.com/reference/ ... descr.html.

    Despite the implications of its name, the SSL routines can be used to protect data not only for transit across the network but also for storage.

    However, this support would have to be worked into individual Android applications to secure their data from forensics.

    I do not know that a full-disk encryption scheme is available for a non-rooted device. Android is built on top of Linux, which does have encrypted partition support:
    http://encryptionhowto.sourceforge.net/ ... WTO-4.html
     
  12. sirkut

    sirkut Member

    880
    0
    16

    With a custom rom (I'm using Cyanogenmod) you can assign any sort of gesture swipe as your unlock pattern. Swirly S, figure 8, whatever. Beats using the connect the dots method. Makes it harder to figure out.
     
  13. madamimadam

    madamimadam New Member

    833
    0
    0
    your paddling upriver

    http://androidvoid.wordpress.com/2009/0 ... -and-luks/
     
  14. spector

    spector New Member

    1,849
    0
    0
    I'll have to check out cyanogen. I'm using Darky's Mod right now and really like it.

    The point is, OP, there are lots of ways to secure your android. Keep an eye on the android forums and websites such as lifehacker which are good at posting comprehensive how-tos for stuff like you are asking. The technology is still at that point where lots of disparate people know how to do it, and you can do it if you try hard enough, but you'll have to wait a little bit if you want to be walked through the process (and I don't blame you, it's complicated).

    For now, focus on basic security stuff (strong passwords, remote wipe/off-site backup, etc) and that should keep ya safe from most prying eyes.
     
  15. psrumors

    psrumors Well-Known Member

    4,869
    47
    48
    Locks (screen swipes) will not keep anyone out. The units (Cellebite) used to transfer contacts and such at your local wireless store will bypass any lock you have on the phone, even with a custom ROM. These units are available to law enforcement agencies and more and more are making use of them. We have supplied quite a few to various agencies in GA and Alabama.
     
  16. sirkut

    sirkut Member

    880
    0
    16

    Now that is certainly interesting. I've seen Cellebrite mentioned before.
     
  17. psrumors

    psrumors Well-Known Member

    4,869
    47
    48
    I have played with 'em a few times. Very powerful machines. They are only available to wireless service providers and law enforcement.

    http://www.cellebrite.com/

     
  18. phyllapine

    phyllapine Member

    86
    0
    6
    Good discussion. Thanks for all the thoughtful input. My biggest concern is not so much about focused, intensive investigations with forensics techs and subpoenas. They would just be wasting their time; I'm not that interesting. My goal is to make the data inaccessible to the average thief/LEO/TSA agent etc.
     
  19. spector

    spector New Member

    1,849
    0
    0
    Exactly. If someone really wants the data they'll get it. A good password and such goes a long way in preventing casual thieves and such from poking around.

    Just saw this today on lifehacker:
    http://lifehacker.com/5727548/wallet-se ... roid-phone

    *data encryption app for personal data*

    If you don't have lifehacker on your RSS feed you should -- great site.
     
  20. frankr

    frankr Active Member

    1,122
    0
    36
    There is an XKCD cartoon that explains security risk environment around encrypted computers/cell phones pretty well:

    [​IMG]

    http://xkcd.com/538/

    I hear the Chinese are especially adept at rubber hose cryptanalysis ;-) In the United Kingdom, they lock you away in prison for 5 years for refusing to disclose a password. In the US, it is up in the air right now if a defendant can be compelled to disclose a password despite the 5th amendment.

    From Mr. Volok:
    http://volokh.com/archives/archive_2007 ... 1197763604