How many of you have encrypted your N5? Does it interfere with flashing ROM's, Kernels etc? With the revelations as of late (and Google backing of default encryption), was just wondering the adoption and general usage encounters we here have had with the encryption capabilities of the phone.
What it does interfere with is performance. On my Nexus you can really feel it - both in data transfers and boot up time for both the system and apps with large caches .
That being said it depends on your security requirements. I don't keep sensitive data on my phone ( unless you count photos of my dog's ass ) ) which means that encryption is wasted on me. I don't even have a pin lock or screen lock - they can be bypassed too easy , they waste time to unlock and they might force the "finder" to wipe the phone before I can remotely locate it .
From my point of view, there are more cons than pros for the encryption for the time being especially when it affects performance. Leaving encryption off until performance issues are fixed.
Thanks for the feedback, I was considering it out of principle, but then again like you, I dont have any sensitive company or personal data on there, unless you consider my run of the mill texts and convos. Cheers!
Related
Hey there. Can't find any info about encryption and what it brings, so I'll just fire away a few questions about details for that matter. Not that I'm so obsessed with security, more like just curious about the possibility. And keeping things under protection is nice when dealing with business stuff.
What encryption brings? Only data in encrypted, or apps/system too?
Would someone be able to get something from TF by connecting it to a PC? Or he will fail even using ADB or nvflash?
How secure we're speaking about? Any info on encryption method and key length in bits.
If I forget my password, or any other weird thing happen, could I reset it with nvflash, loading new clean images? Maybe encrypted volumes are handled differently, and it's not so easy...
Clockwork Recovery. Would it work perfectly fine with encrypted tablet?
Custom ROMs (like Prime!). Any possible problems when messing with system files without total wipe?
Performance. How bad it could be affected? I'm not sure Tegra2 has RSA-optimized module built-in (or whatever method it's using).
Unlocking. Will I be prompted to enter password every time I see unlock screen, or only when I reboot?
Any known limitations, like password length (I like to set long passwords, it's more efficient and easier to remember).
Bump - heard that HC 3.2 enabled encryption at last. Anyone tried it and can answer any of my questions?
Never done it myself, but from information I read:
tixed said:
Hey there. Can't find any info about encryption and what it brings, so I'll just fire away a few questions about details for that matter. Not that I'm so obsessed with security, more like just curious about the possibility. And keeping things under protection is nice when dealing with business stuff.
What encryption brings? Only data in encrypted, or apps/system too?
Would someone be able to get something from TF by connecting it to a PC? Or he will fail even using ADB or nvflash?
How secure we're speaking about? Any info on encryption method and key length in bits.
If I forget my password, or any other weird thing happen, could I reset it with nvflash, loading new clean images? Maybe encrypted volumes are handled differently, and it's not so easy...
Clockwork Recovery. Would it work perfectly fine with encrypted tablet?
I guess this should be fine.
Custom ROMs (like Prime!). Any possible problems when messing with system files without total wipe?
Performance. How bad it could be affected? I'm not sure Tegra2 has RSA-optimized module built-in (or whatever method it's using).
I read that this would have lesser performance since it has to be decrypted on fly and also affects battery.
Unlocking. Will I be prompted to enter password every time I see unlock screen, or only when I reboot?
I guess every time when you unlock.
Any known limitations, like password length (I like to set long passwords, it's more efficient and easier to remember).
Click to expand...
Click to collapse
I found THIS little tid bit after a Google search.
I do know that it does NOT encrypt your removable MicroSD card or SD card. The encryption can take a considerable amount of time to encrypt all your data (1 to 3 hrs and has to be powered on and at 100%). It will require a PIN or Password prompt at power on and possibly for other data sensitive action. It will also allow for password mining which is the process by which you are required to reenter a new password after so long. Also once you encrypt the only way back is a factory reset. If you lose your PIN or Password your SOL about getting your sensitive data back.
You might be better off using an app that can encrypt individual files that you choose.
Cheers...
tixed said:
What encryption brings? Only data in encrypted, or apps/system too?
Would someone be able to get something from TF by connecting it to a PC? Or he will fail even using ADB or nvflash?
How secure we're speaking about? Any info on encryption method and key length in bits.
If I forget my password, or any other weird thing happen, could I reset it with nvflash, loading new clean images? Maybe encrypted volumes are handled differently, and it's not so easy...
Clockwork Recovery. Would it work perfectly fine with encrypted tablet?
Custom ROMs (like Prime!). Any possible problems when messing with system files without total wipe?
Performance. How bad it could be affected? I'm not sure Tegra2 has RSA-optimized module built-in (or whatever method it's using).
Unlocking. Will I be prompted to enter password every time I see unlock screen, or only when I reboot?
Any known limitations, like password length (I like to set long passwords, it's more efficient and easier to remember).
Click to expand...
Click to collapse
Had a brief experience with encryption before I wiped back to stock. I would strongly recommend against it unless you wish to stick to a stock system and very much need that type of security. From what I remember of my experience:
The data partition is encrypted (not sure what else, but not MicroSD). When your device boots, a prompt that somewhat resembles a lockscreen pops fairly early on when the OS attempts to mount those partition(s). Thereafter, everything is accessible as usual; you can grab things via ADB. You do not have to constantly enter the password (though you would probably want to lockscreen your device as general good practice). As to what nvflash would get you, I'm not sure, since that would be before the partition mount...probably nothing usable. The problem with having an encrypted partition is that CWM at moment can't really do anything useful to those partitions. You cannot flash, backup, or restore via CWM. This means your ability to work with custom ROMs is effectively crippled. In fact, to undo the encryption (or if you forget your password), I had to nvflash back to stock. Factory reset via CWM cannot be done since, again, the partitions are still encrypted.
If in the future, CWM is able to access the partitions like the stock recovery can, then you'd be fine. Performance was not noticeably slower in anyway.
Thanks for the replies. This feature seems pretty grim at the moment. Well, we can all hope that Google and ASUS will update it properly. At least, they did a lot of good updates recently.
Hello,
My S3 mini was stolen and the thief apparently removed the battery or sim as soon as it was stolen. So it came into mind, which is more secure really. iOS or Android. Apparently, for an Android phpne whether the battery is removale or not, the thief can simply remove the SIM or just shut it down without even knowing the screen pass lock. Furthermore, if he does the power plus volume down combination, he can easily reset the phone to its factory defaults and even then, my photos - main storage and SD card - will be compromised. So yea, the phone can easily be cut from the internet so the wipe amd locate fucntions would be useless.
However on my iPad, I tried connecting it to a new computer, the photos were not accessible. I even installed iTunes, still the photos were not there. It had to be accessed from an iTunes that has previously backed it up. Traditional methods like wiping and locking and tracking are rednered useless because the thief can easily remove the SIM or simply shut it down without knowing the passlock.
So yea, does that make iOS more safe? Do thieves have access to programs that can bypass the lock screen for iOS or Android. Do they have access to programs that can factory reset iOS without an iTunes with a previous backup?
Am I missing anything? Can the user thighten the securty more by himself other than being careful and copying the photos reguraly. Also I am assuming that the USB debugging is turned off for Android by default.
PS: I do know that There are apps made to combat theft but yea, removing the battery, shutting it down or removing the SIM totally kills all those solutions.
We all know there are apps, but every night I sleep I think of this feature. But I'm not a kernel dev so I don't know how to make it.
Hopefully some kernel dev stumbles across this and can implement it.
There must be a pin lock when you factory reset your device and a toggle which unlocks the device pin for a certain amount of mins then locks so that the recovery wipe isn't reachable until one unlocks it.
But yeah, till now I think apple devices are more secure in terms of when theft applies.
Sent from my Nexus 5 using Tapatalk
i have an option to encrypt the entire phone in the security menu. i do not know if that is a custom rom or an android thing, but i suspect it is the latter.
i do not use that option, though, it makes data recovery more difficult should something go wrong. still, it is there, and if you guys are so security conscious, why not just encrypt the data?
In this era, Mobile Security is the top priority for any smartphone user. Mobile Security continues to up for the security. Nowadays it's more vital cause we store sensitive data on mobile phones. Ios is more secure than android.
Some features of IOS why you choose IOS:
App marketplace security: Apple closely inspects every app on its app store, which might reduce the number of apps available, but helps to minimize malware-riddled apps.
Device manufacturers: iPhone's integrated design makes security vulnerabilities less frequent and harder to find.
Updates to patch vulnerabilities: Apple updates are more accessible to control across devices, promising consistent security.
I have thus far been unable to find the information I'm looking for in regards to full disk encryption for Android. When you encrypt the drive, Android uses the same password used for unlocking your phone. There are methods out there to defeat the lock screen. Does this bypass encryption as well?
I assume that if it's really encrypted then getting around the lock screen without the appropriate password/key combination would result in you being unable to access the data. If this is not the case then the question becomes whether or not the data can be considered encrypted while the hard drive remains on the phone.
Anyone have any practical knowledge of this, and of whether the key for turning the phone on is the same as for unlocking the phone? I would appreciate any input toward this discussion. Thank you!
-E
emccalment said:
I have thus far been unable to find the information I'm looking for in regards to full disk encryption for Android. When you encrypt the drive, Android uses the same password used for unlocking your phone. There are methods out there to defeat the lock screen. Does this bypass encryption as well?
I assume that if it's really encrypted then getting around the lock screen without the appropriate password/key combination would result in you being unable to access the data. If this is not the case then the question becomes whether or not the data can be considered encrypted while the hard drive remains on the phone.
Anyone have any practical knowledge of this, and of whether the key for turning the phone on is the same as for unlocking the phone? I would appreciate any input toward this discussion. Thank you!
-E
Click to expand...
Click to collapse
So, to be clear, any encryption can be bypassed. If the password is weak, then there is no issue and can be done in no time, if the password is strong (capital letters, numbers, symbols), then a brute-force attack can take years! Said that, you have to understand that Android devices has weaknesses, like every other device, and out there are also companies that guarantee they can decrypt any android device. Another way to decrypt an Android device is freezing the device at -10c (yes physically and no is not a joke). Researchers has demonstrated that if you freeze the device, and quickly disconnected and reconnected the battery will put the device in a vulnerable loophole. Even if encryption means data altering, and it requires a key to access/restore the data, this behavior probable occurs because the low temperatures causes data to fade from internal chips more slowly. That way is possible to obtain encryption keys and unscramble the phone's encrypted data. So, to reply to your question, yes, someone with enough knowledge can bypass your encryption.
Hey, thank you for your response! I read the article about bypassing encryption by slowing the rate of RAM fade and using FROST. I have a few minor follow on questions about that, however I'm not terribly concerned with tracking that down. I'm doing some research for a project, and I've just run out of time basically, so I can't try everything.
So, I know that it can be bypassed. I also know that you can run a kernel called Armored that supposedly keeps the keys for your encryption on the CPU instead of RAM, which supposedly shuts down cold boot attacks. I think that's a bit extreme for everyday situations, but it's there. I'm more curious about the authentication mechanism for the encryption I guess. It's ran through AES128, then salted with SHA, if I remember what I read. So without encryption, if you bypass the password, you're in. I'm curious, if you were to be able to bypass the encryption password (without actually getting it right). Would the system let you in, but leave everything encrypted and unreadable since you didn't provide the appropriate credentials?
-E
emccalment said:
Hey, thank you for your response! I read the article about bypassing encryption by slowing the rate of RAM fade and using FROST. I have a few minor follow on questions about that, however I'm not terribly concerned with tracking that down. I'm doing some research for a project, and I've just run out of time basically, so I can't try everything.
So, I know that it can be bypassed. I also know that you can run a kernel called Armored that supposedly keeps the keys for your encryption on the CPU instead of RAM, which supposedly shuts down cold boot attacks. I think that's a bit extreme for everyday situations, but it's there. I'm more curious about the authentication mechanism for the encryption I guess. It's ran through AES128, then salted with SHA, if I remember what I read. So without encryption, if you bypass the password, you're in. I'm curious, if you were to be able to bypass the encryption password (without actually getting it right). Would the system let you in, but leave everything encrypted and unreadable since you didn't provide the appropriate credentials?
-E
Click to expand...
Click to collapse
Encryption is carried out at boot time. After the device has booted, a lockscreen bypass will yield full access to the device's data. Encryption only protects your data when the phone isn't turned on, effectively. Or if you know the adversary won't be able to bypass the lockscreen, and would end up rebooting it without knowing it was encrypted.
pulser_g2 said:
Encryption is carried out at boot time. After the device has booted, a lockscreen bypass will yield full access to the device's data. Encryption only protects your data when the phone isn't turned on, effectively. Or if you know the adversary won't be able to bypass the lockscreen, and would end up rebooting it without knowing it was encrypted.
Click to expand...
Click to collapse
@pulser_g2 +++
Or if you have a tracking software that allows you to shut down your phone remotely... But in that case you may as well wipe your phone remotely.
Hello guys, i have a few question that i would like to ask.
My boss is considering S8 as his new phone and he need to know about device security.
1.If you encrypt device how tough it is for police to open it?
No criminal activity done but police is part of the fight between companies. And it is the cheapest fighting method.
2.Is it possible to wire the phone without hardware mod?
Like for example using some sort of wireless method or wireless activation of cam or microphone?
3.If i turn on wipe device after 10 bad password attempts is it wiped completely without any possible way of recovery?
There will be no SD card used. Only internal memory.
4.What is safer? S8 or iPhone 7 Plus
5.Can there be software sent and installed to phone without user interaction?
Thank you so much for your answers.
It's impossible to directly crack the phone's encryption if you use a secure password. The SD card can be securely encrypted as well. Biometric unlocking is less secure, if you set that up (though if you shut the phone down, only the password will unlock it). There is an option to have the phone wiped after multiple failed password entries, but that gives no extra protection from serious attackers who can copy the phone's storage and work from the copy rather than the original. So you need a secure, unguessable password.
Courts may be able to compel you to unlock your phone (or jail you until you comply). Different jurisdictions have different (and changing) rules on the matter.
All phones are designed with strong measures against installing malware. And the S8's Secure Folders feature adds another layer of safety. Nonetheless, vulnerabilities are discovered all the time. They're patched by monthly security updates, but new ones still pop up. So it's impossible to guarantee the absence of malware (including malware that uses the microphone). Empirically, however, it appears to be quite rare for a modern phone, with up-to-date patches and other best security practices, to be seriously compromised.
But of course your boss will need to do their own research and verify all these claims from reliable sources, not from unknown people on an internet forum.
I'm working with around 100 Android Devices at work and on a weekly basis, I have staff coming to me advising their devices have bugs (calls drop, audio drops, poor battery, buggy performance, laggy performance, etc...). Often, the way to resolve these issues is to just factory reset the device (restore a zip) and then set it up as a new device. This is a bit of a pain because I have a bunch of settings I need to input each time and install some apps.
Thinking of how virtual machines work is there a way to create a saved snapshot or a saved state or clone of an Android device in a finalized working state and "flash" that state to other devices so I don't need to go through the entire format and reset of each device?
rcanpolat said:
I'm working with around 100 Android Devices at work and on a weekly basis, I have staff coming to me advising their devices have bugs (calls drop, audio drops, poor battery, buggy performance, laggy performance, etc...). Often, the way to resolve these issues is to just factory reset the device (restore a zip) and then set it up as a new device. This is a bit of a pain because I have a bunch of settings I need to input each time and install some apps.
Thinking of how virtual machines work is there a way to create a saved snapshot or a saved state or clone of an Android device in a finalized working state and "flash" that state to other devices so I don't need to go through the entire format and reset of each device?
Click to expand...
Click to collapse
Do you think google has made such a weak system that anyone could with great ease copy the entire system to another hardware, whether physical or virtual?
Without root you won't do anything like that, and on a modern device even root won't help.
A bit condescending on your first statement there but I appreciate the reply regardless.
If it's not doable then suggestions are welcome on how to make the process more efficient if anyone has any.