Home >> News >> Android Full-Disk Encryption is Weak, Study Finds

Android Full-Disk Encryption is Weak, Study Finds


Android full-disk encryption is weak, says expert Gal Beniamini. You might want to consider switching to iOS for better encryption, brags Apple. Android depends on multiple partners to develop security policies, and the encryption keys are stored in the software. This makes the keys more vulnerable to attacks.

Furthermore, many Android devices that have been upgraded to more secure versions can still be rolled back to the old, vulnerable versions of the software. Thus, exposing them once more to possible exploits. When it comes to numbers, the amount of devices susceptible to getting hacked is huge. More than a third of the Android devices can face broken encryption.

<

Android Full-Disk Encryption is Weak

It is because of Android’s architecture that these attacks are possible. Storing keys in the software and not the hardware makes room for possible exploits. Still, it is only the case with Qualcomm CPU powered Android devices.

Getting to these keys is still a hard job for your average hacker, but the problem remains – the encryption is far from being perfect, and iOS has a lead on this feature as well.

These security flaws have been discovered by Qualcomm developers, and they quickly came with patches to protect their customers and partners. However, these patches are not “bulletproof” either.

Users usually turn Android full-disk encryption off because encryption is too slow. Google’s encryption implementation does not provide a hardware accelerated one. Furthermore, efforts to mandate Android full-disk encryption in Android 6 have not been put into practice.

When it comes to iOS, the matter is simpler. The approaches are entirely different. This OS doesn’t rely on a software to read the key. It is a chip, the Secure Enclave. It communicates with the application processor through an interrupt-driven mailbox.

The weak encryption is not the only problem Google faces. Last year, it was noted that Android also needs an auto-rooting adware so that users can still keep their phones after being infected with Shuanet, Shedun, or ShiftyBug. Furthermore, Android allows malicious apps to gain root access to features such as camera, GPS location, and other personal data. Yet Google has yet to address the issue adequately and patch those users. And Android 6 Marshmallow doesn’t seem to win much ground, managing its way only into a tenth of the software installed last year.

IMAGE SOURCEPixabay


About Sara Rose

rose@thenextdigit.com'
She has spent the past 4 years playing the role of an IT consultant, and has now joined The Next Digit as a full time blogger. Her current profession is a result of her deep experience in computer gadgets, laptops, gaming accessories and other tech updates.

Fatal error: Uncaught Exception: 12: REST API is deprecated for versions v2.1 and higher (12) thrown in /home/nitin198/public_html/wp-content/plugins/seo-facebook-comments/facebook/base_facebook.php on line 1273