In a time when smartphones have become so entrenched in our daily activity, it is important to consider how to protect your data on these devices.
Encryption, a way to protect data at rest, is easier explained in terms of a bank vault. Once an attacker has breached the vault door, the cash is available and unprotected. Think of encryption as a “dye pack” that explodes and renders the cash useless behind the vault. Though less permanent than my example, encryption further protects the data on your hardware by essentially scrambling it to an unreadable form. The good news is that it is fairly easy to enable on your smartphone, as you will read below.
There is certainly no global encryption standard or method for all smartphones, and in this article I will briefly compare and contrast stock encryption methods offered on the two most popular platforms: iOS and Android.
The iOS platform uses a file-based encryption (FBE) standard, and therefore requires minimal effort for an iPhone user to encrypt their device. As long as the user has a lock screen passcode set, content on the device is encrypted. Every file and keychain item is protected to some degree while the screen is locked. On your phone, open Settings, then select “Touch ID & Passcode” to turn this on.
Taking a slightly deeper dive for the tech enthusiasts, there are four protection classes that each file on the phone is assigned, and this “class” method allows users to see certain data when the phone is locked. One of the four classes even allows you to create files behind a locked screen, i.e. the camera functionality. Due to the camera application’s encryption class, you can take a photo when the phone is locked, but once you close out of the photo it is encrypted.
To provide another example, notice that when the phone is locked and you receive a phone call, the phone can retrieve data from your contacts to identify and display the information correctly. This is because the class of encryption used here is not tied to the PIN the user enters.
In contrast to iOS, Android uses Full-Disk Encryption (FDE), an all-or-nothing approach that encrypts disks at the sector level. A bit more effort is required to set up this encryption, but it is fairly simple. In Android version 7, you can find this under Settings > Lock Screen and Security > Secure Startup
Since the release of Android 7, named “Nougat,” File-Based Encryption (similar to that used in iOS) is actually available and automatically turned on with most new phones that are shipped. It is called “Direct Boot,” and contains only two categories (short of Apple’s four classes). One category allows access to files before entering a PIN or passcode, and the other allows access only after a successful login. This is not as extensive as Apple’s FBE, and therefore encryption is not provided by default after the user first unlocks their phone. It is, however, a step in a new direction for Google, and an acknowledgement to a balance between functionality and security for their platform.
Which platform offers a more secure solution?
The answer depends on how you value and measure security. Only Android offers a sector-level full disk encryption method. This renders your phone a useless “brick” while it is off, until you decrypt by entering the pin or password upon startup. Even with the new file-based encryption however, there is no protection enforced after the first login. The only protection is your lock screen, acting as a “single locked door between the thief and the room of treasure.”
In contrast, iPhone users have some degree of encryption on all of their data when the phone is on and screen-locked. This speaks to Apple’s predetermined focus on addressing the sacrifice of functionality for security. If you’re up against a sophisticated attacker with enough resources and forensic expertise, however, a powered down FDE-enabled Android phone would fare better than an iPhone.
It is also important to discuss the relationship these platforms hold with their app developers. With its class assignment system, Apple has provided developers with a simple and useful tool set to protect what they create. Google has less of a handle on this, but the open-source nature and abundant size of the Android knowledge community provides developers and engineers with solid and expansive security insight.
Sources: https://blog.cryptographyengineering.com/2016/11/24/android-n-encryption/, https://security.stackexchange.com/questions/57588/iphone-ios-7-encryption-at-lock-screen