0

I have Samsung Galaxy S5 with Android 6.0 and would like fully encrypt it in the most secure way. What would be the best thing here?

I'd like to avoid doing convoluted things like installing ROMs and the like and I'd also like to still be able to do firmware updates.

What about Android's full encryption? I'm unsure whether that is really the most secure way. The reports of July 2016 according to which it got cracked are part of why I doubt it is. How secure is it?

mYnDstrEAm
  • 319
  • 2
  • 17
  • 1
    All questions which say "in the most secure way" need to include details about what threats you're trying to protect against. Are you wanting to protect against a casual attacker, a specific person, or a nation-state? Do you have any details on the reports you mention? Links to articles about them? References on the manufacturer website? _Why_ do you think it's insecure? – Matthew Feb 13 '17 at 16:33
  • I never heard about alternatives to android's standard device encryption feature like installing ROMs in a galaxy s5. Can you provide details? – Out of Band Feb 13 '17 at 21:23
  • @Matthew I don't want to protect against any specified threats but simply go with the most secure way that I can get without much of a hassle. Links to the reports: http://www.zdnet.com/article/how-to-crack-android-encryption-on-millions-of-smartphones/ & https://arstechnica.com/security/2016/07/androids-full-disk-encryption-just-got-much-weaker-heres-why/ – mYnDstrEAm Feb 19 '17 at 10:23
  • @Pascal I don't know either that's why I asked. I pretty much doubt that Android's native encryption is the only way though - especially as that is a relatively new feature... – mYnDstrEAm Feb 19 '17 at 10:23
  • Afaik, Android full disk encryption is based on dm-crypt. There is a project to port LUKS to Android: https://github.com/guardianproject/luks/wiki, but it looks very old, and while there are differences to raw dm-crypt, it's hard to say whether that would be in any way more secure. If you want the most secure solution without much of a hassle, go with the factory-provided encryption; I doubt there is a viable alternative. If you're worried about encryption key extraction, you're obviously worried about capable attackers, and in that case I wouldn't trust a platform with built-in telco anyway. – Out of Band Feb 19 '17 at 13:36

0 Answers0