1

Following on from Why do mobile devices force user to type password after reboot?, I've noticed that my Pixel 6 Pro can access data after a restart. e.g. WhatsApp messages come through and notifications with previews show before the device password has been entered.

On previous phones, like the Pixel 5, the device required unlocking with the password before it could access data, and presumably the device storage.

My question is, how does the newer phone receive WhatsApp messages, etc, before the device encryption key? WhatsApp is a good example as access the asymmetric private key for this app would need to be read in order to show the notification containing the message contents.

My guess is it's something to do with the Tensor chip, but doesn't this make the device insecure if encrypted storage can be accessed without manual password entry?

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
  • 2
    My best guess would be file-based encryption, allowing exactly for that kind of thing. –  Feb 25 '22 at 14:15
  • Have you tested if the new Whatsapp version behaves still the way you remember on Pixel 5? May be just the Whatsapp version has changed and now makes use of the direct boot aware feature thus storing some required data in the device encrypted storage which is available before first unlock. – Robert Feb 25 '22 at 15:48
  • Android File Based Encryption hasn't changed much in recent years. I believe WhatsApp has put its encryption keys in device encrypted storage which doesn't require user to unlock the screen after reboot. This is only secure if those keys are decrypted and provisioned inside Tensor Security Core chip because spyware agencies are known for extracting keys from the main memory. – defalt Feb 27 '22 at 06:29

0 Answers0