21

Google recently announced that in Android L encryption would be turned on by default:

For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement. As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on. (Reported by The Washington Post 18-Sep-2014.)

Currently, if I have an Android phone and I have a Google account associated with that phone, if I forget my phone's PIN I can still get by using my Google account credentials, at least according to Recover Android Device in case of Forgot password/pattern unlock an Android device.

How does turning on encryption by default help protect against law enforcement accessing the device's data if law enforcement can go to Google and get them to reset the user's Google account credentials and thereby get around the PIN? (Let's assume that the device we are considering has a PIN and a Google account associated with it.)

rlandster
  • 363
  • 1
  • 2
  • 7
  • 4
    https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager This app uncouples the lock screen password and the encryption password (root req) –  Nov 19 '14 at 13:04
  • Why are you so worried about law enforcements getting hold of your data? I'm sure that if they build a solid enough case against you (let's say terrorism) they will ask google to provide them with enough information so they can access that data. In which case, I'd say laws (or special made up rules) beat encryption. – sir_k Dec 02 '14 at 11:30
  • 1
    While not an answer since you have the assumption that the device has a pin, you can set the encryption password to be different than the pin - this would be more secure than having the same pin/password for the encryption AND the lock screen, and if done right the encryption password would never leave the phone, thus Google won't have the technical ability to help much in the matter. Also, as others noted, encryption helps mostly when the device is off - if you want it to be secure, make sure your device turns off regularly without your intervention. – user2813274 Dec 02 '14 at 12:20
  • It appears to be possible to brute force the pin that is used to encrypt the disk under certain circumstances. Code was opensourced in defcon 20 which shows this working on a Nexus S and Galaxy phone by viaforensics. So, use a long non-numerical pin – user3791372 May 14 '16 at 00:39
  • @FlorinCoada I'd imagine it's little more than asking for a court order, and Google would comply immediately. Depending on fickle factors like your religion, the colour of your skin etc could probably make you far more susceptable. – user3791372 May 14 '16 at 00:40
  • Any disk encryption software can easily provide a trivial backdoor simply by storing the secret key somewhere on the disk encrypted by some public key provided by the FBI/NSA/etc. So if law enforcement wants to decrypt your whole disk they just send that stored encrypted key to the FBI/NSA/etc... who in turn just use their private key to decrypt it. Super simple trivial backdoor. – ManRow Jun 18 '20 at 14:38

3 Answers3

21

Disk encryption only protects your phone when it is turned off (i.e., it protects data at rest). Once the device is turned on, data is decrytped transparently, and (at least with the current implementation) the decryption key is available on memory.

While Android uses the device unlock PIN/password to derive the disk encryption key, the two are completely separate. The only way someone can change your disk encryption password is if there is a device administrator application installed that allows remote administration (or they have a hidden backdoor you don't know about, but in that case you are already owned). UPDATE: the Google account fallback has been removed in 5.0+.

The article you link seems to be rather old and out of date. In current Android versions, login with Google account is only supported as a fallback to the pattern unlock (not the PIN/password) one, so if you are using PIN/password you are generally OK. Again, this only works if the device is already on, if it is off, they will need the disk encryption password to turn it on (technically to mount the userdata partition).

That said, because the disk encryption password is the same as the unlock password, most people tend to use a simple PIN which is trivial to bruteforce with the current implementation (slightly harder on 4.4 which uses scrypt to derive keys). Android L seems to have improved on this by not deriving the disk encryption password directly from the lockscreen one, but no details are currently available (no source). It does seems that, at least on Nexus devices, the key is hardware-protected (likely TrustZone-based TEE), so bruteforcing should no longer be trivial. (Unless, of course, the TEE is compromised, which has been demonstrated a few times.)

BTW, turning encryption on also helps with factory reset, because even if some data is left on the flash, it will be encrypted and thus mostly useless.

Nikolay Elenkov
  • 326
  • 1
  • 5
  • Google still seems to be able to remotely unlock a device even when using a PIN or password as of Android 4.4. On the Android Device Manager, the existing screen lock mechanism can be replaced with a password entered in the web interface. I haven't checked what happens in case the device is encrypted, though (since this would theoretically bring the lock screen password and the encryption password out of sync). – lxgr Oct 03 '14 at 09:48
  • I haven't tested this either, but looking at the code, it does seem that this resets the disk encryption password as well (they don't get out of sync). The Android Device Manager works in conjunction with a device administrator app on the device, if you disable it, you cannot reset the lockscreen/encryption password remotely. – Nikolay Elenkov Oct 03 '14 at 14:11
  • As for the Device Manager, in the current version, you cannot change the unlock PIN/password. You can only set a new one, if the device doesn't have a PIN/password set. – Nikolay Elenkov Feb 22 '16 at 02:06
9

Android encryption uses dm-crypt which, used the right way, can protect the device from law enforcement. However, there are several issues:

  1. The password needs to be distinct from any password you use. Any party you give your password in a login has usually full text access at least the time you log in, and it is possible they store it in a retrievable way. Law enforcement can ask them to hand it over.
  2. The password needs to be distinct from your google login password. I made 1 and 2 separate as I don't know the particular implementation google plans to use. It is possible that they unify both passwords for "convenience".
  3. The password needs to be strong. Weak passwords can be brute-forced. Its particularly easy for attackers as they can do offline brute-force. This however is nothing that google or anyone can fix, this is your responsibility.
  4. If you use your device while law enforcement is aware of you, they (or google) can install a backdoor onto your phone. Its pretty easy for agencies with sufficient funds to find a way onto your device. With "everyone is a suspect"-dragnet surveillance, "aware of you" can mean always, and the protection is meaningless. This is one of the reasons the agencies like dragnet surveillance: they can travel back in time.
  5. Law enforcement may not get the device from you while its still on. If its on, the key (and perhaps also the data you want to protect) resides in RAM, and can be extracted via a cold boot attack, or backdoors.
Community
  • 1
user10008
  • 4,315
  • 21
  • 33
  • But how does any of that stop the Google account login bypass? – rlandster Sep 19 '14 at 20:31
  • It is possible to set a new password, thats true. But then also all data are lost. – user10008 Sep 19 '14 at 21:09
  • A lot of the time, about the best we can do about pervasive, dragnet surveillance (short of completely redesigning things from scratch) is to force the attacker to go from passive monitoring to active attacks. That raises both the cost of attacks as well as the risk of the attacker being detected, which serves to reduce the probability of a "moderately interesting" individual being targetted. If you are actually a specific target of a nation-state actor who is willing to throw some money and manpower at the problem, then indeed there isn't a whole lot you can do; they very likely will get in. – user Jan 19 '17 at 22:14
2

Firstly I admit I have not tested it myself, but according to http://nelenkov.blogspot.de/2012/08/changing-androids-disk-encryption.html the disc encryption password is also changed, when the device password/pin is changed.

As the device password can be reset in a variety of ways, firstly you can access the already unlocked data (assuming the device is still powered on).

Secondly I understand from the linked article that the password change in the GUI triggers a change in the encryption password. That will also only be possible if the device is still powered on, but leads to the conclusion that for example a thief could install a new password for later use.

Of course all attack scenarios, user10008 pointed out are valid as well.

If a google/Web triggered password change would also change the on - disk password, I can not say. That's a very interesting question.

Spacy
  • 336
  • 1
  • 4