Menu
Google makes full-disk encryption and secure boot mandatory for some Android 6.0 devices

Google makes full-disk encryption and secure boot mandatory for some Android 6.0 devices

Devices with enough memory and decent cryptographic performance will need to have full-disk encryption enabled

Google's plan to encrypt user data on Android devices by default will get a new push with Android 6.0, also known as Marshmallow.

The company requires Android devices capable of decent cryptographic performance to have full-disk encryption enabled in order to be declared compatible with the latest version of the mobile OS.

Google's first attempt to make default full-disk encryption mandatory for phone manufacturers was with Android 5.0 (Lollipop), but it had to abandon that plan because of performance issues on some devices.

This put Android at a privacy disadvantage with iOS, which already encrypts user data out of the box in a way that not even Apple, or government agencies for that matter, can recover it.

With the release of Android 6.0, the Android Compatibility Definition Document (CDD), which sets guidelines for manufacturers, has also been updated. The document now lists full-disk encryption as a requirement instead of a recommendation.

If a device does not declare itself as a low-memory device -- with about 512MB of RAM -- and supports a secure lock screen, it must also support full-disk encryption of both the application data and shared storage partitions, the document says.

Furthermore, if the device has an Advanced Encryption Standard (AES) cryptographic operation performance above 50MB/s, the full-disk encryption feature must be enabled by default during the initial set-up.

The document also specifies other encryption implementation details, like the use of 128-bit or greater AES keys, not writing the encryption key to the storage area at any time, encrypting the encryption key with another key derived from the lock screen password after applying an algorithm like PBKDF2 or scrypt to it, and never transmitting the encryption key off the device, even when the key is encrypted.

The move is likely to draw criticism from law enforcement officials in the U.S. who have argued over the past year that the increasing use of encryption on devices and online communications affects their ability to investigate crimes.

In addition to encryption, Google also mandates verified boot for devices with AES performance over 50MB/s. This is a feature that verifies the integrity and authenticity of the software loaded at different stages during the device boot sequence and protects against boot-level attacks that could undermine the encryption.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Google

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments