Menu
Google makes full-disk encryption and secure boot mandatory for some Android 6.0 devices

Google makes full-disk encryption and secure boot mandatory for some Android 6.0 devices

Devices with enough memory and decent cryptographic performance will need to have full-disk encryption enabled

Google's plan to encrypt user data on Android devices by default will get a new push with Android 6.0, also known as Marshmallow.

The company requires Android devices capable of decent cryptographic performance to have full-disk encryption enabled in order to be declared compatible with the latest version of the mobile OS.

Google's first attempt to make default full-disk encryption mandatory for phone manufacturers was with Android 5.0 (Lollipop), but it had to abandon that plan because of performance issues on some devices.

This put Android at a privacy disadvantage with iOS, which already encrypts user data out of the box in a way that not even Apple, or government agencies for that matter, can recover it.

With the release of Android 6.0, the Android Compatibility Definition Document (CDD), which sets guidelines for manufacturers, has also been updated. The document now lists full-disk encryption as a requirement instead of a recommendation.

If a device does not declare itself as a low-memory device -- with about 512MB of RAM -- and supports a secure lock screen, it must also support full-disk encryption of both the application data and shared storage partitions, the document says.

Furthermore, if the device has an Advanced Encryption Standard (AES) cryptographic operation performance above 50MB/s, the full-disk encryption feature must be enabled by default during the initial set-up.

The document also specifies other encryption implementation details, like the use of 128-bit or greater AES keys, not writing the encryption key to the storage area at any time, encrypting the encryption key with another key derived from the lock screen password after applying an algorithm like PBKDF2 or scrypt to it, and never transmitting the encryption key off the device, even when the key is encrypted.

The move is likely to draw criticism from law enforcement officials in the U.S. who have argued over the past year that the increasing use of encryption on devices and online communications affects their ability to investigate crimes.

In addition to encryption, Google also mandates verified boot for devices with AES performance over 50MB/s. This is a feature that verifies the integrity and authenticity of the software loaded at different stages during the device boot sequence and protects against boot-level attacks that could undermine the encryption.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Google

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.‚Äč

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments