Android full-disk encryption is less secure than Apple’s, study finds

Google IO and Android

If you use an encrypted Android device that sports a Qualcomm CPU at its heart, this news is for you.

Encryption usually makes infiltrating a device a more difficult affair, but not all encryption methods are made equal. This revelation was made by indie researcher laginimaineb.

According to the findings, Android devices powered by ARM-based Qualcomm chips store encryption keys not in hardware, but software. This effectively makes it easier for attackers to gain access to these keys, and your information. The issue lies in ARM’s TrustZone system used to store the keys.

Related: John Oliver explains the FBI Apple encryption debacle (video)

This is a stark contrast to Apple‘s system:

“Binding the encryption key to the device’s hardware allows Apple to make the job much harder for would-be attackers. It essentially forces attackers to use the device for each cracking attempt. This, in turn, allows Apple to introduce a whole array of defences that would make cracking attempts on the device unattractive,” laginimaineb explains.

While obtaining these keys on an Android device remains too much trouble for the common crook, it’s clear that encryption isn’t quite perfect. It should also be noted that Android full-disk encryption is enabled by default from Android 5.o Lollipop and later.

According to Engadget’s comment from Qualcomm, the security flaws were “were also discovered internally and patches were made available to our customers and partners,” while Google also explained that it issued patches to its systems “earlier this year.”

Andy Walker, former editor


Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.