{"id":2353,"date":"2013-08-30T12:38:52","date_gmt":"2013-08-30T04:38:52","guid":{"rendered":"http:\/\/www.alfredivy.per.sg\/blogger\/?p=2353"},"modified":"2015-11-11T22:26:01","modified_gmt":"2015-11-11T14:26:01","slug":"android-encryption","status":"publish","type":"post","link":"https:\/\/www.alfredivy.sg\/blogger\/2013\/08\/android-encryption\/","title":{"rendered":"Android Encryption"},"content":{"rendered":"

The corporate mobile mail policy requires the device storage to be encrypted.\u00a0 This is to prevent the loss information in the event the phone or device is lost.\u00a0 Tough but doable, I thought.<\/span><\/p>\n

What is Android Encryption?\u00a0 It uses dm-crypt subsystem that is part of the Linux kernel.\u00a0 It encrypts the storage using a 128 bit master key.\u00a0 The master key is protected by the hash of the user\u2019s unlock PIN and a random salt.\u00a0 The encrypted master and other version information are kept in a clear file stored at the end of the disk volume.\u00a0 This setup enables easy change of password, the master is re-encrypted with the new PIN and fast device wiping, the last block of the storage is deleted. More info here. link<\/a>\u00a0 Dev Doc<\/a><\/p>\n

There are some trade-offs. \u00a0If a separate encryption password for the storage, the user might forget it, especially if the device is not restarted regularly.\u00a0 Therefore Android Encryption is based on the user phone unlock PIN.\u00a0 For the ease of use, this PIN is usually kept simple.\u00a0 Who wants to enter a complex password just to get into a device many many times a day? For the security conscious, a security developer has come up with an app that will enable you to set a different password for the storage and it can be long and complex.\u00a0 Exercise caution as there is no undo button.\u00a0 link<\/a><\/p>\n

I was flashing a new nightly, when the irony of the situation hit me.\u00a0 If the storage is encrypted, it will not be readable in Recovery mode.\u00a0 That means the new nightly will be stuck in the encrypted and not mounted storage.\u00a0 Do I need to decrypt just flash a new nightly?\u00a0 Hmm back to the search engines.<\/p>\n

Somebody on XDA-Developers suggested using an SD card.\u00a0 Shutdown the phone, insert SD card, flash, shutdown again to pull out SD card and power on.\u00a0 The steps sound easy and clean, except on the Samsung S2, the back panel is piece of flimsy plastic.\u00a0\u00a0All this disassembly and assembly is going to crack something.\u00a0 In comparison, Nokia\u2019s E71 is built like a tank.<\/p>\n

Some nifty keyboard work reveals someone else has another solution to the same problem. \u00a0Put the phone in Recovery mode, use Android Debug Bridge (ADB) to mount a ram disk, copy the new nightly in and flash using that ram disk to as a source location.\u00a0 Neat!\u00a0 link<\/a><\/p>\n

I was monitoring the progress of CM10.2 or Android 4.3 development on XDA-Developers when I noticed a trend. Some users have encrypted the storage, upgraded from cm 10.1 to 10.2; thereafter access to storage was lost.\u00a0 In both cases, normal operations were resumed by wiping and restoring data from backup. \u00a0link<\/a> link<\/a><\/p>\n

In summary, Android encryption is easy to use, if you are flashing CM nightly, you might not want to cross a version number.<\/p>\n

Update 7 Sep<\/p>\n

I was poking around the nightly source files to shed some light on the missing encrypted storage problem. \u00a0I noticed that the vold.fstab file seems to be missing for Android 4.3. \u00a0That doesn’t seems to right, as it is one of the key config files. \u00a0Some more digging reveals that there has been some changes in the storage subsystem. \u00a0The fstab.device config file is now in root, probably part of boot.img. \u00a0I wonder if this is the cause of those upgrade problems. link<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The corporate mobile mail policy requires the device storage to be encrypted. This is to prevent the loss information in the event the phone or device is lost. Tough but doable, I thought.<\/p>\n","protected":false},"author":2,"featured_media":2359,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[222],"tags":[241,303,309,370,294],"class_list":["post-2353","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-smartphones","tag-android","tag-cyanogenmod","tag-encryption","tag-exchange","tag-jelly-bean"],"_links":{"self":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts\/2353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/comments?post=2353"}],"version-history":[{"count":9,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts\/2353\/revisions"}],"predecessor-version":[{"id":3451,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts\/2353\/revisions\/3451"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/media\/2359"}],"wp:attachment":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/media?parent=2353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/categories?post=2353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/tags?post=2353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}