Yet Another Blog

May 30, 2014

Tuning Android Disk Encryption Feature

Filed under: Android, Security, Software — Tags: , , , , — guilleml @ 3:04 pm

I use my phone, like most of you, as my personal assistant so it carries all kind of information regarding banks, passwords, services, purchases, friends, photos, etc. Most of this information is private and I am very concerned about what would happen if someone gain access to this package of private information. Probably they would only want the hardware, but let’s be honest, if I couldn’t keep myself from taking a look to a lost phone and I know it can be done, no matter what password are you using, I expect anyone would do the same and they might have other intentions, as stealing passwords.

I was looking for a way to avoid this if my phone is stolen or lost. Of course I use cerberus but I need a way to really be sure no one can extract my information. Of course I’m not thinking in NSA or USA Gov as we all know they already have access to all of this.

Like linux, Android support crypted filesystems natively. http://www.saout.de/misc/dm-crypt/ is used in order to crypt, decrypt and manage the volume.

Android encryption feature will crypt all user data in order to avoid anyone to access your storage unit without a password.

It’s important to note that if you want to disable this feature you’ll need to reset your phone and restore all your data.

System Performance

In a nexus4 I haven’t noticed any performance impact but when installing apps. Installing apps is a little slower process but in the general use the interface, apps loading and use is unnoticeable.

How to Enable Android Disk Encryption Feature

You can enabled Android disk encryption feature under Security settings.

Screenshot_2014-05-26-13-41-05

This process needs pin screen lock so it will ask you to set a pin. You cannot use face recognition unlock or leave unlocked the phone.

This pin will be used to crypt the password that will be used to crypt all the volume. Google decided so in order to avoid users to remember several passwords just to boot and unlock their phones, the problem is that a 4 digits password is quite easy to break using brute force so we’ll see how to change this password to improve security.

Once you’ve selected the encryption feature and configured the password the system will reboot itself and begin the crypting process. This process may be long, so be sure to be able to let the phone working and connected to the AC charger for an hour or so.

When completed, the phone will ask for the password when booting, when it asks for it, type your pin code previously selected.

Install Cryptfs Password app from the Play Store to help you to change the password. You’ll need to be root so this process can be done.

Screenshot_2014-05-30-16-46-12

Just introduce your pin and your new safe long password using alphanumeric characters and symbols, this way you’ll have a secure password to mount the crypted phone storage memory and a 4 digits pin to unlock the screen making a brute force attack much more difficult to carry out.

With this, not so popular, feature you can be sure your data won’t be stolen if you lose your phone.

I found information about this process and link to the app from nelenkov’s blog.

Advertisements

1 Comment »

  1. Reblogged this on oogenhand.

    Comment by oogenhand — May 30, 2014 @ 3:51 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: