Sign in / up

back to article Google publishes crypto mandate for Android 6.0

Google's put the issue of mandatory Android encryption back on the table, publishing a compatibility document that mandates it (with caveats) in Android 6.0 Marshmallow. First noticed by Android Police, the Android Compatibility Definition seeks to mandate that devices with enough memory and processor power encrypt both …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. ratfox
    Paris Hilton

    What power does this have?

    What happens if Sony or Amazon make a phone and load it with Android software that doesn't encrypt the phone by default, or not at all?

    Google has the power to kick people out of their Open Handset Alliance if they make incompatible devices, and that's how they stopped Acer from selling a phone with Aliyun OS. Would this work the same?

    …What happens to Huawei if China makes it illegal to sell phones that are encrypted by default?

    1 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: What power does this have?

      There's a get out clause that you don't have to support it if the device doesn't have hardware encryption. So Huawei can just use a SoC that doesn't have the hardware.

      So Android is coming closer to catching up to where Apple was in 2009 in having mandatory encryption on every single device (just had to throw that in for all the Apple haters who like to claim that iPhones are so far behind Android in every way)

      6 6 Reply
    2. MrWibble
      Reply Icon

      Re: What power does this have?

      Every devices has to pass google's test before it gets access to the play store, gmail, etc. So if the OEMs don't encrypt, they won't pass, and therefore won't get the google apps.

      1 0 Reply
      1. dotdavid
        Reply Icon

        Re: What power does this have?

        "if the OEMs don't encrypt, they won't pass"

        Or they just set the low memory flag.

        "Yeah our new 3GB flagship is a low memory device, er, we have lots of apps installed by default y'see..."

        0 0 Reply
    3. NoneSuch Silver badge
      Reply Icon
      Big Brother

      AES 256

      The officially approved encryption method of the US government. Said to be so secure the NSA can't read it, so please feel confident to use it for all your communications. Ignore all those Diffie-Helman attack vectors and routine reading of SSL / VPN traffic. AES 256 is secure.

      What could possibly go wrong?

      1 0 Reply
  2. Named coward

    encrypted with a default passphrase...what could go wrong?

    1 1 Reply
    1. Charles 9
      Reply Icon

      Well, if it's some randomly-generated thing just for the sake of having a key, then it wouldn't be so bad. Now, I'll agree if it's some predetermined default they use across an increasing number of Marshmallow phones, I'd be worried.

      0 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      The default passphrase isn't meant for security it is to allow the device to have encryption set so that it will be turned on as soon as the end user sets their passcode.

      0 0 Reply
  3. Malcolm 1

    How do I tell if my device supports hardware AES encryption?

    I have a Sony Xperia Z3 compact, but I can't find anywhere if it has the requisite hardware AES support enabled - anyone got any ideas?

    0 0 Reply

  4. This post has been deleted by its author

    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      You do know that's how TrueCrypt/VeraCrypt work, don't you? Anyway, if the thief has the phone, you're not gonna have a chance to scramble the data anyway. Not even a remote wipe through Device Manager is gonna work if they quickly throw the phone into Faraday shields before tearing into them.

      0 1 Reply
  5. phil dude
    Coat

    for all linux distributions....

    PLEASE have your package managers check how much space is available BEFORE filling up the filesystem.

    That includes YOU GOOGLE!!!!

    Moving on...

    P.

    0 0 Reply
  6. batfastad
    FAIL

    Honeypot

    This is awesome news. All the stuff on my device is encrypted. Let's get to work and download some applications!

    Thank you for downloading Really Simple Calculator App. This app needs access to:

    - Contacts

    - Messages

    - Call history

    - Location data

    - E-mail accounts

    - Cloud files

    - Pictures and media

    - Microphone

    - Camera

    - Browsing history

    ...

    3 0 Reply
    1. Charles 9
      Reply Icon

      Re: Honeypot

      You forget Marshmallow's new permission system. You get to say what's allowed and what's not. And even pre-Marshmallow apps can be tamed with App Ops.

      0 0 Reply
      1. batfastad
        Reply Icon

        Re: Honeypot

        Yes I do forget Marshmallow's new permission system, because I've not seen a device with it yet. Are there any devices running it that are available to buy from a shop today?

        1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like