Androud full disk encryption: when do?

I often read internet articles which says that encrypt android device is a good thing to do. Sometimes they say it is a must.

But they mostly never say in which cases this helps and which it can not. But, actually, this must the question number 1.

It is completely clear that if somebody somehow found the password - encryption does not help.
On the other hand if he/she do not know you password how encryption can differ?

And the good answer sounds like this:

The attacker may be able to access the built-in flash memory without booting the device. Perhaps through a software attack (can the device be tricked into booting from the SD card? Is a debug port left open?); perhaps through a hardware attack (you postulate a thief with a lead pipe, I postulate a thief with a soldering iron).
Another use case for full-disk encryption is when the attacker does not have the password yet. The password serves to unlock a unique key which can't be brute-forced. If the thief unwittingly lets the device connect to the network before unlocking it, and you have noticed the theft, you may be able to trigger a fast remote wipe — just wipe the key, no need to wipe the whole device. (I know this feature exists on recent iPhones and Blackberries; presumably it also exists or will soon exist on Android devices with full-disk encryption.)


Do you think somebody will apply described attack against you?

No comments:

Post a Comment