Protecting your smartphone data
Apple recently made headlines by refusing to obey a court order to hack the iPhone of one of the San Bernardino, California shooters. Shortly thereafter, a number of tech executives expressed their support of Apple, including CEOs at Google and Twitter. No matter what side of the argument you fall on, it’s important to understand how smartphone encryption works and how it can be used to protect data.
What is encryption?
To put it simply, encrypting your data scrambles it so it’s not readable by anyone without your password. When you enter your password, the data is unscrambled and accessible to you, like normal. On most devices, adding a passcode and encrypting the data is two different steps. You can have a passcode without encrypting your device.
How does encryption work?
Your data is subject to different modes of encryption depending on which device you use. Since the most prevalent smartphones are iPhones and Android phones, let’s take a closer look at the encryption systems on those devices.
iPhones—If you don’t enable data protection manually on your device, or if you use apps that don’t utilize it, iPhones rely on basic iOS encryption to protect sensitive data. Every iOS device is now equipped with an Advanced Encryption Standard (AES) 256-bit crypto engine that sits between the flash storage and main system memory. Each iPhone also has a device-specific unique identifier (UID), which is a string of 40 letters and numbers not recorded anywhere other than that individual device. There is no software or firmware that can read UIDs directly, meaning applications can only see the results of encryption and decryption operations. Since the UID is burnt into the device’s silicon, it cannot be tampered with or bypassed.
Androids—Android devices are a little trickier when it comes to automatic data encryption. In 2014, Google attracted media attention by saying it would make full-device encryption mandatory for new devices running version 5.0. But then Google changed its stance to strongly recommend that Android device makers enable encryption, rather than actually require it. Google revised its policy again when Android 6.0 came out, mandating encryption for all devices except those that didn’t meet minimum crypto performance requirements.
Why would I need to encrypt my smartphone data?
These days, we keep all sorts of information about our lives in our smartphones so that they’re almost virtual diaries. Would you leave your diary open in a public place for just anyone to read? If not, why would you do the same with your smartphone? Smartphone owners use many apps that keep their accounts logged in, so if their devices are stolen, it’s incredibly easy for thieves to access their personal information. Adding a passcode and encrypting your smartphone’s contents adds an extra level of security that could mean the difference between experiencing a minor inconvenience and trying to reclaim your stolen identity.
How to enabling data protection
Even though smartphones automatically rely on basic encryption, users can manually update their settings to enable stronger levels of data protection. Please note that the Technology Service Desk is unable to assist with personally owned devices and any steps taken are done at the user’s own risk. If you require help with a University-owned device, please contact the Technology Service Desk at 278-5200 to request assistance.
iPhones—When data protection is enabled, your data is wound into a complicated key code hierarchy that utilizes the device’s UID, passcode, class key, file system key, and per-file key. Understanding the mechanics of all those keys is only really important if you’re a developer—users just need to know that their passcode is essential and must be protected. ZDNet has a handy walkthrough on setting up a passcode and data encryption in just one minute.
Androids—When it comes to Android phones, remember that encryption could slow your device’s performance and that the only way to disable encryption is to reset your phone to factory settings, which will erase all data stored on your phone. If you choose to enable encryption on an Android, know that it may take an hour or longer, depending on how much data is on your device. How-To Geek offers an easy walkthrough on encrypting Android devices.
Image by Flickr user Tony Webster | CC BY-SA