Thursday, Jul 02, 2020 | Last Update : 12:29 PM IST

100th Day Of Lockdown

Maharashtra180298931548053 Tamil Nadu94049529261264 Delhi89802599922803 Gujarat33318240381869 Uttar Pradesh2405616629718 West Bengal1917012528683 Rajasthan1831214574421 Telangana173578082267 Karnataka165148065253 Andhra Pradesh152526988193 Haryana1494110499240 Madhya Pradesh1386110655581 Bihar10204781173 Assam8956583212 Jammu and Kashmir76954856105 Odisha7316535333 Punjab56683989149 Kerala4594243626 Uttarakhand2791190937 Chhatisgarh2339193713 Jharkhand2339160512 Tripura140110931 Manipur12605790 Goa11984783 Himachal Pradesh9796179 Puducherry73930112 Nagaland5351820 Chandigarh4463676 Arunachal Pradesh182601 Mizoram1601230 Sikkim88490 Meghalaya50421
  Technology   In Other news  01 Dec 2016  Android security is six years behind iOS: Expert

Android security is six years behind iOS: Expert

THE ASIAN AGE
Published : Dec 1, 2016, 10:35 am IST
Updated : Dec 1, 2016, 10:42 am IST

Android has taken on the same encryption solution as PCs, which makes it vulnerable.

The Android Nougat comes with two protection classes: credential encrypted storage and device encrypted storage.
 The Android Nougat comes with two protection classes: credential encrypted storage and device encrypted storage.

Millions of Google accounts have reportedly been breached by exploiting an unpatched vulnerability within Google’s operating system for smartphone —Android.

At this stage, security researchers claim that Android’s encryption is still not in par to Apple’s iOS.

 

According to cryptography professor at Johns Hopkins University, Matthew Green, Android has taken on the same encryption solution as PCs, which makes it vulnerable because unlike the PCs smartphones are not encouraged to shut down, so the cryptographic keys remain in RAM most of the time.

“Since phone batteries live for a day or more (a long time compared to laptops) encryption doesn’t really offer much to protect you against an attacker who gets their hands on your phone during this time,” explains Green.

Apple, on the other hand, takes a different approach that offers better protection. With iOS 4, the company rolled out the ‘data protection’ feature that encrypts all the data stored on the smartphone.

While Android uses full-disk encryption (FED), Apple has a file based encryption that encrypts each file individually. This was possible once Apple provided an API developers can use to specify which class key to use in encrypting any given file.

Apple’s iOS offers different classes of protections such as: complete protection, protected until first user authentication, and no protection. There's also a fourth protection for apps that need to create new encrypted files when the class key has been evicted from RAM.

It is also safe to take pictures while the smartphone is locked, thanks to the new class created by the Apple team that uses public key encryption to write new files.

Google is planning to roll out a similar security system with its Android 7.0 Nougat. The Android Nougat comes with two protection classes: credential encrypted storage and device encrypted storage. These new protection classes are part of a newly designed system known as the Direct Boot that allows the device to access some data before the user enters the passcode.

Matthew Green says that the problem is not in the cryptography, but the fact that “Google is not giving developers proper guidance, the company may be locking Android into years of insecurity.”

Tags: android, ios, encryption