Edit: Just to be clear, I own a Nexus 5 and Nexus 7, so I am interested in KitKat.
Just as a preface I will post links:
http://source.android.com/devices/tech/encryption/index.html
https://source.android.com/devices/tech/encryption/android_crypto_implementation.html
If you notice in the first link, they have removed all sub-links. Using the wonderful power of Google, I did find the second link, but I think it must be out of date (which is why that link was removed from the first link).
While I cannot confirm this, I have read that prior to 4.2, external (public) storage in Android was /mnt/sdcard/ (if you are not familiar with the Android file system, "sdcard" refers to public storage that is internal...not necessarily an external sdcard), but this was just a symbolic link from the protected /data/ directory. At the time, Android only encrypted /data/, which was fine because the symbolic link would also encrypt any personal files in the public directory.
After 4.2, due to multiple profiles, the public storage was moved to /storage/emulated/legacy. That means if Android's "full disk encryption" only encrypted /data...then any sensitive data in the public directories is not encrypted (this could be downloads from work, private photos, etc).
I am wondering if anyone has found any documentation from Google discussing their current encryption scheme. I just feel they would not leave such a glaring oversight in their encryption scheme unaddressed.
Just as a preface I will post links:
http://source.android.com/devices/tech/encryption/index.html
https://source.android.com/devices/tech/encryption/android_crypto_implementation.html
If you notice in the first link, they have removed all sub-links. Using the wonderful power of Google, I did find the second link, but I think it must be out of date (which is why that link was removed from the first link).
While I cannot confirm this, I have read that prior to 4.2, external (public) storage in Android was /mnt/sdcard/ (if you are not familiar with the Android file system, "sdcard" refers to public storage that is internal...not necessarily an external sdcard), but this was just a symbolic link from the protected /data/ directory. At the time, Android only encrypted /data/, which was fine because the symbolic link would also encrypt any personal files in the public directory.
After 4.2, due to multiple profiles, the public storage was moved to /storage/emulated/legacy. That means if Android's "full disk encryption" only encrypted /data...then any sensitive data in the public directories is not encrypted (this could be downloads from work, private photos, etc).
I am wondering if anyone has found any documentation from Google discussing their current encryption scheme. I just feel they would not leave such a glaring oversight in their encryption scheme unaddressed.
Last edited:
Facebook
Twitter