Basics of Smartphone Encryption
The legal battle between Apple and the Federal Bureau of Investigation (FBI) has hit some headlines lately, and has certainly got people talking about individual privacy, national secrecy, and of course, mobile encryption. As for that last one -- mobile encryption -- not all mobile users actually know what is and what is not encrypted on their mobile devices. Hence, we created a post to provide a primer on that subject.
The Idea of Encryption
Any data can be protected with the use of encryption technology, whether it be information stored in a computer, a laptop, an electronic device, and of course, a smartphone or tablet. The type of data could be encompass anything, including files, email messages, pictures, multimedia (video, audio, games), and even text conversations. What encryption technology does is store that information into a format that is unreadable by people or computers without a key to unlock it. Examples of keys include PIN codes and fingerprint verification, among many others, or even a combination of two or more types of keys (PIN + fingerprint).
The Scope of Encryption
Data stored locally in your smartphone is normally encrypted. But things get a little trickier depending on how you manage your data. For example, those who sync their handsets with cloud services probably have data backed up on the cloud service provider’s servers, and from there, whether the information stored on those servers is encrypted or not totally depends on the service provider. As recent high profile breaches have proved, having your data stored on server is not always 100 percent safe.
As for the mode of encryption, it may depend on your mobile device and on the mobile operating system you are using.
With the release of iOS 8 in 2014, Apple started encrypting iOS mobile devices. Before, iOS users were able to set a PIN or passcode for protection, but the data can still be accessed by law enforcement if there is a valid warrant. But with iOS 8 and newer versions of the OS, Apple no longer has the means to bypass an iOS device’s lock screen and gain access to the information stored inside.
What about Apple’s iCloud? According to the company’s Legal Process Guidelines, iCloud backup data are encrypted on Apple’s servers, but unlike information stored on mobile devices (with at least iOS 8), Apple can gain access to that data.
With Android, everything is even more complicated. This is because every manufacturer of Android devices use different hardware components that sometimes require different software and encryption configurations and backup services. Some configurations can be deemed stronger (encryption wise), while others may be more vulnerable (but it may still be a case to case basis thing). With the release of Android 5.0 Lollipop in 2014, encryption is activated by default, but phone makers did not have to turn on the encryption feature. Besides Google did not require it, and some phone makers claimed it was affecting the performance of their products. But by 2015 when Google released Android 6.0 Marshmallow, the tech giant started requiring manufacturers to activate encryption by default, save for a few exceptions (i.e. some entry level Android devices). When an Android device is encrypted, it is protected by a password, PIN, or fingerprint. But since Android phone makers are fond of customizing their product configurations, some of Android’s encryption features may be compromised in various degrees.