Brick, did you ever get a response on any of these questions?
On Apr 20, 5:22 am, "[email protected]" <[email protected]> wrote: > Hi, > I have just been asked by a colleague to answer some security > questions on Android and I wonder if I can get some quick help? > > Here they are, apologies if these are too basic and covered > elsewhere...I haven't had a thorough look but couldn't see answers... > > 1. Does Android support full device encryption and its complementary > function full disk erasure? If not, do people feel this is feasible > on a bespoke build? Would it have too great a performance impact on > the device? > > 2. Can crypto keys be stored securely on the device (at rest) in a > secure store? Can the keys to the store be introduced from an external > interface during boot time? Smartcard or MicroSD, etc > > 3. When the OS is running can the keys be protected or are they left > clear in working memory? > > 4. If I wish to work via a browser to minimise data held on the > device, can the working memory of the browser be securely encrypted > (and again are the keys capable of being secured)? > > 5. Can I intercept the boot sequence so that during the hard reset > process I may intercept the device and perform a secure erasure before > loading the OS at its default state? > > 6. I am making an assumption that the UI is completely > configurable...I can remove any applications that may be used to load > or remove threats to the device? > > I am sure that if I want to lookup encryption algorithms available > that these are all defined somewhere on this site... > > I know that these are quite simple questions but understanding a > little of these will allow me to discuss the merits of Android devices > over the iPhone, Win Mobile, etc. > > Kind Regards, > Brick
