An nice layer of protection for cases like this is to use app-specific encrypted containers. Our IOCipher library provides full protection including all the metadata (file names, sizes, etc). It just looks like one binary blob on disk. The app key can be wiped a lot quicker than the FDE key.
The latest versions of Android have some of these features built-in with the new File-Based Encryption. That doesn't protect all the metadata though. https://source.android.com/security/encryption/file-based .hc Peter Prockers via guardian-dev: > Like any full disk encryption for linux and also android can only be really > effective if the device is shutdown. This is because: > > - the disk encryption key is in RAM and can be extracted from there (see > cold boot attack - while I haven't heard about cold boot attacks against > android, it's better to be careful since an attacker could just keep the > android connected to power and shielded from any internet and it would > never shut down > > - the bootup disk encryption password is probably a lot longer and more > complex than any lockscreen password for reasons of practicality > > Before an Android is taken away there might be enough time for an emergency > procedure. > > - For example a very long press of some physical key such as the off key > could result of the disk encryption masterkey (luks header) being wiped and > the device shut down. That would make any attempts to extract the key from > RAM as well as brute force attacks against the disk encryption futile. Of > course some safeguards against accidental wipe would be nice such as being > able to abort the procedure by having a configurable timeout of a few > seconds to enter a PIN which aborts. > > - If one is forced to reveal an unlock PIN, one could reveal a PIN which > actually wipes the encryption masterkey (luks header) and shuts the device > down. > > - A voice command for triggering the emergency procedure. > > > > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] > -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
