back to article Google Apple grapple brings crypto cop block to Android

Google is set to build default encryption into its new Android fondleslabs in a bid to foil police forensics (and maybe to copy or catch up with Apple). The security enhancement, reported by the Washington Post, follows Apple's release of iOS 8, which introduced broader encryption, and will ensure Google-powered devices will …

  1. Anonymous Coward
    Unhappy

    All well and good...

    ...but what about all that data that is synch'd with iCloud / Gloogleland?

    Law: Let us have the data on the phone. We have a warrant

    Apple / Google, We can't...nah, nah, na, na, naaaaaah

    Law: Lets us have all the data in the iCloud. We have a warrant.

    Apple / Google: OK

    1. Anonymous Coward
      Anonymous Coward

      Re: All well and good...

      You're also overlooking three words in one of Apple's statements. They said:

      So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.

      Meaning that if the Government have the phone, Apple can't get the data off... But if the phone is still in the possession of the owner, then it is - presumably - completely technically feasible to slurp anything off it by pushing something to the phone and have it run once unlocked.

      This statement by Apple has large amounts of smoke-and-mirrors involved..."Never will" give access to their servers? Complete and utter rubbish and/or complete and utter misdirection - why would Government want access to a server any way? They want access to the data on it. If Apple clone a hard disk and hand it over to the Government... hey, they've not given access to the server!

      1. VinceH

        Re: All well and good...

        >"So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."

        "Meaning that if the Government have the phone, Apple can't get the data off... But if the phone is still in the possession of the owner, then it is - presumably - completely technically feasible to slurp anything off it by pushing something to the phone and have it run once unlocked."

        You're overthinking it. The answer is more likely just as Lost all faith said. In all likelihood the statement specifically refers to devices in their possession because the same data in Apple's iCloud can be provided if a warrant requests it. Which, as you rightly point out, isn't the same as having access to the servers, so they can deny that as well.

        Therefore, Apple are saying to fanbois everywhere, "Take off those tinfoil hats. They don't look trendy, hip, cool or, least of all, beautiful, and we'd rather not have our phones seen in public with people wearing such garments." Or something.

        1. big_D Silver badge

          Re: All well and good...

          Try having a look at the transcript from Security Now from March this year, covering how iOS 7 already does this - and how it is also encrypted in the cloud.

          https://www.grc.com/sn/sn-446-notes.pdf

          Apple did very well, apart from storing the key-chain, which uses the NIST elliptic curve encryption:

          But... this is the ONLY reference to Apple use of the NIST P-256 elliptic curve... and both Dan Bernstein and Bruce Schneier now declare ANY use of the NSA / NIST curves unsafe.

      2. NoneSuch

        Re: All well and good...

        And what is this encryption? Let's have the tech specs and we'll decide if it is secure.

        BTW, you don't have to bypass the key phrase if you copy it on entry.

  2. Fazal Majid

    "Google-powered devices will be equally attractive to those who value their privacy."

    Google is the #1 threat to privacy, even ahead of the NSA. No one who values their privacy uses their services. The single greatest feature in iOS 8 is DuckDuckGo as a search engine option.

    1. Martin 47

      Out of curiosity, does it also have ixquick?

      1. Fred Flintstone Gold badge

        Out of curiosity, does it also have ixquick?

        Nope, and no sign of startpage.com either..

    2. Badvok

      This isn't about cloud services, it is about data that is solely on the device. Encrypted data is not available to Google unless you explicitly give it to them by using their off-device services.

      Also perhaps worth noting that Android has supported full encryption of all user data on the device since version 3.0.

  3. Anonymous Coward
    Anonymous Coward

    And

    we believe them because?

  4. Anonymous Coward
    Anonymous Coward

    Blame Your Friendless Miscreant?

    If there were no idiot tendency terrorist types ready to try to blow anyone and everyone to bits there would be no need for any data tracking activity, but sadly this is not the case. Even more sad many of the sados succeed in killing.

    I am not thinking just the Middle East variety of sad sick crud, there have been too many others, Baader Meinhof, the Angry Brigade, Timothy Mcveigh you might even add in the Westboro Baptists while you are at along with far, far too many other space and asset wasters. We can all make our own lists of those whose desire is not to improve the lot of anyone or anything by their wanton killing.

    I am sure that these headlines about such product developments keep devices selling well, that is the intention after all. Frankly any security department that deep tracks those with no relationship to the would be killers is plain stupid. A moment's thought by them as much as by anyone else should show this to be true. Perhaps by not sending images by email, not using any of these 'no value to me devices' I will stand out as a-typical. if that's the case so be it but my profile will be as boring as hell anyway. The Google machine will have a thin time going through my e-mail as I do not use Google mail, but then I do not need a 'free' e-mail service paid for by the association of adverts with supposed interests.

    I use Google search since it is the only one that can locate anything useful. Other so called search engines simply list second rate alternative search lists sending me nuts going through endless no hope layers of results, what I call the 'don't-find-em-factor'. We are at least free to make our own choices - for the moment. If you find your needs satisfied by alternatives great for you. I am sure Rupert Murdock will be pleased for you, he is the one who ran 'hackers to go' and does not configure his web sites correctly! But, heck if you fall for his line, you really will fall for anything.

    Just a little balance and proportionality might be useful

    1. Anonymous Coward
      Anonymous Coward

      Re: Blame Your Friendless Miscreant?

      Interesting, at least four do not value their freedom to chose a functional search engine or device. Nor do they value the chance that they might be free from the risk of being blown apart. Perhaps by someone who feels their desire to kill trumps all other issues.

      Interesting, very interesting, I guess they all live in some sort of walled garden where nothing nasty can ever happen, please where is this la - la land?

      1. Fred Flintstone Gold badge

        Re: Blame Your Friendless Miscreant?

        Interesting, at least four do not value their freedom to chose a functional search engine or device. Nor do they value the chance that they might be free from the risk of being blown apart. Perhaps by someone who feels their desire to kill trumps all other issues.

        Interesting, very interesting, I guess they all live in some sort of walled garden where nothing nasty can ever happen, please where is this la - la land?

        No, you're seeing a natural reaction to governments pushing things too far re. privacy. No sensible person would get in the way of law enforcement doing its job, but they very well object to having their trust abused by overreaching grabs of data that has zip relevance to urgent threats, and with abuses hiding behind an abuse of "national security" veils. Abuse of power comes at a price, and people can only accept being lied to for so long.

      2. Tom 35

        Re: Blame Your Friendless Miscreant?

        Do your spy friends have a way to stop me slipping in the bath tub, getting hit by some ahole in an SUV, choking on my food, getting a hart attack or cancer, and a long list of other stuff that are all far more likely than getting blown up by a loony? Like a thousand times more likely!

        Can you stop wasting money trying to make people paranoid so you can pass your latest spy laws?

        Stop pretending it's all "to make us safe"?

  5. Anonymous Coward
    Anonymous Coward

    Errm, Android has had on device encryption since 2012

    The only thing that's changing is it's defaulting to ON in the next Android version.

    If anyone cares now, they only have to go into the settings and enable it. It's also very efficient, with no slowdown whatsoever (unlike Apple's encryption).

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Errm, Android has had on device encryption since 2012

      And Android uses your own PIN so Google don't have access to the keys either?

    3. DropBear
      Joke

      Re: Errm, Android has had on device encryption since 2012

      ...of course, don't forget to leave ADB enabled, just to be sure...

    4. Anonymous Coward
      Anonymous Coward

      Re: Errm, Android has had on device encryption since 2012

      It's also very efficient, with no slowdown whatsoever (unlike Apple's encryption)

      Funny, I have as yet to notice any slowdown because of crypto on any of my devices, and I have been running OSX with it both enabled and switched off. On OSX I can extend that crypto to external USB drives which will transparently work on my machine, but will be inaccessible on any other machine unless an access password is provided.

      1. tom dial Silver badge

        Re: Errm, Android has had on device encryption since 2012

        OSX on a machine having a multi-core processor with cryptographic exensions, perhaps? That would not be very comparable to older ARM based devices.

  6. thomas k.

    Of no use to me personally

    While I'm glad people who need it will/do have the option, it's of no real use to me since I basically just use my devices for music players. I don't want to waste CPU cycles and battery life with encryption on my music folder.

  7. Anonymous Coward
    Anonymous Coward

    OK, so what about those apps that demand access to my media content? Damn the NSA crap, tell the app makers to tone down on permissions!!!

  8. JeffyPoooh
    Pint

    Size of Key Space?

    If the data is protected and encrypted with a code derived from the PIN, then the key space isn't very big. Grab some encrypted data (unsoldering flash chips if required) and run it through 10,000 (4 digit) or 1,000,000 (6 digit) possible keys and look for correlation with expected data. Hours or days?

    What am I missing this time?

    1. Badvok

      Re: Size of Key Space?

      "What am I missing this time?"

      The PIN is simply the passphrase to unlock the actual key. I assume you're not familiar with using secure keys.

      1. JeffyPoooh
        Pint

        Re: Size of Key Space?

        "The PIN is simply the passphrase to unlock the actual key."

        Okay, so it becomes two nested loops.

        Taking this one step in the opposite direction so you'll hopefully see what's going on... What if the PIN code itself was protected behind a dialog box where the hacker was forced to Press Any Key before the PIN was revealed? Get it?

        If you have a 4096-bit key locked behind a. 4-digit PIN, then the ultimate code space is 10,000. This is extremely basic entropy. Guess the PIN and you're in.

        Do I really need to draw you a 12-box flow chart of the cracking algorithm?

        Note: I already mentioned unsoldering the flash chips if necessary. The cracker must control the attached processor.

  9. big_D Silver badge

    Technically

    the technology was brought in with iOS 7 and the iPhone 5S. What iOS 8 does is just a refinement.

  10. Irongut

    RIPA

    Cop: "Give me the PIN to your iPhone."

    Job done.

    Another smoke and mirrors PR announcement from Apple.

    1. Anonymous Coward
      Anonymous Coward

      Re: RIPA

      To complete the story.

      Cop: Give me the PIN.

      Person: No

      Cop: You are under arrest for terrorism, or worse, copyright theft.

  11. Anonymous Coward
    Anonymous Coward

    has anyone

    Irongut triggered a thought that is a little off-topic - what if the phone has two PIN's - one for your everyday use, and another PIN that unlocks the phone into a sanitized view, with its own contacts list and SMS, etc? The cops would never know. Also logging in with the "cop mode" PIN could initiate a wipe of the data on the other partition, sort of like a self-destruct or like the silent alarm at a bank?

    1. Anonymous Coward
      Anonymous Coward

      Re: has anyone

      That could also work on iPhones - use a different finger.

      The problem with that is that it requires a rather cool head. It's the same idea as SOS PINs for ATMs, which chiefly were never implemented because banks didn't want the liability, but there was also a study somewhere the showed that people under stress cannot recall that second PIN because they never use it.

      The idea is logically sound, but human nature gets in the way.

    2. Anonymous Coward
      Anonymous Coward

      Re: has anyone - waaay ahead of you

      I have an Iphone-lookalike "app" on my Android phone. The lockscreen allows access to the Iphone app .

      Unless plod knows the difference - he sees an Iphone screen, complete with dummy apps including fake contacts and SMS's etc. Nothing to see here - move along please.....

  12. Mike Shepherd
    Meh

    Nothing to fear

    If you have no left-wing notions to hide, you have nothing to fear.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021