User: Password:
|
|
Subscribe / Log in / New account

Guardian: Better privacy and security for Android

Guardian: Better privacy and security for Android

Posted May 12, 2011 16:28 UTC (Thu) by RogerOdle (subscriber, #60791)
Parent article: Guardian: Better privacy and security for Android

"are a step backward when it comes to security, privacy, and anonymity: by default, the user's files on an Android smartphone are not encrypted, instant messaging communication can be sniffed, and web browsing is not anonymous."

Just so we don't cause widespread panic. This is not a step backward but a step forward. All major operating system in use operate in this unsafe way in their default configurations. Even encrypted hard drives for laptops tends to be the exception rather than the rule. This is because speed sells. Most end users believe their systems are secure up until the moment their system displays a security violation message.

If all systems were encrypted then the public would be conditioned to accept that level of performance. Only some clever people out there would sell acceleration kits for these platforms that remove the encryption.

Mobile devices have an advantage here in that the end user does not expect the level of performance that the laptop or desktop systems have. So if these are slowed down by security measures then the user may not notice or care. But young people will care if they can't play the latest video game because the files can not be read from the file system at a fast enough rate.

It would be better if security sensitive data would be stored in a separate device or partition from main storage. Encryption works worst when the contents contain repetitive patterns as you may find in media files that contain frames of data. Encryption works best when the contents of the encrypted material are not known. You should use encryption sparingly by only encrypting what is important.

Be smart with your mobile devices and always assume that they are insecure and can not be secured. Do not rely on encryption for security. Do not use your cell phone to make Internet purchases when you can do the same thing with your desktop computer.


(Log in to post comments)

Guardian: Better privacy and security for Android

Posted May 16, 2011 12:51 UTC (Mon) by cesarb (subscriber, #6266) [Link]

> Encryption works worst when the contents contain repetitive patterns as you may find in media files that contain frames of data.

If the encryption system you are using is vulnerable to known plaintext or repetitive patterns, it is not a good encryption system.

Guardian: Better privacy and security for Android

Posted May 16, 2011 18:31 UTC (Mon) by dlang (subscriber, #313) [Link]

not to mention the fact that almost all media files are compressed, specifically to remove the repetitive patterns.

and most encryption software compresses the data to be encrypted as well

Guardian: Better privacy and security for Android

Posted May 24, 2011 12:10 UTC (Tue) by robbe (subscriber, #16131) [Link]

I think RogerOdle was referring to the framing given by the container format, which has high regularity. Of course this applies as well to your soopersekrit.odt office document. Known plaintext is a fact of life, even choosen plaintext attacks are to be expected in this context.

Full-disk encryption does not usually compress.

Encrypting only "valuable" data is not a good solution IMO.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds