Encryption on the Android

Background

Beginning with Android version 2.3.4, which is nicknamed “Gingerbread,” Android smartphones began to natively support device-level encryption. Among the first devices to take advantage of this additional layer of security were the Droid Bionic and the Samsung Galaxy S II. In addition, Google’s tablet operating system, Android 3.0, nicknamed “Honeycomb,” also includes native support for device-level encryption. However, according to a May 2011 article by InfoWorld, about 99.7 percent of the Android devices still run a version of Android that is 2.3.3 or older, meaning they don’t have device-level encryption.

Device Encryption

Device-based encryption uses a file-based encryption filter that locks the user’s device using a personal identification number (PIN), which prevents the device from being used unless the PIN is entered. Many companies require smartphones being used by employees to have device-level encryption in order to connect to the Microsoft Exchange Server and access corporate data, such as email, calendar and contacts. The lack of device encryption in earlier versions of Android made some information technology organizations wary of allowing employees to use Android phones or tablets, according to a January 2011 Ars Technica article.

Software Encryption

While device encryption is missing on older versions of the OS, Android 2.2 supported software-level encryption, according to an October 2010 article by Network World. This meant that data used by software applications installed on the device were protected. However, software level encryption is “less of a roadblock” to potential hackers than device encryption, Tim Armstrong, a Kaspersky Lab researcher, told Network World.

Older Versions

Owners of devices that run older versions of Android can consider installing a third-party software application that offers the more secure device encryption. In March 2011, software company Whisper Systems released an application called WhisperCore, which provides full disk encryption for data stored on Android devices, according to a CNET article. The app makes it possible for the user to set a passphrase, which creates a key that protects the data saved on the device, CNET reported.

Considerations

In a June 2011 report, antivirus software company Symantec found that older versions of Android, specifically those earlier than Android 2.3.4 for smartphones and 3.0 for tablets, use only an “isolation model” rather than hardware encryption to protect devices. This means that applications are isolated from the Android kernel, the main component of the operating system. If a person steals such an Android device or its secure digital (SD) card, they could steal much of the data stored on the device, according to Symantec.