What encryption mode is your phone in?
Researchers at Johns Hopkins University recently initiated a detailed study on Android and Apple device encryption and you’re not going to like what they found.
Unfortunately these researchers found that both types of phones (Android and Apple) have two different encryption modes, and if your phone isn’t in the more protected mode it’s going to be much easier for others to access your protected data without your permission.
For example with Apple phones, when an iPhone is off and boots up then device is in a state Apple refers to as “complete protection”. In this mode your data is still protected because you have not authenticated your phone yet.
Unfortunately though, researchers found that once you unlock your phone it changes to an “after first unlock” state. Android phones also work in a similar way.
This secondary encryption state is much easier for law enforcement or others to bypass to access your private data because your encryption keys are no longer stored deep within the operating system, but instead these keys are stored in quick access memory, even if the phone is locked.
As anyone who uses a phone knows, you keep your phone in this less protected encryption state all the time when you use it. Almost nobody keeps their phone completely off when they carry it, then boot it up to use it. Obviously if your phone is completely off you can’t receive phone calls or notifications.
For most situations if a criminal stole your phone your data would be protected, but law enforcement and governments have access to specialized tools that can allow them to access your data in this less protected state.
So what can you do? If you use an Android or Apple phone consider switching it off completely if you feel it’s about to be stolen or if you’re entering an area where your phone could be taken away. Your phone will be in a higher state of encryption where it’s less likely even the most sophisticated government tools can’t access your data.
Also consider setting a long pass phrase for Android or iOS. Many of these sophisticated tools governments use to access locked devices start by trying to guess your password. If you use a 4 or 6 digit numeric pass code it’s likely to be guessed.
You can also set your device to automatically erase if a certain number of password attempts fail, but if you do choose to use this mode and you have young children use caution (for obvious reasons).
Learn more about the details of the University encryption study by reading this great article from Wired.