Hacker News new | ask | show | jobs
by rightos 3174 days ago
There's also a relatively low attack value and attack surface for encrypted Android phones vs encrypted iPhones. Everyone who runs an iPhone has it encrypted, while relatively few people running Android devices have them encrypted. In terms of attack surface, the SecureEnclave has many APIs, some of which have had vulnerabilities in the past and it's quite possible to envision a scenario in which others were found and they're able to dump keys from it. It's also quite common on iOS to have weak PINs and similar low security measures, even just bypassing the mitigations against bruteforce attacks could allow them in to a huge number of device. On the other hand, people turning on disk encryption on Android are likely paranoid people who'll set giant passwords. So in terms of a numbers game, even a more basic exploit against iOS would look much more valuable.

In the Android case, often times you need to power off the device to really be protected as the key is just sitting in RAM. But if you've got a powered off Android device that's been encrypted, chances are you have a good challenge on your hands - there's nothing but the encrypted data on disk to work with unless you were to go to an active attack.
1 comments
2close4comfort 3174 days ago
Also encryption by default and much larger user base mean there is more focus on iOS than Android (like the old windows versus mac virus argument) the difference I see is that you are much more likely to get compromised by an application on Android than iOS. And since Google has been very friendly with the USG I would find it much more likely that Enclave or not that it will be NSA weakened crypto that will be the demise of your Android rather than exotic exploits of your wifi. And if your paranoid you carry a Nokia 7715 and extra SIMs or you back something Debian based like Purism.
link
rightos 3174 days ago
> weakened crypto that will be the demise of your Android rather than exotic exploits of your wifi.

I don't think there's any truth to this - if the crypto were weakened you'd see it broken by that quite quickly - but it's quite strong and follows well accepted stands in the cryptography community, have a look yourself if you like. It's using dm-crypt and dm-crypt is fairly heavily tested and reviewed. Debian and likely Purism use the exact same, so certainly wouldn't be any better in that way.

link