Android N makes it easy to work with encryption
Android authors continue to take steps towards users who care about the privacy of their data and use encryption. Recently, we wrote about the Google initiative, according to which the company strongly recommends that smartphone manufacturers include setting up data encryption on the device by default. This setting refers to the function Full Disk Encryption (FDE), i.e., full data encryption on the device, which appeared in Android 5.
Yesterday, Google introduced a preliminary Developer Preview version of Android N, in which the authors demonstrated the Direct Boot mechanism. It speeds up the loading of the device with the encryption function enabled and does not require additional input of the PIN code after the device is rebooted for the initial decryption of data on the smartphone. Current Android versions require the user to enter a PIN immediately after rebooting an encrypted device, and then do it again to unlock it.
')
developer.android.com/preview/api-overview.html#direct_boot
The operation of additionally entering the PIN code on the encrypted device immediately after its reboot complicated the life of the user, because at this stage the services had not yet been started on the device, and it itself did not display any notifications and was unable to receive calls. If, during the absence of the user, the encrypted device performs an unplanned reboot, it will not be able to hear the alarm or receive any notifications until it has entered the PIN code. Since the cipher for the files is formed on the basis of the PIN code, and Android uses encryption of the entire disk, it cannot even read the system files without knowing the code. This situation is eliminated by the Direct Boot feature, which makes this process automatic and similar to new iOS releases.
Direct Boot takes advantage of two data stores with encrypted data, one called the device-encrypted store and the other credential-encrypted store . The first repository includes data from Android system files and applications, and everything else to the second. The second storage becomes available only after unlocking the device.
Yesterday, Google introduced a preliminary Developer Preview version of Android N, in which the authors demonstrated the Direct Boot mechanism. It speeds up the loading of the device with the encryption function enabled and does not require additional input of the PIN code after the device is rebooted for the initial decryption of data on the smartphone. Current Android versions require the user to enter a PIN immediately after rebooting an encrypted device, and then do it again to unlock it.
')
Allows you to start the bootloader reboot. For example, if an unencrypted device reboots it? This can also be available immediately after a restart .
developer.android.com/preview/api-overview.html#direct_boot
The operation of additionally entering the PIN code on the encrypted device immediately after its reboot complicated the life of the user, because at this stage the services had not yet been started on the device, and it itself did not display any notifications and was unable to receive calls. If, during the absence of the user, the encrypted device performs an unplanned reboot, it will not be able to hear the alarm or receive any notifications until it has entered the PIN code. Since the cipher for the files is formed on the basis of the PIN code, and Android uses encryption of the entire disk, it cannot even read the system files without knowing the code. This situation is eliminated by the Direct Boot feature, which makes this process automatic and similar to new iOS releases.
Direct boot graft for all system and app data. The system uses a device-encrypted data store. By default, it is used for all other data, user data, apps, and app data.
Direct Boot takes advantage of two data stores with encrypted data, one called the device-encrypted store and the other credential-encrypted store . The first repository includes data from Android system files and applications, and everything else to the second. The second storage becomes available only after unlocking the device.
Source: https://habr.com/ru/post/278989/
All Articles