The security of personal data on Android running years behind that of Apple’s iOS. Even major improvements in the latest version of Android are still not enough to be in the vicinity of the security of the iPhone.
That concludes Matthew Green, a renowned encryptieonderzoeker who teaches at the American Johns Hopkins University, after his research into encryption on both platforms.
Encryption means that data, such as login credentials, photos, and documents, not accessible to everyone. With a locked smartphone, you can usually only the personal data if you have the right pin.
does not bode well
Green says that Android in 2016 still seem to have the same level of security as Apple is already six years ago had. “And they get not even that good,” says Green. “That does not bode well for the security of Android users in the long term.”
It is not the first time that Google to receive criticism on the encryption of Android. Previously, said Chris Soghoian, the principal technologist of the American Civil Liberties Union, that Google people in disadvantage who don’t have money for an expensive iPhone to buy: “Apple sells luxury goods, and Google give services away for free in exchange for access to data.”
The difference in encryption
Both operating systems for many years the use of encryption to keep files secure. Apple introduced encryption in 2010 with iOS 4, Google added the feature in 2011 with Android 3.0. Only in 2014 was encryption when both platforms are enabled by default: with Android 5.0 Lollipop and iOS 8.
The difference between the security of iOS and Android lies in the way the encryption is applied. On Android, by default, the entire device is encrypted, a practice that is popular in computers and external hard drives. Apple encrypts data per file.
With both forms uses a cryptographic key to access files. The key can only be used if you have the correct pin.
The difference in keys
Green is of the opinion that it is encrypting the whole device is much less secure. There is only one key to access all of the files, and that is constant in the working memory are retained. Otherwise, Android users can have their unit will not be able to use once they get their pin.
Apple encrypts per file that a lot of derived keys are created. With a key you can’t get access to the entire device, but only a few files. As soon as the phone locks, the key in most cases, also from the ram removed.
That is according to Green a very safe method, because the key is not all the time in the memory is stored and the key only gives access to specific files.
Half-implementation
The latest version of Android, Nougat, performs according to Green important improvements, because Google also per-file encryption. But also the keys, in contrast to iOS, always in the memory preserved. He calls that a “half-implementation” of encryption.
What does this mean for you?
In a broad sense, this means that iPhone users are safer than Android owners. That is mainly because attackers on Android, easier to access, for example, login information, messages and pictures.
As an Android user you can do a few steps to better yourself to protect. First of all: don’t install apps outside of Google Play. A large part of the malware is installed because users are on an illegal way paid apps want to install.
Also, the encryption becomes stronger if you have a longer pin take, for example, of six figures. Question in addition to the manufacturer of your phone for new updates, for example, Android Nougat. This version of Android is significantly more secure than previous versions.
More on rtlz.nl:
How encryption of moeilijkdoenerij turned into a hip trend
Crypto Wars 2.0: the battle between governments and encryption
No comments:
Post a Comment