By David


2016-10-11 10:23:43 8 Comments

I found the explanation for Android M, how does it work now in Android N? Bonus question: is it right to say that the encryption in N is weaker than the one in M? Because the OS can now be started up without pin/pass, so maybe this could bring some advantages to an attacker?

1 comments

@beeshyams 2016-10-12 09:18:33

This doesn't address how encryption is done in Nougat but addresses your concern

Because the OS can now be started up without pin/pass, so maybe this could bring some advantages to an attacker?

The boot process is actually strengthened by strictly enforcing verified boot

As explained in Google is making it harder to root Android 7.0 Nougat,

Google wants to make its OS safer and to do that it has come up with features like verified boot to make sure that everything is working as it should be, and that no one — not even the intended user — can do something to change that and expose themselves to unnecessary risks.

What happens if your device fails the test on booting?

If your device fails the tests — Google gives a corrupt boot image and verified partition as examples — it may not boot at all. But if it does boot, it will do so in a “limited capacity” and only with your consent.

Downsides of this

  • Difficulty in rooting, which would be overcome in time by developers or if OEMs don't implement this feature in their devices

  • Data corruption

Google says that by using verified boot the impact of data corruption increases, and therefore reliability is reduced. However, there is an error correction feature that will help recover from data loss, which should also minimize the chances of it impacting users. Google notes that there is an overhead of 0.8 percent with regards to space but no performance toll, unless, of course, there is data corruption detected.

(Emphasis supplied)

See for details on Strictly Enforced Verified Boot with Error Correction

tl:dr; : Theoretically, this ensures that your OS system is intact on booting by not booting or booting with reduced functionality if the system is corrupted / modified by malware or attackers - which increases your protection.

@David 2016-10-12 12:39:48

There is still the possibility to also password protect the booting in Android N, so activating this would result in more security, right? otherwise why would be the option be there?

@beeshyams 2016-10-12 12:46:07

That may be an additional layer of security for user comfort. As it stands, it looks like safeguards have already been built into OS. I am not on Nougat to to comment further

@beeshyams 2016-10-15 10:40:43

As explained here, by normal direct booting you are giving limited functionality, and by password protected booting, you are gaining access to complete access of device contents

Related Questions

Sponsored Content

2 Answered Questions

Is it possible to set an encryption password different than lock screen pin?

  • 2015-01-20 03:29:51
  • dragonmnl
  • 1089 View
  • 0 Score
  • 2 Answer
  • Tags:   encryption

1 Answered Questions

[SOLVED] How to change the encryption key on (rooted) Android 9?

1 Answered Questions

[SOLVED] Nougat: How to use Full Disk Encryption instead of File Based Encryption?

1 Answered Questions

[SOLVED] Setting/finding Android 7 encryption password

1 Answered Questions

[SOLVED] Encryption in Samsung Galaxy S8

1 Answered Questions

[SOLVED] How does Marshmallow encryption work technically?

2 Answered Questions

1 Answered Questions

[SOLVED] android encryption: too little time?

  • 2015-09-02 11:48:24
  • Russell Uhl
  • 1403 View
  • 2 Score
  • 1 Answer
  • Tags:   encryption

8 Answered Questions

Sponsored Content