I have tested Android Lollipop 5.0 phone encryption lately. It has LGsG3 stock firmware and is rooted.
I encrypted the internal memory and then the external sdcard with androids build in phone encryption option.
Thought I'd rather check if the sdcard is really encrypted afterwards and put it into my PC to see it's content.. and then:
ALL the File- and Foldernames are still visible! Every single Filename and Folder. Android Encryption encrypts ONLY the content of the Files, but not it's filenames or folders. So while not having the option to see the Content of the files, we can still see the names describing the content.
I don't need to say that one should think of these as metadata which in many cases tells you alsmost everything about it's content.
I'm kinda upset that my phone makes me believe my data on the phone is secured through encryption but in fact it is not. At least not enough to call it real "encryption".
searching google about this topic makes me think I'm the only person on this planet who has discovered the glitch.
Anyone knows more about this? Anyone with encrypted Android phone discovered the same on their SDcard?
How comes filenames are not encrypted together with the content? Why is the user not informed about this before he starts encrypting the phone, expecting *everything* will be encrypted?
When encrypting the SDCard of the phone I expected something like: the whole partition will be encrypted and mounted on boot like FDE on PC. Instead it's all about fake encryption.
I encrypted the internal memory and then the external sdcard with androids build in phone encryption option.
Thought I'd rather check if the sdcard is really encrypted afterwards and put it into my PC to see it's content.. and then:
ALL the File- and Foldernames are still visible! Every single Filename and Folder. Android Encryption encrypts ONLY the content of the Files, but not it's filenames or folders. So while not having the option to see the Content of the files, we can still see the names describing the content.
I don't need to say that one should think of these as metadata which in many cases tells you alsmost everything about it's content.
I'm kinda upset that my phone makes me believe my data on the phone is secured through encryption but in fact it is not. At least not enough to call it real "encryption".
searching google about this topic makes me think I'm the only person on this planet who has discovered the glitch.
Anyone knows more about this? Anyone with encrypted Android phone discovered the same on their SDcard?
How comes filenames are not encrypted together with the content? Why is the user not informed about this before he starts encrypting the phone, expecting *everything* will be encrypted?
When encrypting the SDCard of the phone I expected something like: the whole partition will be encrypted and mounted on boot like FDE on PC. Instead it's all about fake encryption.
Aucun commentaire:
Enregistrer un commentaire