Android Encryption Still “Years” Behind iOS Security Levels
Matthew Green, a cryptography professor at John Hopkins University, has analyzed the way Android N approaches security, and has pointed out it has a long way to go before achieving the same levels of security as an iPhone.
Green had this to say regarding Android’s encryption levels:
If you’re an optimistic type, you’ll point out that Android is clearly moving in the right direction. And while there’s a lot of work still to be done, even a half-baked implementation of file-based implementation is better than the last generation of dumb FDE Android encryption. Also: you probably also think clowns are nice.
On the other hand, you might notice that this is a pretty goddamn low standard. In other words, in 2016 Android is still struggling to deploy encryption that achieves (lock screen) security that Apple figured out six years ago. And they’re not even getting it right. That doesn’t bode well for the long term security of Android users.
Properly implemented security measures can slow down if not prevent the most sophisticated hacking techniques, but improper implementation can be disastrous in terms of device security.
Apparently, while Apple provides no less than four protection levels for developers to choose from, Android N has only two, and even if it adds more in the future, this will still leave millions of legacy applications somewhat vulnerable.
Overall, the cryptography professor’s disheartening conclusion is that the current state of Android’s security is only good for Google to keep the FBI at arm’s length.