| <html devsite> |
| <head> |
| <title>Encryption</title> |
| <meta name="project_path" value="/_project.yaml" /> |
| <meta name="book_path" value="/_book.yaml" /> |
| </head> |
| <body> |
| <!-- |
| Copyright 2017 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| |
| |
| <p> |
| Encryption is the process of encoding all user data on an Android device using |
| symmetric encryption keys. Once a device is encrypted, all user-created data is |
| automatically encrypted before committing it to disk and all reads automatically |
| decrypt data before returning it to the calling process. Encryption ensures that |
| even if an unauthorized party tries to access the data, they won’t be able to |
| read it. |
| </p> |
| <p> |
| Android has two methods for device encryption: file-based encryption and |
| full-disk encryption. |
| </p> |
| <h2 id=file-based>File-based encryption</h2> |
| <p> |
| Android 7.0 and later supports |
| <a href="/security/encryption/file-based.html">file-based encryption</a>. |
| File-based encryption allows different files to be encrypted with different |
| keys that can be unlocked independently. Devices that support file-based |
| encryption can also support |
| <a href="https://developer.android.com/training/articles/direct-boot">Direct |
| Boot</a>, which allows encrypted devices to boot straight to the lock screen, |
| thus enabling quick access to important device features like accessibility |
| services and alarms. |
| </p> |
| <p> |
| With file-based encryption and APIs that make apps aware of encryption, apps |
| can operate within a limited context. This can happen before users have |
| provided their credentials while still protecting private user information. |
| </p> |
| <h3 id="metadata">Metadata encryption</h3> |
| <p> |
| Android P introduces support for |
| <a href="/security/encryption/metadata">metadata encryption</a>, where hardware |
| support is present. With metadata encryption, a single key present at boot time |
| encrypts whatever content is not encrypted by FBE, such as directory layouts, |
| file sizes, permissions, and creation/modification times. This key is protected |
| by Keymaster, which in turn is protected by verified boot. |
| </p> |
| |
| |
| <h2 id=full-disk>Full-disk encryption</h2> |
| <aside class="caution"> |
| Caution: Support for full-disk encryption is going away. If you're creating a |
| new device, you should use file-based encryption. |
| </aside> |
| <p> |
| Android 5.0 and above supports |
| <a href="/security/encryption/full-disk.html">full-disk encryption</a>. |
| Full-disk encryption uses a single key—protected with the user’s device password—to |
| protect the whole of a device’s userdata partition. Upon boot, the user must |
| provide their credentials before any part of the disk is accessible. |
| </p> |
| <p> |
| While this is great for security, it means that most of the core functionality |
| of the phone in not immediately available when users reboot their device. |
| Because access to their data is protected behind their single user credential, |
| features like alarms could not operate, accessibility services were unavailable, |
| and phones could not receive calls. |
| </p> |
| </body> |
| </html> |