Skip to main content

Everything You Need to Know About Smartphone Encryption

Here is Everything You Need to Know About Smartphone Encryption

The debate over encrypted smartphones and smartphone apps refuses to die down. This past Thursday (Dec. 17), CNN quoted unnamed law-enforcement officials as saying the ISIS terrorists who carried out the Paris massacres in November used the encrypted messaging apps WhatsApp and Telegram to plan their attacks.

On Saturday (Dec. 19), presidential candidate Hillary Clinton said that she hoped law enforcement and Silicon Valley could find common ground on the subject without having to undermine encryption, perhaps by creating "a Manhattan-like project" to solve the problem. And on Sunday (Dec. 20), Apple CEO Tim Cook once again defended his company's use of encryption on CBS's "60 Minutes," stating that he didn't "believe that the tradeoff here is privacy versus national security."
We here at Tom's Guide don't have the answer to this dilemma, especially since both sides have valid points. But we do have answers to basic questions about smartphone encryption.

Q: What is smartphone encryption?

A: There are two main kinds, both designed to stop unauthorized persons from reading private information. First, there's encrypted messaging software, which covers what law-enforcement experts call "data in motion," or messages going from one device to another.
The most secure kind of communications encryption, called "end-to-end" encryption, prevents even app makers, cellular carriers or phone makers from being able to read the messages. This is what Apple's iMessages offers, and it's what counterterrorism officials have trouble encrypting and decrypting. But Apple says that because it doesn't have the keys, it can't help.
The other kind of encryption is encryption of the stored data on a device itself, which law enforcement calls "data at rest." This is more often sought by regular cops who want to read what a drug dealer, kidnapper or pimp has on his phone. Google and Apple both offer full-device encryption, and Google has fought court orders to help police decrypt Android phones.

Q: Why is encryption on a phone important? I have nothing to hide.

A: Tim Cook provided a succinct answer to that question in his "60 Minutes" interview.
"On your smartphone today, on your iPhone, there's likely health information, there's financial information," Cook said, referring mainly to "at rest" data. "There are intimate conversations with your family, or your co-workers. There's probably business secrets, and you should have the ability to protect it. And the only way we know how to do that is to encrypt it."

Q: Why is smartphone encryption so controversial?

A: The problem is that encryption has gotten so good that no one can crack it — not even the smartphone makers. So U.S. law enforcement authorities want a "back door" to decrypt even the strongest encryption software.
Clinton demonstrated a fairly good grasp of the issue during Saturday's Democratic debate.
"It doesn't do anybody any good if terrorists can move toward encrypted communication that no law-enforcement agency can break into before or after," she said. "There must be some way. I don't know enough about the technology … to be able to say what it is, but I have a lot of confidence in our tech experts."
But, Clinton added, "maybe the back door is the wrong door, and I understand what Apple and others are saying about that."

Q: Can you explain the notion of a back door?

A: A back door is a secret method of defeating the security of a piece of software. Law enforcement wants such secret methods to be able to read any message sent via any method, provided a warrant has been issued.

Q: Would it be a big deal if Apple and Google let the government disable encryption in certain cases? Would it even be possible?

A: It would be a big deal, because it would restore the access to private communications that U.S. law enforcement has traditionally had (usually with a warrant) — to an extent. Law enforcement is very worried about communications "going dark" to authorities.
But Apple, Google, many encryption experts and dozens of other Silicon Valley companies argue that if a so-called "back door" were created for exclusive law-enforcement use, it wouldn't be exclusive for long. Hackers, criminals and repressive governments would soon find the keys.
"If there's a way to get in, then somebody will find the way in," Apple's Cook told CBS' Charlie Rose yesterday. "There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door's for everybody, for good guys and bad guys."
And it may not even be possible. Some cryptography experts say that, due to the complex math involved in creating encryption algorithms, a single flaw would render an entire algorithm useless. Many encryption algorithms have been abandoned after mathematical flaws were found.
Furthermore, U.S. law would have no effect on foreign companies. Telegram is run by Russians and based in Germany, and Germany has very strong privacy laws. Silent Circle is run by Americans, but it's based in Switzerland and its servers are in Canada. CryptoCat is run by a single Lebanese student who's currently based in Paris.
Basically, you can't stop encryption. The issue really is whether we should try to. One solution might be for Apple to give the government access without telling anyone — but such an arrangement would be found out eventually.

Q: Do law enforcement back doors already exist?

A: Yes. Thanks to the Communications Assistance to Law Enforcement Act (CALEA) of 1994, law enforcement has nearly instant access, upon presentation of a warrant, to landline and cellular telephone calls. Companies such as Verizon and AT&T have long-standing relationships with law enforcement. Law enforcement can also demand traffic logs from Internet service providers such as Comcast or Time Warner Cable, but some of those companies have fought back in court.
But CALEA doesn't cover software-based communications such as instant messaging. The FBI has spent the past few years trying to get them added, but has not received White House support. Hence, Apple and other companies — and even private individuals — are free (for now) to create unbreakable encryption for software-based communications. That may change under the next president.

Q: What's going on in Britain with government-mandated back doors?

A: The Conservative government in November introduced the Investigatory Powers Bill, which would grant British police and intelligence agencies broad powers to collect data from providers of Internet-based communications and from physical devices. Companies that provide Internet-related services in the United Kingdom would be compelled to collect bulk data on all customers, and cooperate fully with targeted investigations that might involve breaking into encrypted communications and encrypted devices. Companies based overseas, such as Apple, would not be exempt.
Apple on Monday (Dec. 21) submitted an angry letter to a parliamentary committee taking comments from the public while the bill is still being revised. Other Silicon Valley companies are expected to submit their own letters.
"The bill threatens to hurt law-abiding citizens," Apple said in the letter, which was distributed to news outlets. "A key left under the doormat would not just be there for the good guys. The bad guys would find it too."
"The best minds in the world cannot rewrite the laws of mathematics," Apple added. "The bill would attempt to force non-U.K. companies to take actions that violate the laws of their home countries. ... We owe it to our customers to protect their personal data to the best of our ability. Increasingly stronger — not weaker — encryption is the best way to protect against these threats."

Q: What's the National Security Agency's role in all this?

A: The NSA rarely comes up in these debates, except as the reason why people want smartphone encryption in the first place. If you were to corner security experts and ask them off the record, many would assume that the NSA probably knows how to crack all these services already.
MORE: Can You Hide Anything from the NSA?

Q: What on my phone can be encrypted? Texts? Calls? Everything?

A: Everything except text messages and regular calls, because neither of those normally uses the Internet. But there are plenty of apps, such as Silent Phone or Signal, that route voice calls through the Internet using Voice over Internet Protocol (VoIP), and even more apps, such as iMessages, that switch text messages to Internet-based instant messages. The catch is that the person on the other end of the conversation has to be using the same app.
One weak spot is email. You can encrypt the body of an email message, and any attachment to that message, but you can't disguise the accounts that send and receive the message. So emails in transit can usually be tracked. However, you can encrypt email logs stored on a phone.

Q: How does encryption work?

A: The raw bits and bytes of the digitized information are scrambled with a key, or two keys, using many different encryption algorithms, or methods of encryption. The implementation, or way in which the encrypted information is handled, also matters, because that's often the way encryption can be undermined.
The most secure forms of encryption communication make sure that only the recipient can decrypt the message sent by the sender. Some less secure implementations — such as those used by WhatsApp and SnapChat — can allegedly be decoded by the app makers. 
The San Francisco-based digital-rights advocacy group the Electronic Frontier Foundation keeps a constantly updated list of which "secure" communications apps are truly secure, and which aren't, with its Secure Messaging Scorecard.
Encrypting all the data stored on a device, equivalent to Apple's FileVault or Microsoft's BitLocker for personal computers, is less complex.
In Apple's case, all devices running iOS 8 or later automatically encrypt the entire device as soon as the user creates and activates a passcode. Because the passcode is mixed up with the device's own ID number to create a key that encrypts the device, the decryption must be carried out on the device itself. Apple theorizes that off-device decryption of data taken from an encrypted device would take several decades.
Android phones do not automatically encrypt themselves, but Google makes it easy for the user to set up. Here's our guide on how to encrypt an Android device.

Q: Is 2-factor authentication for my Apple ID all the security I need to protect my account?

A: That depends. Apple has taken a somewhat haphazard route to account security, as iTunes, iCloud and Apple accounts were at one point three different things, with different levels of security. Apple has officially merged all three and given users the option to enable two-factor authentication, but people who had more than one type of Apple account in the past may find that there are still holes.

Q: How to do iPhone and Android security differ?

A: Google's online-account security is a bit more comprehensive. There's one single Google account to cover almost everything, although people can still set up separate YouTube accounts if they choose. Two-factor authentication can be enabled on both — and also on Facebook, Microsoft, Dropbox, Yahoo, Amazon and Twitter.  For a fuller list of which services do and don't support two-factor authentication, go to http://twofactorauth.org/.  
However, whereas iMessages uses fully end-to-end encryption, Google makes no such security claims with regard to Google Hangouts, formerly known as Google Talk, Google+ Messenger and Gchat.

Q: Is Snapchat still easy to hack?

A: To our recollection, no SnapChat flaws were disclosed in 2015, following a pretty bad 2014 for the company. But keep in mind that the EFF thinks neither SnapChat nor WhatsApp are truly secure. Many experts think Telegram isn't either, but the EFF distinguishes between regular Telegram communications and the more secure "secret chat" option.

Q: Which smartphone encryption apps should I use?

A: Signal is a good one. So are Silent Circle's Silent Text and Silent Phone, iMessages and CryptoCat. For a full list, head to the EFF Secure Messaging Scorecard linked to above.

Q: Are certain carriers more likely to be snooped upon or give my information away?

A: You have to assume that all landline and cellular carriers, anywhere in the world, will give your information to a government when asked. (See the part about the CALEA law in the U.S. above.) There are allegations that T-Mobile, being a German company, is not as cooperative with the U.S. government as are AT&T and Verizon. As for Sprint, U.S. intelligence and law-enforcement officials negotiated an agreement that their relationship with the company would not be affected by the 2013 sale of the majority of Sprint's stock to Japan's Softbank.
But bear in mind that, to our knowledge, a telephone or Internet service provider cannot decipher software-based encrypted communications traveling over their wires and radio signals. That's why iMessage works on AT&T iPhones, and why law-enforcement authorities are not happy with Tim Cook.
Source: Tomsguide.com

Guys, these are all that I have for you and I hope it will serve as a benefit for you to properly manage your android device by encrypting it.

Kindly help us share this article by the use of the social media icons/buttons below.

Comments

Popular posts from this blog

How To Recover Hard Drive Data

How To Recover a Hard Drive Data with the M3 Format Software App. How you can recover your lost data files on hard drive with the use of M3 Format Recovery Free Software Application. In this helpful tutorial-guide, I will give you some guides on how to recovering lost data, files,folders, documents and interesting stuffs on your computer or pen drive with the easy format with a software. I hope that you may find this article very useful and helpful tutorial because what I am going to show is something that can't be found anywhere and even the few people that know it may be willing to charge you for that simple because you don't know and that's why you should always visit this technology blog for latest updates on technology apps, reviews, jobs and opportunities, career and exams, news around the globe to awaken your mindset in the field of technology. Lost data is not like a deleted folder/file that you may be able to recover easily by going to the ...

How To Start A Blog In Ghana

Many people have been desiring to start blogging and make money online but are confused on how to start this blogosphere journey. Here are the steps on How to start a blog in Ghana and make passive income Decide on your blogging niche. Choose a good domain name. Choose a reliable hosting and blogging platform. Set up your blogging software (WordPress) Start writing content. Market your blog's content. Start making money from your blog How to start a blog in Ghana How To Start A Blog In Ghana Are you looking for a free, easy, step-by-step guide on how to start a blog in Ghana? My free guide on this page will show you how to create a blog that is beautiful and functional, all in an easy step-by-step tutorial How to start a blog in Ghana Should you start a blog in Ghana? Simple steps to help you create a blog easily One of the misconceptions about starting a blog is that you need to be a great writer to be successful. Nothing could be further from the truth. People read blog sites to ...

Connectify Announces Speedify Mobile App For Faster Internet

Connectify Announces Speedify Mobile App For Faster Internet It's a happy new year and a prosperous moments for all my blog readers and I say may the good Lord guide you throughout this year and may all your activities come true because without you, I will not be able to reach where I am in blogging due to your regular visit to this blog page for the much encouragement you are giving me by sharing my blog post with the social media icons as buttons below and also your regular comments to any latest technology post updated on this webpage. Today too is a day I'm giving you latest updates on technology from the conner of Blogfulpath in my search for latest updates on mobile apps. Speedify Mobile App For Faster Internet is what I found and made an effort to share it with my blog readers. Enjoy reading it below. Mobile internet connectivity is not always the best depending on your carrier and your location, but there are ways to enhance your experience if connectin...