Cryptography professor warns about Android security, says some of it is six years behind the iPhone

Cryptography professor warns about Android security, says some of it is six years behind the iPhone
We are constantly barraged with sensationalist headlines of the "millions of Android phones are under threat" type that inform about this and that malware or security lapse that is usually pretty easy to avoid if you install decent apps from legit sources. 

The sole reason for so many Android security news, however, is that Android's encryption is still not up to par, even the latest 7.0 Nougat version, reveals a cryptography professor from Johns Hopkins university.

According to Matthew Green, while Nougat devices have moved away from the full-disk encryption (FDE) of yesteryear that is easier to hack, and employ file-level protection if you set a passcode, there are scenarios where you can still access some files directly as the encryption keys are being stored in memory. 

Apparently, while Apple provides no less than four protection levels for developers to choose from, Android N has only two, and even if it adds more down the road, this will still leave millions of legacy apps somewhat vulnerable. In a nutshell, the cryptography professor's disheartening conclusion is that the current state of Android's security is only good for Google to keep the FBI at arm's length.


source: Matthew Green (Cryptography Engineering)

FEATURED VIDEO

12 Comments

1. ibend

Posts: 6747; Member since: Sep 30, 2014

Grab popcorn...

2. Mxyzptlk unregistered

Yup, this is definitely not going to end well.

9. Nathan_ingx

Posts: 4769; Member since: Mar 07, 2012

I can hear you say it with a grin on your face.

3. Mxyzptlk unregistered

The reason for the security updates is because of stagefright, so this isn't too surprising.

4. Omran2000

Posts: 101; Member since: Aug 18, 2016

Reactivating the Android-iOS security's war on PhoneArena's front .....

5. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Honestly, who gives a s**t? I don't know what kind of nuclear codes are being carried around on stock Android phones but whoever is doing that needs to stop. If it keeps the FBI at arms length then it is good enough for the average consumer. Anything else and you can use specialized versions of Android like Samsung's with Knox or blackberry or make your own.

10. kiko007

Posts: 7500; Member since: Feb 17, 2016

"Honestly, who gives a s**t?" People who don't want their s**t stolen, hacked, or both. "I don't know what kind of nuclear codes are being carried around on stock Android phones but whoever is doing that needs to stop." What??? ."If it keeps the FBI at arms length then it is good enough for the average consumer. Anything else and you can use specialized" Wow....such low standards. "Anything else and you can use specialized versions of Android like Samsung's with Knox or blackberry or make your own." I'd imagine this article articulates the severity of the situation very well. What YOU'RE basically doing is pigeonholing people into buying devices from only those with such methods....which defeats the purpose of Android to begin with. Also, this appears to be more about the state of Android security as a whole, rather than sectors.

6. IronTech

Posts: 153; Member since: May 27, 2016

Android: You can have sex with either your wife or a prostitute. AppStore: No way you can find a sex partner other than your wife in your life. Clearly, Android has a chance to have STDs.

12. Subie

Posts: 2383; Member since: Aug 01, 2015

7. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

In its current form Android user are more prone to owning a compromised Android phone. A lot of budget handset come with malware pre-installed. Especially those sold by third parties online store. On the other hand, the price, performance and availability of cheap accessories make it worth my while to learn how to acquire safe handset, check for security compromise and implement the right level of basic security. So Android user need to learn how to keep their handset safe much like what we do for Windows PC.

8. sissy246

Posts: 7124; Member since: Mar 04, 2015

No phone is safe, IOS or Android

13. piyath

Posts: 2445; Member since: Mar 23, 2012

Omg LOL! This is a nuclear missile for the Android fan base. This is huuuuuuuuuuuge!!!!

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.