Android Q will bring mandatory disk encryption to even low-end devices with Adiantum's help

Android Police

By Jules Wang

Published May 9, 2019

Google's tug of war with hackers is never ending and we're stuck right in the middle of it. Given that Android is such a big target with billions of active devices out in the world, the company has to keep on the offensive. And with the latest security improvements in Android Q, more people than ever before will be able to stay safe.

The next version of Android will feature improvements to encryption on two fronts: storage and internet connections.

In storage, Q will now require every device — phones, Android Auto, Android TV, etc. — to encrypt user data up to the Advanced Encryption Standard. For a long time, low-end phones skipped out on disk encryption as their processors couldn't keep up with performing encrypt-decrypt cycles while maintaining decent end user performance. Now, OEMs can opt to do so using Google's newest low-impact encryption method, Adiantum, which runs about 5 times faster on a Cortex-A7 CPU than a standard AES-compliant method. This should bring a big security boost to low-income users without a large hit on local resources.

Android will also adopt TLS 1.3 for encryption on internet transactions. The big picture here is that more of the process to link up data senders with receivers will be encrypted. It should also take fewer roundtrips for all the data in a transaction to get to where it needs to be.

Q is also reinforcing its security systems in sections where most of its vulnerabilities have opened up: Most high-severity exploits found last year were based in the kernel, Bluetooth, and media containers. Google has deployed a variety of strategies in these areas — which you can read more about here — that are designed to limit those sectors' exposure and prevent an attacker from causing catastrophic damage with as few vulnerabilities as possible.

When it comes to biometrics, Q will now classify methods for certain uses. Explicit authentication will require the user to accept a prompt to activate a facial or iris scanner or to tap a physical fingerprint sensor — this is to insure against rogue actors from unlocking users' phones while they're unaware and will provide extra security for high-value transactions such as mobile payments. Implicit authentication won't require an extra prompt to access functions such as autofill and sign-in. App developers also have a new flag in the BiometricPrompt API that will allow the app with biometric login options to check if the device has biometric equipment.

Google has also teased out more authentication mediums including electronic IDs (i.e. a driver's license) which we discuss in this story.

Source: Google