[comment lost, re-posting] That's very insecure. NFC and BT devices generally mean you're unlocking with a unique device that /you own/. Wi-Fi networks are location based, so anyone could access your information in that location. They could even do it by spoofing your home or work SSIDs, if they had the authentication information.
What might be interesting would be a two-factor unlocking. NFC/BT device, and a pattern or PIN entry. If the device isn't available, a longer passphrase grants entry. Now, that's super-secure, but then some of us carry very sensitive info on our phones.
your "wifi is insecure" argument is non-sense - no offence. First, a WiFi may be able to unlock the phone *only* it it has a shared private key (say the WPA2 one). Second, at the application layer, you can have the lock authenticate a remote network service by pub key. Noone would be able to spoof the latter; except if they break into your access point. Not impossible, but hey; everything has its limitations. Those schemes assume of course, that the phone DOES connect to the WIFi network. PubKey also makes you vulnerable to some DoS attack that may freeze your device.. so EC is preferrable. And any authentication scheme will add some power consumption... but then again everything has its compromises...
No offense taken, but no I don't think it's nonsense. For one, a "shared private key" may be well known. In my office, we have a WPA2 network for guests, the private key is posted on signs and freely shared. Just because it's "private" doesn't mean it's confidential or secure.
Much of this is conjecture. For all I know Wi-fi unlocking could be determined not by the SSID, but by the MAC address of the router gateway, which is less easily spoofed (not hard, but less easily). Or as you mention, the pub key issued by the AP.
All these security enhancements but you can't remove airplane mode from the lock screen. Why can't you just make it so it's there for unprotected devices? Once you set up a pin, face, pattern, etc it greys out or android asks for verification using your pin, pattern, face, etc before turning airplane mode on.
In Lollipop you can access the quick settings from the lock screen in both unlocked phones, and locked phones that are temporarily unlocked with smart lock
Other replies are missing the point Jeff Case is trying to make. If you can turn on airplane mode without unlocking the device, the device is inherently less secure. Once airplane mode is on, remote location and remote wipe no longer work, giving a thief as long as they need to do whatever they need to the device.
Will the Smart Unlock feature enable a paired (trusted device) smartwatch to 'bypass' the pin code on my 'phone where that pin has been a requirement of my phone's access to Exchange-based email and calendar information?
Thanks but I don't think that resolves the calendar issue. The same permissions are required in order to access my work calendar from the Exchange server and the same pin requirements.
if you are searching for cost effective as well as solid Mobile Application Development ServicesWe are one of the leading companies offering affordable, timely and quality mobile apps services.
Is there anywhere we can get more implementation details?
"Full device encryption occurs at first boot, using a unique key that never leaves the device."
Where/how is the key stored? Encryption is mostly effective against people that physically gain access to your device from being able to read its stored contents (think law enforcement, forensics, etc). So what is it that prevents someone who obtains an encrypted device from retrieving the key and thus being able to decrypt the phone? Is a password requested on boot which is then used to decrypt the whole disk encryption key?
...and this is exactly why I won't go back to Android, anytime soon. You're treated like a product on this platform whereas iOS *is* your product. Being privacy-conscious, unlike many smartphone users, I was reluctant to install apps and really enjoy my (many) Android phones. Since moving to iPhone, I'm enjoying my smartphone experience much more and am not as hesitant to immerse myself in the platform. Lollipop looks great and I miss a lot of things about Android. The Droid Turbo looks amazing. I'd like to have an Android device again someday, but until privacy is a top priority for the folks at Google. AppOps should have not been yanked out from under users!
Here's what I'd like to see that would make a world of difference. The ability to use a long passcode for device decryption at boot, but then the use of pattern for screen unlock. I don't mind entering a long complex password at boot. But there's no way I'm going to enter that 40 times a day. Whereas a pattern is easy to enter quickly, but not enough for whole device decryption.
NFC or bluetooth unlocking doesn't cure this issue, because sometimes it's your friends you want to keep out of your facebook app, and they might be around the same bluetooth or nfc devices you've set to unlock your phone. If you were trying to keep law enforcement out of your phone, the camera unlock would be your undoing, it would be trivial for them to hold the phone up to your face to unlock it. Or what if you break your nose? Passcode encryption at boot, and pattern unlock of lock screen should be trivial to implement, and would grant users the security of encryption and ease of unlocking the lock screen that would foster wide spread adoption of basic security.
Update: New judicial ruling- (Link below) Police can demand fingerprints but not passcodes to unlock your phones. The fifth amendment grants you the constitutional right against self incrimination. In the US, you do not need to give your passcode to law enforcement because that's ruled as testifying against yourself. A VA judge has ruled that right does not include your fingerprint (nor your photo) does not count as testimony against yourself, meaning that the police may unlock your phone and get all of your data without your consent if it's locked via fingerprint or photo. This would not be a problem if it wasn't for the massive over reach and abuse of collection of data against law abiding citizens in the US or if you consider the numerous law suits where police have gone through either a victim or perpetrators phone, and mailed themselves and their buddies the owners naked pics. The best protection against these illegal government abuses is encryption. Currently Android makes this too inconvenient to use.
I think the solution I offered above would greatly enhance the security and protection of individuals. I've thought of an additional protection that would make it even better. Add a second pattern unlock which instead of unlocking the phone, shuts the phone down quickly. Once the phone is shutdown, it would require the complex password to decrypt the device on boot, which would render it safe.
Will this include something similar to Cyanogenmod Privacy Guard? (http://www.julianevansblog.com/2014/06/how-to-use-android-privacy-guard-on-cyanogenmod-11.html)
This would be one of the single best things that you could provide from a security perspective, and has been sorely needed for a long time. Forcing users to make "all or nothing" choices about app permissions every time they install an app, without being able to say "I want this app, but I don't want to let it see see all of my contacts, even though it wants to" is a major limitation. How many flashlight apps want to be able to read your email or use the network?
Also, will there be any progress on supporting ad hoc wireless? This would make Android more useful for emergency communications using things like the Serval Project (http://www.servalproject.org/), it would make it easier to support and develop mesh networks in general, it would make it easier to communicate between a phone and a laptop, or between two phones, when not near a wireless infrastructure, and it was one of the earliest issues in the Android bug tracking system, being requested six years ago (https://code.google.com/p/android/issues/detail?id=82).
It should be possible to set a period of time that you would have to unlock the phone via pin or password. For instance a user define time, (1 hour, 2,3, 24) that the user had to unlock via pin. Until then no password required. If someone stole the phone then the thief would have access to phone only for a limited period of time. The security settings section and reset phone would be password locked if the user didn't introduce a password.
Follow
If only we could unlock with trusted Wi-Fi network.
ReplyDelete[comment lost, re-posting] That's very insecure. NFC and BT devices generally mean you're unlocking with a unique device that /you own/. Wi-Fi networks are location based, so anyone could access your information in that location. They could even do it by spoofing your home or work SSIDs, if they had the authentication information.
DeleteWhat might be interesting would be a two-factor unlocking. NFC/BT device, and a pattern or PIN entry. If the device isn't available, a longer passphrase grants entry. Now, that's super-secure, but then some of us carry very sensitive info on our phones.
This can be easily spoofed and ain't exactly secure.
DeleteNothing is really secure. You can only hope that you don't get affected.
Deletemy wifi error now, :(
Deletewww.telanjangi.com
KitKat devices upgraded to Lollipop will turn on encryption too?
ReplyDeleteNope. The default encryption is only for new devices that come with Lollipop.
Deleteyour "wifi is insecure" argument is non-sense - no offence. First, a WiFi may be able to unlock the phone *only* it it has a shared private key (say the WPA2 one). Second, at the application layer, you can have the lock authenticate a remote network service by pub key. Noone would be able to spoof the latter; except if they break into your access point. Not impossible, but hey; everything has its limitations. Those schemes assume of course, that the phone DOES connect to the WIFi network. PubKey also makes you vulnerable to some DoS attack that may freeze your device.. so EC is preferrable. And any authentication scheme will add some power consumption... but then again everything has its compromises...
ReplyDeleteNo offense taken, but no I don't think it's nonsense. For one, a "shared private key" may be well known. In my office, we have a WPA2 network for guests, the private key is posted on signs and freely shared. Just because it's "private" doesn't mean it's confidential or secure.
DeleteMuch of this is conjecture. For all I know Wi-fi unlocking could be determined not by the SSID, but by the MAC address of the router gateway, which is less easily spoofed (not hard, but less easily). Or as you mention, the pub key issued by the AP.
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteAll these security enhancements but you can't remove airplane mode from the lock screen. Why can't you just make it so it's there for unprotected devices? Once you set up a pin, face, pattern, etc it greys out or android asks for verification using your pin, pattern, face, etc before turning airplane mode on.
ReplyDeleteIn Lollipop you can access the quick settings from the lock screen in both unlocked phones, and locked phones that are temporarily unlocked with smart lock
DeleteOther replies are missing the point Jeff Case is trying to make. If you can turn on airplane mode without unlocking the device, the device is inherently less secure. Once airplane mode is on, remote location and remote wipe no longer work, giving a thief as long as they need to do whatever they need to the device.
DeleteDoes the improved security mean harder-to-root Android?
ReplyDeleteWill the Smart Unlock feature enable a paired (trusted device) smartwatch to 'bypass' the pin code on my 'phone where that pin has been a requirement of my phone's access to Exchange-based email and calendar information?
ReplyDeleteYa that is only an issue with the stock email app. Apps like cloudmagic don't require an administrator and can still access exchange.
DeleteThanks but I don't think that resolves the calendar issue. The same permissions are required in order to access my work calendar from the Exchange server and the same pin requirements.
DeleteWhere root?
ReplyDeleteif you are searching for cost effective as well as solid Mobile Application Development ServicesWe are one of the leading companies offering affordable, timely and quality mobile apps services.
ReplyDeleteIs there anywhere we can get more implementation details?
ReplyDelete"Full device encryption occurs at first boot, using a unique key that never leaves the device."
Where/how is the key stored? Encryption is mostly effective against people that physically gain access to your device from being able to read its stored contents (think law enforcement, forensics, etc). So what is it that prevents someone who obtains an encrypted device from retrieving the key and thus being able to decrypt the phone? Is a password requested on boot which is then used to decrypt the whole disk encryption key?
...and this is exactly why I won't go back to Android, anytime soon. You're treated like a product on this platform whereas iOS *is* your product. Being privacy-conscious, unlike many smartphone users, I was reluctant to install apps and really enjoy my (many) Android phones. Since moving to iPhone, I'm enjoying my smartphone experience much more and am not as hesitant to immerse myself in the platform. Lollipop looks great and I miss a lot of things about Android. The Droid Turbo looks amazing. I'd like to have an Android device again someday, but until privacy is a top priority for the folks at Google. AppOps should have not been yanked out from under users!
ReplyDeleteHere's what I'd like to see that would make a world of difference. The ability to use a long passcode for device decryption at boot, but then the use of pattern for screen unlock.
ReplyDeleteI don't mind entering a long complex password at boot. But there's no way I'm going to enter that 40 times a day. Whereas a pattern is easy to enter quickly, but not enough for whole device decryption.
NFC or bluetooth unlocking doesn't cure this issue, because sometimes it's your friends you want to keep out of your facebook app, and they might be around the same bluetooth or nfc devices you've set to unlock your phone.
If you were trying to keep law enforcement out of your phone, the camera unlock would be your undoing, it would be trivial for them to hold the phone up to your face to unlock it. Or what if you break your nose?
Passcode encryption at boot, and pattern unlock of lock screen should be trivial to implement, and would grant users the security of encryption and ease of unlocking the lock screen that would foster wide spread adoption of basic security.
Update: New judicial ruling- (Link below) Police can demand fingerprints but not passcodes to unlock your phones. The fifth amendment grants you the constitutional right against self incrimination. In the US, you do not need to give your passcode to law enforcement because that's ruled as testifying against yourself. A VA judge has ruled that right does not include your fingerprint (nor your photo) does not count as testimony against yourself, meaning that the police may unlock your phone and get all of your data without your consent if it's locked via fingerprint or photo.
DeleteThis would not be a problem if it wasn't for the massive over reach and abuse of collection of data against law abiding citizens in the US or if you consider the numerous law suits where police have gone through either a victim or perpetrators phone, and mailed themselves and their buddies the owners naked pics. The best protection against these illegal government abuses is encryption. Currently Android makes this too inconvenient to use.
I think the solution I offered above would greatly enhance the security and protection of individuals.
I've thought of an additional protection that would make it even better. Add a second pattern unlock which instead of unlocking the phone, shuts the phone down quickly. Once the phone is shutdown, it would require the complex password to decrypt the device on boot, which would render it safe.
https://nakedsecurity.sophos.com/2014/11/03/police-can-demand-fingerprints-but-not-passcodes-to-unlock-phones-rules-judge/utm_term=0_31623bb782-824ccff289-454957781
When is Android 5.0 going to be released to the public?
ReplyDeleteWill this include something similar to Cyanogenmod Privacy Guard? (http://www.julianevansblog.com/2014/06/how-to-use-android-privacy-guard-on-cyanogenmod-11.html)
ReplyDeleteThis would be one of the single best things that you could provide from a security perspective, and has been sorely needed for a long time. Forcing users to make "all or nothing" choices about app permissions every time they install an app, without being able to say "I want this app, but I don't want to let it see see all of my contacts, even though it wants to" is a major limitation. How many flashlight apps want to be able to read your email or use the network?
Also, will there be any progress on supporting ad hoc wireless? This would make Android more useful for emergency communications using things like the Serval Project (http://www.servalproject.org/), it would make it easier to support and develop mesh networks in general, it would make it easier to communicate between a phone and a laptop, or between two phones, when not near a wireless infrastructure, and it was one of the earliest issues in the Android bug tracking system, being requested six years ago (https://code.google.com/p/android/issues/detail?id=82).
when Android L will release in INDIA for android ONE Phone ?
ReplyDeleteWhere did the pull-up bar that was on my samsungs internet screen go?
ReplyDeleteIt should be possible to set a period of time that you would have to unlock the phone via pin or password. For instance a user define time, (1 hour, 2,3, 24) that the user had to unlock via pin. Until then no password required. If someone stole the phone then the thief would have access to phone only for a limited period of time. The security settings section and reset phone would be password locked if the user didn't introduce a password.
ReplyDeleteThis site is great for selling your art work
ReplyDeleteSell your Artwork
Am using android one mobile with KitKat 4.4.4 , is am able to upgrade to lollipop 5.0.....? If yes how ?
ReplyDelete