Looking for factual information - encryption

[dk001]

Can anyone point me toward or explain the major differences between encryption in iOS 9 and Android 6? Finding a lot of vague misinformation and very little factual detail.

Appreciate any info I can get.

Note: On iOS9 I use a passphrase and TouchID. On my Android device I have encryption turned on and also use a passphrase and Samsung's version of TouchID.

 

[HansumKingtut]

This is difficult to answer. Apple is incredibly secretive about everything. Finding differences between IOS and Android encryption is difficult. I know, to encrypt you IOS device, all you have to do is setup a passcode.

https://support.apple.com/en-us/HT202064

You can also find articles talking about the encryption of iMessage and FaceTime. Which Apple claims they can't even decrypt iMessage and FaceTime.

http://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/

With all that being said, I can honestly say I can't give you any solid comparison between IOS and Android. The only real information I can find, is 'how to encrypt and android device'

https://support.google.com/nexus/answer/2844831?hl=en

https://source.android.com/security/encryption/

 

[dk001]

This is difficult to answer. Apple is incredibly secretive about everything. Finding differences between IOS and Android encryption is difficult. I know, to encrypt you IOS device, all you have to do is setup a passcode.

https://support.apple.com/en-us/HT202064

You can also find articles talking about the encryption of iMessage and FaceTime. Which Apple claims they can't even decrypt iMessage and FaceTime.

http://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/

With all that being said, I can honestly say I can't give you any solid comparison between IOS and Android. The only real information I can find, is 'how to encrypt and android device'

https://support.google.com/nexus/answer/2844831?hl=en

https://source.android.com/security/encryption/

Ran into the same issue. Can find out how but not what is the same / different between the design.
Thanks

 

[997440]

You can probably extract some information in the following discussion and then project the changes for encryption in the new Android OS to give you some idea and/or leads for further research.
http://security.stackexchange.com/questions/68454/android-l-encryption-vs-ios-8-encryption

The following slideshow doesn't address the Android 6, but again, you might find it useful for leads.
http://www.slideshare.net/Birjutank/android-vs-ios-encryption-systems

 

[teeshot44]

Passcodes/Touch ID and encryption are two entirely different things. Apples and zebras.

 

[NoBoMac]

With every major iOS release, Apple releases a new version of their security whitepaper. Lots of details, but not getting too deep.

https://www.apple.com/business/docs/iOS_Security_Guide.pdf

Along with the Android link HansumKingTut provided, should have most of the information you need.

 

[dk001]

Passcodes/Touch ID and encryption are two entirely different things. Apples and zebras.

Thanks but this is relevant how?
[doublepost=1455903081][/doublepost]

With every major iOS release, Apple releases a new version of their security whitepaper. Lots of details, but not getting too deep.

https://www.apple.com/business/docs/iOS_Security_Guide.pdf

Along with the Android link HansumKingTut provided, should have most of the information you need.

Appreciate it however was hoping that a professional comparison already existed on some form.
I've done the paper side by side and both appear comparatively equal. Still I feel I am missing something especially since the plethora of info that has been launched due to Error 53, the FBI writ, and ancillary info.

I own both OS's, both encrypted. I just can't answer my own question: which is better and why from a factual perspective.

 

[danleon950410]

Thanks but this is relevant how?
[doublepost=1455903081][/doublepost]

Appreciate it however was hoping that a professional comparison already existed on some form.
I've done the paper side by side and both appear comparatively equal. Still I feel I am missing something especially since the plethora of info that has been launched due to Error 53, the FBI writ, and ancillary info.

I own both OS's, both encrypted. I just can't answer my own question: which is better and why from a factual perspective.

I don't think there's a professional comparison, they're very different and i'm sure that developers aren't willing to give that information, which seems logical to me.

You could start by the one that gets hacked and modified easier, and you SURELY can't compare Android with Apple with a Samsung device, you'll want it in its purest form, the Nexus, as versions from other manufacturers are modified a lot and left with a high number of mistakes that allow hackers to get some holes and gaps more easily.

 

[dk001]

I don't think there's a professional comparison, they're very different and i'm sure that developers aren't willing to give that information, which seems logical to me.

You could start by the one that gets hacked and modified easier, and you SURELY can't compare Android with Apple with a Samsung device, you'll want it in its purest form, the Nexus, as versions from other manufacturers are modified a lot and left with a high number of mistakes that allow hackers to get some holes and gaps more easily.

Looks like I'm making my own A vs. G comparison chart.

 

[HansumKingtut]

I found a post on Apples website that might Help you:

• http://www.apple.com/privacy/approach-to-privacy/

Go to the page 'Pricacy and Your device". According to this page: "We’ve given developers strong tools such as Touch ID APIs, 256-bit encryption, and app transport security so they can build secure apps. And all apps are sandboxed so your personal information is protected. We also require developers to ask for permission before accessing personal information like your photos and contacts."

Also if IOS is supposed to be built based off of Mac OS X these posts may also help:

• https://support.apple.com/kb/PH18671?locale=en_US&viewlocale=en_US
• https://support.apple.com/en-us/HT204837
• https://en.wikipedia.org/wiki/FileVault

Also there are quite a few articles about discussing encryption for iMessage and FaceTime:

• http://www.apple.com/business/docs/iOS_Security_Guide.pdf
• http://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/
  
• https://nakedsecurity.sophos.com/20...nd-to-end-encryption-stymies-us-data-request/
  
• And many, many more

According to the IOS 9 Security Guide under the iMessage section: "...RSA 1280-bit key for encryption and an ECDSA 256-bit key on the NIST P-256 curve for signing."

So IOS is anywhere from 256-bit encrypted to 1280-bit encrypted. Now what the OS uses is hard to determine. Other security features of IOS include: Apps are sandboxed and require user permissions to access certain functions of the device (ei. Camera and Microphone).

As far as Android 6.0 Marshmallow goes:

• http://www.androidcentral.com/android-60-marshmallow-review?pg=5
  
• http://www.tripwire.com/state-of-security/off-topic/android-6-0-marshmallow-security-at-a-glance/
  
• https://www.android.com/versions/marshmallow-6-0/
  
• https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy
  
• https://source.android.com/security/encryption/

Looks like Android 6.0 Marshmallow gained sandboxed apps, and app permissions. As far as encryption goes "The encryption algorithm is 128 Advanced Encryption Standard (AES) with cipher-block chaining (CBC) and ESSIV:SHA256. The master key is encrypted with 128-bit AES via calls to the OpenSSL library. You must use 128 bits or more for the key (with 256 being optional)." Looks like it is a choice for the manufacturer of the device from 128-bit to 256-bit." This doesn't necessarily specify which version of Android these specs are for.

I hope this helps you. I extrapolated this information from the links I posted, feel free to read for your self. Again this is a pretty hard comparison to make. Apple keeps the majority of these details secret (for obvious reasons) and it seems the same goes for Google and Android. Also, another thing to consider when it comes to Android is that all the different OEM's have different skins, and they may have different encryption and security measures.

 

[swordfish5736]

Passcodes/Touch ID and encryption are two entirely different things. Apples and zebras.

Data protection is available for devices that offer hardware encryption, including iPhone 3GS and later, all iPad models, and iPod touch (3rd generation and later). Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments, and third-party applications.

https://support.apple.com/en-us/HT202064

 

[QuickDraw]

I found
https://www.techdirt.com/articles/2...ters-iphone-to-create-new-backdoor.shtml#c851

quite insightful in regards to unlock key and actual encryption key stored on the devices secure enclave.