Blame - src/security/encryption/index.jd - platform/docs/source.android.com

blob: 4e154954201b1202ab665ae847ca6b236fe74814 [file] [log] [blame]

Danielle Roberts	a136b01	2016-07-13 19:48:03 -0700	[diff] [blame^]	1	page.title=Encryption
Robert Ly	35f2fda	2013-01-29 16:27:05 -0800	[diff] [blame]	2	@jd:body
				3
				4	<!--
Clay Murphy	32285dd	2014-03-12 12:15:00 -0700	[diff] [blame]	5	Copyright 2014 The Android Open Source Project
Robert Ly	35f2fda	2013-01-29 16:27:05 -0800	[diff] [blame]	6
				7	Licensed under the Apache License, Version 2.0 (the "License");
				8	you may not use this file except in compliance with the License.
				9	You may obtain a copy of the License at
				10
				11	http://www.apache.org/licenses/LICENSE-2.0
				12
				13	Unless required by applicable law or agreed to in writing, software
				14	distributed under the License is distributed on an "AS IS" BASIS,
				15	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				16	See the License for the specific language governing permissions and
				17	limitations under the License.
				18	-->
Clay Murphy	32285dd	2014-03-12 12:15:00 -0700	[diff] [blame]	19
Clay Murphy	5e411e6	2014-10-14 12:44:54 -0700	[diff] [blame]	20	<div id="qv-wrapper">
				21	<div id="qv">
				22	<h2>In this document</h2>
				23	<ol id="auto-toc">
				24	</ol>
				25	</div>
				26	</div>
				27
Clay Murphy	5e411e6	2014-10-14 12:44:54 -0700	[diff] [blame]	28	<p>
Danielle Roberts	a136b01	2016-07-13 19:48:03 -0700	[diff] [blame^]	29	Encryption is the process of encoding all user data on an Android device using
				30	symmetric encryption keys. Once a device is encrypted, all user-created data is
				31	automatically encrypted before committing it to disk and all reads automatically
				32	decrypt data before returning it to the calling process. Encryption ensures that
				33	even if an unauthorized party tries to access the data, they won’t be able to
				34	read it.
Paul Lawrence	707f7ef	2014-05-20 11:00:23 -0700	[diff] [blame]	35	</p>
Danielle Roberts	a136b01	2016-07-13 19:48:03 -0700	[diff] [blame^]	36	<p>
				37	Android has two methods for device encryption: full-disk encryption and
				38	file-based encryption.
				39	</p>
				40	<h2 id=full-disk>Full-disk encryption</h2>
				41	<p>
				42	Android 5.0 and above supports <a href="full-disk.html">full-disk encryption</a>.
				43	Full-disk encryption uses a single key—protected with the user’s device password—to
				44	protect the whole of a device’s userdata partition. Upon boot, the user must
				45	provide their credentials before any part of the disk is accessible.
				46	</p>
				47	<p>
				48	While this is great for security, it means that most of the core functionality
				49	of the phone in not immediately available when users reboot their device.
				50	Because access to their data is protected behind their single user credential,
				51	features like alarms could not operate, accessibility services were unavailable,
				52	and phones could not receive calls.
				53	</p>
				54	<h2 id=file-based>File-based encryption</h2>
				55	<p>
				56	Android 7.0 and above supports <a href="file-based.html">file-based encryption</a>.
				57	File-based encryption
				58	allows different files to be encrypted with different keys that can be unlocked
				59	independently. Devices that support file-based encryption can also support a new
				60	feature called <a
				61	href="https://developer.android.com/preview/features/direct-boot.html">Direct
				62	Boot</a> that allows encrypted devices to boot straight to the lock screen, thus
				63	enabling quick access to important device features like accessibility services
				64	and alarms.
				65	</p>
				66	<p>
				67	With the introduction of file-based encryption and new APIs to make
				68	applications aware of encryption, it is possible for these apps to operate
				69	within a limited context. This can happen before users have provided their
				70	credentials while still protecting private user information.
				71	</p>