Overcoming Android’s Full Disk Encryption Vulnerabilities for Better Application Security


As we know – thanks to Apple’s battle with the FBI over unlocking phones – iPhones running iOS 8 and above automatically enable Full Disk Encryption (FDE) using an encryption key derived from the user’s password. This ultimately means that even Apple cannot gain access to customers’ phones and the data stored within. This is not the case with many of Google’s Android phones. Android smartphones powered by Qualcomm chips store the disk encryption keys in software, leaving them particularly vulnerable to attacks designed to gain access to the device’s keys. A recent Ars Technica article – Android’s full-disk encryption just got much weaker – here’s why – summarized this encryption flaw:

Privacy advocates take note: Android’s full-disk encryption just got dramatically easier to defeat on devices that use chips from semiconductor maker Qualcomm, thanks to new research that reveals several methods to extract crypto keys off of a locked handset. Those methods include publicly available attack code that works against an estimated 37 percent of enterprise users.

whiteCryption designed Cryptanium for application developers who need to add tamper resistance and self-defense mechanisms to apps running in threat-rich environments, such as Android. The company’s secure white-box cryptography library protects cryptographic keys embedded within application code and software. Cryptanium is a powerful tool in the app developer arsenal, especially for those writing modern software apps that contain sensitive information. whiteCryption provides:

  • Enterprise-level solutions that add a layer of protection to help avoid limitations and risks involved with conventional application security.
  • High security solutions that deliver the next level of obfuscation, self-defense and tamper-resistance against piracy.
  • Integrated software code protection and white-box cryptography solutions to protect modern software applications on various platforms.
Cryptanium delivers the next level of obfuscation, self-defense and tamper resistance technology against piracy. Why wait for the bad press, angry customers and loss of revenue associated with a successful attack?