Google Says New ‘Adiantum’ Cryptography Will Bring Storage Encryption to All Android Devices
Google has created a special encryption method for cheaper entry-level smartphones called Adiantum which would be an optional part of Android distributions going forward.
To ensure that all devices are encrypted, Adiantum is an innovation in cryptography, designed to make storage encryption more efficient for devices without cryptographic acceleration, Google wrote in a security blog late on Thursday.
“Adiantum is a new form of encryption that we built specifically to run on phones and smart devices that don’t have the specialised hardware to use current methods to encrypt locally stored data efficiently. Adiantum is designed to run efficiently without that specialised hardware. This will make the next generation of devices more secure than their predecessors, and allow the next billion people coming online for the first time to do so safely. Adiantum will help secure our connected world by allowing everything from smartwatches to Internet-connected medical devices to encrypt sensitive data,” a Google Safety and Security blog post said.
According to another post, low budget Android smartphones do not come with the processing power that is needed to run – Advanced Encryption Standard (AES) – which is the standard storage encryption Android uses.
“Today, Android offers storage encryption using the Advanced Encryption Standard (AES). Most new Android devices have hardware support for AES via the ARMv8 Cryptography Extensions. However, Android runs on a wide range of devices. This includes not just the latest flagship and mid-range phones, but also entry-level Android Go phones sold primarily in developing countries, along with smartwatches and TVs, the Google Security blog post said.
“In order to offer low-cost options, device manufacturers sometimes use low-end processors such as the ARM Cortex-A7, which does not have hardware support for AES. On these devices, AES is so slow that it would result in poor user experience; apps would take much longer to launch, and the device would generally feel much slower. So while storage encryption has been required for most devices since Android 6.0 in 2015, devices with poor AES performance (50 MiB per second and below) are exempt. We’ve been working to change this because we believe that encryption is for everyone,” the post added.
On cheaper Android devices, AES runs very slow, resulting in longer app-launch time, slowing of device and poor user experience.
“Even though Adiantum is very new, we are in a position to have high confidence in its security. In our paper, we prove that it has good security properties,” the post added.
Google added the requirement and facilitation for encryption on most Android devices since 2015, with the roll-out of Android 6.0 Marshmallow.
“Android device manufacturers can enable Adiantum for either full-disk or file-based encryption on devices with AES performance less than or equal to 50MiB per second and launching with Android Pie. Where hardware support for AES exists, AES is faster than Adiantum; AES must still be used where its performance is above 50 MiB/s. In Android Q, Adiantum will be part of the Android platform, and we intend to update the Android Compatibility Definition Document (CDD) to require that all new Android devices be encrypted using one of the allowed encryption algorithms,” Google mentioned.