Much has been written about the massive fight between the FBI and Apple over encryption in the high-profile San Bernardino shooting case. Apple has won the battle for the time being, though the FBI has managed to break into the phone without Apple’s help. What’s more, the Bureau will soon help hack into other iOS devices that law enforcement agencies across the country want to unlock.
Can the FBI do the same thing with Android devices?
Working with the assumption that the FBI would have to crack an encrypted Android device, computer science experts from the North Caroline State University penned an essay on Mashable that explains how the procedure would work. Their conclusions seem to indicate that there’s no clear answer. As long as the user enables a password lock for an Android device and encrypts the contents, including microSD card data, the Android device in question may be as brute-force resistant as the iPhone.
Brute-forcing is a procedure used by forensics teams and hackers to try to guess a PIN or password code. On the iPhone, the more wrong PINs you enter, the longer you have to wait between tries. Furthermore, if the phone’s owner enabled data wipe protection, the phone will wipe itself clean after a 10th failed attempt.
On Android, there’s no delay between failed entries, but the device erases the data automatically after 30 to 40 unsuccessful attempts to bypass lock screen security.
That said, there are multiple factors that might weaken security on Android. Using custom apps that can write code on an Android phone that’s managed by a third party, taking advantage of rooted devices, using an image to fool the fingerprint sensor, or just removing an unencrypted microSD card from the device might be sufficient to retrieve some data from an Android phone.
Also, because there might be more players controlling (signing) an Android release, including Google, the device maker and the wireless carrier, the FBI might have more leeway when it comes to finding a partner that’s not as stubborn as Apple.
It’s worth noting that Google is one of the companies that filed an amicus brief in support of Apple in the San Bernardino shooting, and it has since announced additional means of improving user data protection with the help of encryption.