53
submitted 1 year ago by MishaalRahman to c/android
you are viewing a single comment's thread
view the rest of the comments
[-] MishaalRahman 11 points 1 year ago

Let me know if you have any feedback about this article 😁

[-] winterpeacock@discuss.tchncs.de 5 points 1 year ago

I don’t know the exact reason why Android requires the primary user to enter their PIN/password before any other user can log in, but it may be due to the fact that the primary user is also the “system” user which is “always running even when other users are in the foreground.

Full disk encryption?

[-] MishaalRahman 6 points 1 year ago

Android hasn't used FDE for a couple of years now. File Based Encryption (FBE) has been required instead since Android 10. With FBE, each user has their own credential encrypted storage location for apps, which are encrypted with the credential from that particular user. (I verified this while testing. When you boot and unlock the primary user, other users data at /data/user/{id} is still encrypted until you unlock them.)

[-] winterpeacock@discuss.tchncs.de 0 points 1 year ago

Maybe there are other system files required that are encrypted with the primary user credentials

[-] MishaalRahman 2 points 1 year ago

There might be, though I couldn't find any. I poked around /data on a rooted Pixel that had just booted but hadn't had its primary user unlocked yet, and I was able to access most files in /data/system still.

[-] someone_secret@burggit.moe 1 points 1 year ago

Pretty much my thoughts, yes.

In order for the FDE to have any usefulness, the key has to be derived from a secret that only the user of phone knows (I.e. a secret PIN, password or pattern)

[-] MishaalRahman 3 points 1 year ago

Android devices stopped using FDE a while back. In fact, support for FDE was removed entirely in Android 13.

[-] someone_secret@burggit.moe 1 points 1 year ago

Sorry, but that's not true. While technically true, that full disk encryption doesn't exist anymore, they use file based encryption which, functionally, is the same thing. Source: https://www.androidauthority.com/how-to-encrypt-android-device-326700/

[-] MishaalRahman 4 points 1 year ago* (last edited 1 year ago)

File based encryption is not functionally "the same thing". The AOSP documentation explains how FBE works much more accurately.

this post was submitted on 09 Jul 2023
53 points (96.5% liked)

Android

17720 readers
68 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS