Article Lead Image

Photo via Google

Android 7 boasts new encryption features as the Crypto War soldiers on

Android 7.0 pushes easy-to-use encryption further into the mainstream.

 

Patrick Howell O'Neill

Tech

Posted on Aug 24, 2016   Updated on May 26, 2021, 4:49 am CDT

Not too long ago, the idea of smartphone encryption set off a global debate

Now, with the release of Android 7.0, the rise of secure messaging apps, and a public awakening on cyberspying, encrypting your chats and data is easier than ever—encryption is a now marketable selling point for the world’s tech giants—even as the political controversy heats up once more.

A year after the 2013 Edward Snowden intelligence leaks lit a political fire around spying and privacy, the American tech giants Apple and Google added full-disk encryption to iPhones and Android devices. Police, intelligence agencies, governments, criminals, hackers, and all sorts of prying eyes around the globe would be increasingly locked out of the ubiquitous device that knows so much about us all.

Despite threats of banning strong encryption voiced from capitals on virtually every continent, Google announced this week expanded encryption features on the upcoming Android 7.0, including default encryption of emails and text messages when stored locally on your phone.

Google’s new chat app Allo comes with an incognito mode boasting end-to-end encryption. The Mountain View tech giant partnered with Open Whisper Systems to develop the feature built on top of the technology that powers Signal and WhatsApp, widely considered two of the best secure communication options available today. 

On Apple devices, users also have secure options like iMessage and FaceTime.

Why are these considered some of the best secure apps around? They’re safe and, just as important, extremely easy and popular to use. Secure communication is pretty useless if layman Johnny—and 99 percent of the population with him—can’t encrypt because it’s too damn hard to do so.

Easy and secure messaging apps:

  • Signal, the gold standard
  • WhatsApp, popular and powerful
  • iMessage, iOS’s secure default messenger
  • Allo, Google’s upcoming app to keep an eye on.

The new generation of secure apps and features are not exactly perfect—you should mess with WhatsApp’s default settings to increase security, for example—but they effectively replace old and nearly impossible tools that virtually no one could be bothered to use because the software required insane expertise and effort.

“It’s good if we make it easier for people to use encryption,” says Brendan Dolan-Gavitt, an assistant professor and security specialist at New York University’s school of engineering, “because there’s not necessarily direct correlation between people who need strong encryption and people who are good at using obscure tools made by people who are not user interface designers.”

He adds: “People who need encryption are people who live under oppressive regimes or people trying to not be stalked by their crazy ex-boyfriends. It’s not good to require these people to need a computer science degree to stay safe.”

When you compare and contrast all the popular new secure messaging apps, Signal has best overall security, according to Nicholas Weaver, a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California. 

“It’s about giving people who previously didn’t have a way to have private and anonymous communications with anyone they like the ability to do so.”

“But it has some minor usability issues because when they have a choice between usability and security, they bias toward security,” he says.

By opening open the technology to other companies like Facebook (which owns WhatsApp) and Google (which is behind Allo), the developers Open Whisper Systems allow more minds to try new approaches to the same problem: more secure chat for us all as easily as possible.

Over 1 billion people now use the tech behind Signal. If apps like Allo and other similar efforts succeed, that number is set to rise.

The future of security and encryption isn’t so simple to divine. In Europe, French and German administrations are pushing once more for backdoors into encrypted communications. In the U.S., the question of encryption is poised to rise again once Congress comes back into session this fall.

“It’s just code you can run it on your modified Android phone and get strong encryption if you really want it,” Dolan-Gavitt says. “I don’t practically see how it can be prevented. And attempts to do so will mean that people with good intentions won’t be able to, and people with bad intentions will.”

The vast consensus of technologists agrees that preventing strong encryption either through mandated backdoors or outright bans will weaken both the security and privacy of internet users around the world.

Encrypted communications are becoming easier and more accessible to the billions of smartphone users who were never going to use old, clunky, and labyrinthine programs like Pretty Good Privacy (PGP) that promised a lot but captured so few.

With even the best PGP setups, “it’s still fairly easy to screw up,” Weaver argues. But the new generation of secure mobile and desktop apps like Signal, WhatsApp, iMessage, and soon Allo are meant to make security way easier.

“You don’t have a choice, you just always get the best security,” Weaver say. “Because the security doesn’t add any cognitive burden. That’s what’s needed in the real world, where you don’t think about security, you just use the system, and it was designed from the start to be secure and usable.”

File-based encryption is also included in the new version of Android, in addition to full-disk encryption of the entire phone, to better support security among multiple users on phones.

These improved encryption features are part of an overall security upgrade to Android. 

Security experts agree that the world’s most popular operating system still lags behind Apple’s iOS when it comes to security—due in large part to the fact that Apple tightly controls the entire hardware and software ecosystem while Google does not—but Google’s offering, along with the entire mobile landscape, is advancing.

In 2015, a research paper was published called “The Moral Character of Cryptographic Work” by Phillip Rogaway, a professor of computer science at the University of California, Davis.

“He points out that cryptography is one area of computer science that has a moral and political dimension,” Dolan-Gavitt explains, “because it’s about rearranging power.”

As a computer science discipline, cryptography is about giving power to the powerless. Even as a marketing tool, that fact remains.

“It’s about giving people who previously didn’t have a way to have private and anonymous communications with anyone they like the ability to do so,” Dolan-Gavitt said.

Contact the author: Patrick Howell O’Neill, pat@dailydot.com

Share this article
*First Published: Aug 24, 2016, 1:04 pm CDT