Android Encryption - speed / performance impact?

Sumanji

Sumanji

Sumanji

Soldato
Joined
12 Mar 2003
Posts
8,351
Location
USA
Hey,

Do any of you guys run full disk encryption on your Android devices?

If so, what's the performance impact like? Does it make the device feel more sluggish / laggy?

I'm particularly interested on devices from a couple of generations ago (GS3, HOX, HOS etc.).

Cheers,

Su
 
I've done this on a few test devices for potential customers but never long term. The issue for Android is that the NAND write speed of nearly all devices sucks rather than the overhead of the encryption slowing it down so it's not too much of an issue although there are no H/W implementation SoCs right now (I think). The phones you've named arn't quite the same generation, a HOS=S3 (within limits) but a HOX is a fair bit better.

I'd double check you need to do it, the device itself won't unlock external mounting via USB without a PIN so really all you need is that unless you're in defense/medical etc... where you have a more stringent policy.

Is there a specific application here? Work phones or something?
 
Hey,

Basically I have a Moto RAZR HD, which is bootloader unlockable, and I want to run CM11 on it. However, there is no way to relock the bootloader, so if the device is stolen, all the data on it is there for the taking. I am running CM11 on my Nexus S, but since it is a Nexus device, the bootloader is easy to unlock and relock. So after installing CM11, I reverted to stock recovery and relocked the bootloader, which makes it just as secure as a stock device (root is also disabled).

Ok, so I'm not exactly carrying the nuclear launch codes on my mobile phone :p but it would be nice to have an insurance policy to protect my personal data if the worst were to happen.

But I basically want to know what sort of performance impact to expect from FDE... and yeah I noticed that Android devices have pretty crappy write speeds which is annoying...

Cheers,

Su
 
^ Exactly...

Unlocked bootloader means an "attacker" can flash a custom recovery (if you haven't already), make a dump of all the data on the phone, and then... who knows what :p

Only FDE can provide any level of protection against this.
 
Nicked phones in the majority are immediately turned off, SIM removed and then either sold on or send to a middleman who wipes and exports them. The chances of them spending time to do the above (unless it's a targeted attack) are extremely slim.
 
Very true... but it doesn't take a genius to figure out potentially how much more valuable the actual data is than the device itself.

Better safe than sorry!
 
Running my blade 5 encrypted (compulsory for work access) don't seem to make much difference to performance.
 
You must log in or register to reply here.
Back
Top Bottom