Analyzing Android's File-Based Encryption

Beitrag bei einer Tagung

Details zur Publikation

Autorinnen und Autoren: Groß T, Ahmadova M, Müller T
Jahr der Veröffentlichung: 2019
Tagungsband: Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019)
Sprache: Englisch


We investigate the amount of information leakage through unencrypted metadata in Android’s file-based encryption(FBE) which was introduced as an alternative to the pre- viously dominating full-disk encryption (FDE) in Android 7.0. We propose a generic method, and provide appropriate tool- ing, to reconstruct forensic events on Android smartphones encrypted with FBE. Based on a dataset of 3903 applications, we show that metadata of files can be used to reconstruct the name, version and installation date of all installed apps. Furthermore, we show that, depending on a specific app, information leakages through metadata can even be used to reconstruct a user’s behavior. For the example of WhatsApp, we show that the point of time a user sent or received her last message can be traced back even though the phone was encrypted. Our approach requires access to the raw data of an encrypted disk only but does not require access to a powered-on device or the bootloader, such as known attacks against FDE including cold boot and evil maid. We conclude that FBE is significantly more insecure than FDE and was presumably elected for usability reasons like direct boot.

FAU-Autorinnen und Autoren / FAU-Herausgeberinnen und Herausgeber

Groß, Tobias
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)
Müller, Tilo Dr.-Ing.
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)


Groß, T., Ahmadova, M., & Müller, T. (2019). Analyzing Android's File-Based Encryption. In Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019). Canterbury, United Kingdom.

Groß, Tobias, Matanat Ahmadova, and Tilo Müller. "Analyzing Android's File-Based Encryption." Proceedings of the International Workshop on Security of Mobile Applications (IWSMA 2019), Canterbury, United Kingdom 2019.


Zuletzt aktualisiert 2019-16-07 um 08:40