One major difference is that it is so much easier to lock yourself out of the desktop TPM chip compared to mobile device security chips because they’re not tightly coupled.
and phones make you use your unlock pin often, so people are forced to remember it. on the other hand windows lets you use a short pin instead of your full account password pretty much forever which results in people forgetting the password completely.
That isnt even the part it is encrypted, the TPM encryption is either “Automatic” or over a password (any length) on startup so far i know it from my work with Bitlocker (tpm 2.0) on windows 10. Idk if this is different on windows 11.
All devices launching with Android 10 and higher are required to use file-based encryption.
To use the AOSP implementation of FBE securely, a device needs to meet the following dependencies:
Kernel Support for Ext4 encryption or F2FS encryption.
Keymaster Support with HAL version 1.0 or higher. There is no support for Keymaster 0.3 as that does not provide the necessary capabilities or assure sufficient protection for encryption keys.
Keymaster/Keystore and Gatekeeper must be implemented in a Trusted Execution Environment (TEE) to provide protection for the DE keys so that an unauthorized OS (custom OS flashed onto the device) cannot simply request the DE keys.
Hardware Root of Trust and Verified Boot bound to the Keymaster initialization is required to ensure that DE keys are not accessible by an unauthorized operating system.
Yeah, nothing important. Just your banking apps, personal documents, photos, government apps, emails, all the services linked to your phone via mobile number, personal chats, work chats, 2fa codes, some other not important stuff. But at least it doesn’t have your games. Unless you play games on your phone, then you are fucked.
Isn’t that what Iphone and Android already do?
One major difference is that it is so much easier to lock yourself out of the desktop TPM chip compared to mobile device security chips because they’re not tightly coupled.
and phones make you use your unlock pin often, so people are forced to remember it. on the other hand windows lets you use a short pin instead of your full account password pretty much forever which results in people forgetting the password completely.
That isnt even the part it is encrypted, the TPM encryption is either “Automatic” or over a password (any length) on startup so far i know it from my work with Bitlocker (tpm 2.0) on windows 10. Idk if this is different on windows 11.
The only phone manufacture that does that is Google with pixel. Any other phone is for my knowledge either “weakly” encrypted or not at all.
Still your Mobile OS isnt just upgrading and encrypting your SD card and main drive. Thats the point.
https://source.android.com/docs/security/features/encryption/file-based?hl=en
Different threat model and usage scenario. See the spilled milk comment.
Huh … I never noticed. Probably because my phone OS never failed to boot, requiring me to pull data off the HDD directly.
Most people don’t have anything of importance on their phones. And the tuning options are almost absent on phones, so it is less problematic bug-wise.
Yeah, nothing important. Just your banking apps, personal documents, photos, government apps, emails, all the services linked to your phone via mobile number, personal chats, work chats, 2fa codes, some other not important stuff. But at least it doesn’t have your games. Unless you play games on your phone, then you are fucked.
No you’re right, nobody has precious photos or videos on their phone 🙄
If they don’t save those photos somewhere else from time to time, it means those photos aren’t that important.
For many, a mobile device is their sole computer, and things of importance to them are stored on it.