...
The only approved encryption method for iOS devices at this time is the built-in whole disk encryption that is provided with iOS 4 running on a supported device, with data protection enabled. Data protection allows for applications to protect application specific data with a unique encryption key derived from the user's passcode. Without this, application data could be accessed with a simple jailbreak. If the device originally shipped with iOS 3 (e.g. the iPhone 3GS, iPad, and iPod Touch), data protection will not be enabled until the device is restored after upgrading to iOS 4. Older devices, such as the iPhone 3G, do not support data protection or hardware encryption and as such, there is no approved encryption method for them.
To verify that data protection is enabled:
1. Tap Settings.
2. Tap General.
3. Tap Passcode Lock.
4. "Data protection is enabled" should be displayed at the bottom of the screen.
If data protection is not enabled, enable it by setting a passcode on the device:
1. Tap Settings.
2. Tap General.
3. Tap Passcode Lock.
4. Tap in a passcode.
5. Tap in the same passcode.
It is important to understand that applications must be specifically designed to utilize data protection. Do not store or use sensitive data with applications that do not make use of data protection. More information regarding this feature is available on Apple's site at iOS 4: Understanding data protection.
It is strongly advised that, in addition to enabling data protection, all iOS users read the Apple iOS Hardening Checklist and follow all of the recommendations therein.
...
| Anchor | ||||
|---|---|---|---|---|
|
Google Android devices
Android does not have any native tools to encrypt either user data or the device. Some third party applications and services, such as TouchDown, Good for Enterprise, and Trust Digital, can provide limited encryption functionality for Exchange data. Other applications can offer encrypted storage containers. This fragmented, piecemeal approach to data protection could be cumbersome for users and would be difficult to verify for audit and compliance purposes. At this time, due to the fact that there is no native device encryption available and that the ISO is unfamiliar with third party offerings, there are no approved encryption methods for Android devices. Departments wishing to support Android users should contact the ISO at security@utexas.edu to discuss their plans to protect university data that will be stored on or accessible with the devicesDevices running Android 4.0 (Ice Cream Sandwich) or above for smartphones, Android 3.0 (Honeycomb) or above for tablets are supported. Workarounds exist for some devices running Android 2.3.4 (Gingerbread). Earlier versions of Android do not support native encryption.
The only approved encryption method for Android devices is the native device encryption. Device encryption will encrypt all user data including application data such as emails, contacts, sms and downloaded files.
To enable device encryption:
- Make sure you have a lockscreen PIN or password set.
- Plug in device charger.
- Go to Settings.
- Click Security.
- Click Encrypt phone.
- Read the warnings, then click the Encrypt phone button to start encryption.
Copyright © 2001-2011 Information Technology Services. All rights reserved.