I’ve played with Device Administration API on my Pandaboard and it seems that setStorageEncryption method produces no effect, despite status returned by getStorageEncryption is TRUE.
In case of Panda board the application internal storage is physically placed somewhere on the removable flash card (it doesn’t have any other flash storage). So i did the following:
- Call setStorageEncryption(true) (DeviceAdminSample.java from ApiDemos example).
- Verify that the encryption is active by calling getStorageEncryption, getStorageEncryptionStatus and save an example file on internal storage.
if (mDPM.getStorageEncryption(mDeviceAdminSample)) {
string = "TRUE Encryption";
}
FileOutputStream fos = null;
fos = openFileOutput("hello_file.txt", Context.MODE_PRIVATE);
fos.write(string.getBytes());
fos.close();
-
Extract the SD card from the Pandaboard, put it into the card-reader and copy the whole content to my PC
sudo dd if=/dev/sdc of=~/workspace/flash_card.bin
-
try to find the string:
$ grep -Ubo –binary-files=text ‘TRUE Encryption’ ~/workspace/flash_card.bin
583576877:TRUE Encryption
As it found the string i make a conclusion that no encryption is in place.
Does actually setStorageEncryption enables the encryption or it only requests encryption or in other words “declares your intent” to have the storage encrypted?
I believe you have to call following code additionally:
It’s taken from device admin sample.