Loading...

android-security-discuss@googlegroups.com

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: [android-security-discuss] Email encryption for Active Sync in ICS Måns Serneke Wed Feb 01 07:25:03 2012

Hi!

Great answer, and just what I wanted to hear!

Thanks /Måns

2012/1/10 Marc Blank <[EMAIL PROTECTED]>:
> The answer here is somewhat nuanced.  ActiveSync can require that the device
> and/or sd card be encrypted, and we enforce those policies in ICS; however,
> ICS does not have the ability to encrypt removable storage (i.e. SD cards).
>  So here's what happens:
>
> 1) In all current versions of ICS (up to 4.0.3), we accept the "encrypt
> device" requirement and reject the "encrypt sd card" in all cases (reject =
> we don't allow the account to be created/synced on device)
> 2) In the next update to ICS, we will also accept "encrypt sd card" if and
> only if the device is encrypted and it has no removable volumes (this is
> true of the Nexus S and Galaxy Nexus); on these devices, all internal
> storage is encrypted when device encryption is enabled.
>
> Having said that, the Email/Exchange application never stores emails other
> than in internal storage; however, user can still choose to save attachment
> files to "sd card" (which may or may not be external) unless, of course, the
> ActiveSync policies are set up to disallow loading of attachments.
>
> Does this make sense?  Sorry if it's complicated, but ... that's how it is!
>
> Marc
>
>
> On Tue, Jan 10, 2012 at 11:34 AM, Brian Carlstrom <[EMAIL PROTECTED]> wrote:
>>
>> +mblank
>>
>>
>> On Tue, Jan 10, 2012 at 1:21 AM, Måns S <[EMAIL PROTECTED]> wrote:
>>>
>>> Hi!
>>>
>>> Being stuck with a third party solution that really works bad at work
>>> (DME) to ensure that all mail messages are stored in an enctypted
>>> format on the phone I wonder a bit about the features in ICS for this.
>>> I need fuel to convice our security manager that ICS really does what
>>> we have DME for, which is to ensure that even if a remote wipe has
>>> been done - no one should be able to read the data from the deleted
>>> local storage on the phone.
>>>
>>> As I understand it ICS offers "full device" encryption, but not for
>>> the SD card? So - are all the emails that you get via Active Sync to
>>> ICS stored to encrypted storage, or is there a possibility for the
>>> user to have their local storage for mail on an unencrypted device
>>> (SD)? Regarding policys as I understand there is more support for
>>> Active Sync commands - can you force the users to use encrypted
>>> storage if they are going to use Active Sync?
>>>
>>> Regards /Måns
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Android Security Discussions" group.
>>> To post to this group, send email to
>>> [EMAIL PROTECTED]
>>> To unsubscribe from this group, send email to
>>> [EMAIL PROTECTED]
>>> For more options, visit this group at
>>> http://groups.google.com/group/android-security-discuss?hl=en.
>>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Android Security Discussions" group.
To post to this group, send email to [EMAIL PROTECTED]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/android-security-discuss?hl=en.