One X. Is your data secure?

XDAgeek · 9th April 2012, 07:01 PM

One X. Is your data secure?

All my previous phones have had removeable storage by way of an SD or MicroSD card.

This means that when my phone develops a bad fault and needs to go back to the suppliers for repair, I can simply remove the data card, and all my personal data, medical records, business critical data, etc are safely kept at my place, and not exposed to some little eejit at the repair shop.

With the One X, the data is stored on 'internal' storage, and cannot be removed. What happens when a fault means I cannot boot the phone and delete the sensitive data?

There are unconfirmed suggestions that the internal storage is Linux EXT4. Is the user data encrypted on this device based on user security password, rendering it not available to prying eyes, and only available to the designated user.

Or did no-one at HTC bother thinking about this?

Could be a show stopper for many corporates, and individuals.

Regards,
XDAgeek

Bruc3h · 9th April 2012, 07:09 PM

I've just had a look at the settings and there's an option for internal storage encryption which requires a pin to be entered each time the device is powered on.

Sent from my HTC One X using XDA

XDAgeek · 9th April 2012, 07:16 PM

Aha! Good spot!

I wonder if the system take a performance hit using this option...

Off to do some tests.

Regards,
XDAgeek

XDAgeek · 9th April 2012, 08:02 PM

Obviously this is a useful option, but it does warn that there is no unencrypt option, apart from to factory reset the phone and install everything again.

Having just installed everything nicely on my phone, I think I will skip this option for now in case it causes any performance hit on the phone. I will test it one day when I need to rebuild anyway.

drewy · 9th April 2012, 10:45 PM

tbh if you are sending a phone in for repair I'd advise a factory reset regardless of whether you've got a removal sd card. Not everything gets stored on the sd card.

XDAgeek · 9th April 2012, 11:09 PM

tbh, you aint thought this through have you.

How you gonna do this factory reset on your phone which will no longer start up at all, even into recovery mode, which was my initial premise for sending it back to repair?

Bigmille · 9th April 2012, 11:53 PM

I would keep all personal data in Dropbox, then unlink the device through Dropbox website if the phone will not boot and you need to send it back for repair.
Google doc, vpn are another possible solutions.

XDAgeek · 01:14 PM

As it happens my One X developed an intermittent screen fault (looked like a VRAM corruption problem) so I have just had the unit swapped.

So while I have a new machine which has not been set up yet, I took the opportunity to do the data storage tests I suggested yesterday. Here are my findings.

Using a data set of 93 files, 5 folders 2.67GB mix of tiny (5KB), medium (8Mb) and large files (2GB), I performed timed copies to/from the internal phone storage, with the storage in standard FAT32 format and secondly in encrypted FAT32 format. Here are the timings:

Copy to Fat32 5:36 (Mins:secs)
Copy from Fat32 2:48

Copy to encrypted 5:19 5% gain
Copy from encrypted 2:32 10% gain

So the interesting thing is that the encrypted storage performs better. Possibly the encrypted data is compressed somewhat, so there is a speed gain as less data needs to be written to flash storage.

But maybe it also causes a battery hit as more work has to be done encrypting/decrypting the data all the time. I have not been able to test this last suggestion.

Note that encrytped format is still FAT32 and therefore still will not accept files greater than 4GB in size.

One drawback to running encryted is that you are forced to enter a pin or password at each unlock. You cannot turn that off with encryption enabled.

Regards,