Android full disk encryption is optional for many versions and not sufficiently safe for high-risk scenarios.
See: https://guardianproject.info/code/sqlcipher/
This is a question of threat model: encrypting data at rest only makes sense if it is done with a key that has enough entropy.
In the case of a messenger this would mean that you have to enter a long password very frequently (considered bad UX by most) and also that some background operations cannot be carried out because of the missing key (equally bad UX, if not worse).
Why not simply rely on the Android KeyStore API to generate high-entropy keys that are stored in hardware and cannot be extracted via software or hardware means.
https://developer.android.com/training/articles/keystore.html
the problem without app-level encryption is, that you have to rely on system-level encryption which is in terms of Android pretty bad. You have to turn off your device to actually have encrypted data and that's not really an option for most of the cases. It holds the encryption key in system memory while turned on and state level attackers just extract that keys with special devices from Cellebrite.
I would prefer a solution similar to SMS Secure, Signal or even Wickr.
It's worth to protect the data on app-level basis if we talk about contacts, chat protocols and similar revealing information (looking at you TSA, german police for asylum seekers and other adversaries...)
Hi.
This issue is very old and I decided to close it (we're trying to clean up our GitHub issues). As far as I know, we don't plan to implement this feature (we rely on Android), but recently we improved client security with passphrase and (for special builds) with the possibility to erase all data if the device is rooted or the passphrase was typed incorrectly many times.
If you think this is still relevant, please open a new ticket.
Cheers,
Most helpful comment
the problem without app-level encryption is, that you have to rely on system-level encryption which is in terms of Android pretty bad. You have to turn off your device to actually have encrypted data and that's not really an option for most of the cases. It holds the encryption key in system memory while turned on and state level attackers just extract that keys with special devices from Cellebrite.
I would prefer a solution similar to SMS Secure, Signal or even Wickr.
It's worth to protect the data on app-level basis if we talk about contacts, chat protocols and similar revealing information (looking at you TSA, german police for asylum seekers and other adversaries...)