ANALYSIS OF TECHNICAL FEATURES OF IMPLEMENTING DATA ENCRYPTION ON SD CARDS IN ANDROID
DOI: 10.31673/2409-7292.2025.016526
DOI:
https://doi.org/10.31673/2409-7292.2025.016526Abstract
The article investigates the mechanisms of data encryption on removable media in the Android operating system. A
detailed analysis of two main approaches to information protection is carried out: file-based encryption when using an SD card
as a removable media (Portable Storage) and full-disk encryption when using a memory card as an extension of the device's
internal memory (Adoptable Storage). The technical features of the implementation of these methods are investigated, including
the encryption algorithms used, the structure of encrypted data, and key storage mechanisms. As a result of the study, it was
found that for full-disk encryption, the dm-crypt kernel module is used in plain mode with the AES-256-CBC-ESSIV: SHA256
cipher, and for file-based encryption, the eCryptFS kernel module is used. The locations of encryption keys are determined and
the structure of encrypted data for both methods is analyzed. It was found that when using the Adoptable Storage mode, more
comprehensive data protection is provided due to full-disk encryption, while the Portable Storage mode with per-file encryption
provides greater flexibility in use, but may be less secure due to the ability to analyze the file system structure and file metadata.
Special attention was paid in the study to the analysis of the data encryption and decryption processes in each of the
modes. It was found that the Portable Storage mode uses a per-file encryption system that creates a unique encryption key (File
Encryption Key, FEK) for the file, which in turn is encrypted by the user's master key. In this case, the encrypted data is stored
together with metadata containing information about the encryption algorithms used and other parameters. The Adoptable
Storage mode uses full-disk encryption, which creates a single encryption key for the entire partition stored in the protected area
of the device's internal memory.
The study also found that the implementation of encryption mechanisms may differ depending on the device
manufacturer and the version of the Android operating system, which creates additional difficulties when analyzing data security
on removable media. In particular, differences were found in the implementation of encryption key storage mechanisms and the
organization of the structure of encrypted data in different device manufacturers.
The issue of security of encryption key storage and the possibility of their compromise was considered separately. It was
found that when using the Adoptable Storage mode, encryption keys are stored in a protected area of the device's memory,
access to which is possible only with root rights. This provides an additional level of protection, but at the same time creates
risks when an attacker obtains elevated access privileges to the system.
The results of the study are of practical importance for understanding the level of data security when using different
modes of operation with removable media in the Android system and can be used to improve existing information protection
mechanisms. The data obtained can also be useful in developing recommendations for the safe use of removable media and in
conducting a security audit of mobile devices.
Keywords: Android, data encryption, removable media, SD card, Portable Storage, Adoptable Storage, dm-crypt,
eCryptFS, information security, cryptographic protection.
References
1. Android Open Source Project. Traditional storage | Android Open Source Project. Android Open Source
Project. URL: https://source.android.com/docs/core/storage/traditional (date of access: 27.12.2024).
2. Android Open Source Project. Adoptable storage | Android Open Source Project. Android Open Source
Project. URL: https://source.android.com/docs/core/storage/adoptable (date of access: 27.12.2024).
3. What happened to Android's adopted storage option що ви можете зробити SD card як internal storage space?
My S10 Plus мав upgrade до Android 12 і я не можу це зробити. Quora. URL: https://www.quora.com/What-happenedto-Android-s-adopted-storage-option-that-allowed-you-to-mount-the-SD-card-as-internal-storage-space-My-S10-Plushad-an-upgrade-to-Android-2-wh 12.2024).
4. Linux Kernel Organization, Inc. WHAT IS Flash-Friendly File System (F2FS)? - The Linux Kernel
documentation. Linux Kernel Documentation – Linux Kernel Documentation. URL: https://docs.kernel.org/
filesystems/f2fs.html (date of access: 29.12.2024).
5. Linux Kernel Organization, Inc. ext4 Data Structures and Algorithms – Linux Kernel documentation. Linux
Kernel Documentation – Linux Kernel Documentation. URL: https://docs.kernel.org/filesystems/ext4/index.html (date of
access: 29.12.2024).
6. Kirkland D. eCryptfs. eCryptfs. URL: https://www.ecryptfs.org/ (date of access: 29.12.2024).
7. Euresys sa eCryptfs Header. Euresys Documentation. URL: https://documentation.euresys.com/Products/
PICOLO_NET_HD1/PICOLO_NET_HD1/en-us/Content/encrypted-media-storage/ecryptfs-header.htm?TocPath=
Resources|Encrypted%20Media%20Storage|_____2.
8. Linux Kernel Organization, Inc. Натиснуті клавіші для файлу eCryptfs - The Linux Kernel documentation.
Linux Kernel Archives. URL: https://www.kernel.org/doc/html/v4.17/security/keys/ecryptfs.html (date of access:
29.12.2024).
9. Cryptsetup/cryptsetup GitLab. GitLab. URL: https://gitlab.com/cryptsetup/cryptsetup (date of access: 29.
12.2024).
10. Kerrisk M. dmsetup(8) - Linux manual page. Michael Kerrisk – man7.org. URL: https://man7.org/linux/manpages/man8/dmsetup.8.html (date of access: 29.12.2024).
11. POQDavid. How to decrypt and split adopted storage?. XDA Developers URL: https://xdaforums.com/t/howto-decrypt-and-split-adopted-storage.3383666/ (date of access: 29.12.2024).
