zebra tc 75 -> file encryption setting ?

zebra tc 75 -> file encryption setting ?

Hello all,

we work with mobicontrol on version v13.3.0.3454

We have a zebra TC 75 with mobicontrol agent on version : 13.5.0 build 1677 (android 6.0)

 

on this device, we have one app who create a database sql lite.

I'd like to encrypt file.

 

On profile, i've found an option : file encryption

I would like to know how it's works ?

Because, sorry perhpas my understand is bad but as i can understand with this option (file encryption) mobiControl make the Job ?

Encrypt data for us.

But when i try my data is always readable ...

 

For to do that, i create a profile add authentification with password, add file encryption -> install this profile.

Run my app -> starts app -> create db sql lite

i export my database sql lite with usb cable but my datas is always on clear ..

 

Something is wrong ..

 

thanks for all

3 Answers

Order By:   Standard | Newest | Votes
christopheBERNARD | posted this 28 January 2019

Hello all,

any idea about this ?

 

After profile is apply, I see on the log this :

Custom log : device is encrypted with a default key. require password at startup for more secure encryption.

 

thanks

  • 0
  • 0
Raymond Chan | posted this 28 January 2019

You personally must be an iOS disciple all your life and have never used an Android device before.  There is absolutely no problem with  Soti's "file-encryption"  option at all.  The problem is in your wrong interpretation and expectation of system-level  file encryption defined by Google for all Android devices.

 

With the way you do your test, you of course will always read the file unencrypted.  Your device firmware decrypt all internal file on-the-fly  transparently before it is copied to some other device/place via any wireless/wire-line connections

 

If you enable file-encryption option for external (i.e. SD- card), insert a new SD-card, and there should be prompt to device end-user to go to Settings and initiate encryption of the SD card.  After that, all subsequent write operation to the SD-card file-system will be encrypted.   If you put the SD card into another device, you won't be able to read the plain file content.  (If your SQlite database is stored in this SD-card, your app can access the database normally on this phone. But if you install the app in another device and put the SD card on that device, you will find that the app cannot read the database).

 

The internal (i.e. flash) file-system is always encrypted by default for Android 6+ and any Android Enterprise devices, thus whether or not you enable internal "file-encryption" option in MobiControl for these devices make no real difference.  Some Android 6+ firmware versions of selected OEM brands allow end-user to select if there is any need to input the encryption password before the kernel boot.  For these kind of devices, setting  MobiConrol"internal file-encryption" option ON while the device is configured to skip the password input before kernel boot can potentially trigger MobiControl alert (I am not sure if all brands/models will work this way, though).

 

It should be noted that in all the above cases, the actual encryption/decryption are implemented by the device firmware and initiated by the device end-user  (not by MobiControl server or agent), and MobiControl codes only check the encryption status reported by the device kernel and can trigger appropriate alert(s) to be reported back to the server/administrator.

 

This system-level file encryption uses your boot-up/lock-screen password  hashed further by the hardware device to get your device-specific key to decrypt any file transparently on-the-fly.   If you want per-file encryption with end-user selected key different from the boot-up/lock-screen password, they you need to get app-level cryto implementation offered by your app, and this will not be managed/checked/enforced in any way by MobiControl. 

 

  • 2
  • 1
christopheBERNARD | posted this 29 January 2019

Hello Raymond,

thanks for all your comment ...

Heu, no i'm not a child of apple :) I used android since several years but i'm not an expert 

 

in my question, i'm sure my test isn't bad because I used mobicontrol since two years now and all works fine ...

i'm never doubt about mobicontrol i'm just discover some things on android ...

 

really thanks for your clear explanation , it's really appreciated

 

have a nice day

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback