Analyzing Android's File-Based Encryption: Information Leakage through Unencrypted Metadata.

We investigate the amount of information leakage through unencrypted metadata in Android's file-based encryption (FBE) which was introduced as an alternative to the previously dominating full-disk encryption (FDE) in Android 7.0. We propose a generic method, and provide appropriate tooling, to reconstruct forensic events on Android smartphones encrypted with FBE. Based on a dataset of 3903 applications, we show that metadata of files can be used to reconstruct the name, version and installation date of all installed apps. Furthermore, we show that, depending on a specific app, information leakages through metadata can even be used to reconstruct a user's behavior. For the example of WhatsApp, we show that the point of time a user sent or received her last message can be traced back even though the phone was encrypted. Our approach requires access to the raw data of an encrypted disk only but does not require access to a powered-on device or the bootloader, such as known attacks against FDE including cold boot and evil maid. We conclude that FBE is significantly more insecure than FDE and was presumably elected for usability reasons like direct boot.