. Does hold the decryption keys in RAM after it's locked? Source: securephones.io/#Chx1.p4 particularly the point about "Limited benefit of encryption..." Can this be fixed or is it an architectural problem with Android? News story:
Conversation
See grapheneos.org/faq#encryption. It's not an architectural limitation of Android. It's a limitation of the device being able to function when locked.
The end session feature can be used to logout of a secondary profile and purge the keys from memory and hardware.
Filesystem-based encryption allows Android to provide per-user-profile encryption keys. That enables support for ending the session of profiles, at least for secondary profiles. Ending the owner profile session without reboot would be possible but it'd basically be a soft reboot.
1
1
Ending the owner profile session would have to end all other sessions, soft reboot the OS and then purge the keys. It's semantically the same as rebooting, but it would be non-trivial to implement correctly. End session for secondary profiles is far more useful and works already.
1
Show replies
Ah ok very interesting, thank you. I have been using GrapheneOS and supporting you on GitHub for about 6 months now and everything works great. Thank you. Love your work😀
1