What you need to know about encryption on your phone

Encrypt Everything!

Apps to easily encrypt your text messaging and mobile calls
Apple's mobile operating system has several advantages over its competitors that protect the device from various threats. Also, unlike the other smartphones on this list, much of the Knox platform is behind a paywall. If not, it should read similar to "encrypt device. Many products allow creation of a self-decrypting executable file. Toward the end of , though, the company released Android 5. The Device Root Key a cryptographic key is injected into each Galaxy Note 8 during the manufacturing process and is only accessible in a secure environment known as the Trust Zone.

Share your voice

The Best Encryption Software of 2018

The two main approaches in encryption utilities parallel these options. One type of product simply processes files and folders, turning them into impenetrable encrypted versions of themselves. The other creates a virtual disk drive that, when open, acts like any other drive on your system. When you lock the virtual drive, all of the files you put into it are completely inaccessible. Similar to the virtual drive solution, some products store your encrypted data in the cloud.

This approach requires extreme care, obviously. Encrypted data in the cloud has a much bigger attack surface than encrypted data on your own PC. It really depends on how you plan to use encryption.

If you're not sure, take advantage of the day free trial offered by each of these products to get a feel for the different options. After you copy a file into secure storage, or create an encrypted version of it, you absolutely need to wipe the unencrypted original.

Just deleting it isn't sufficient, even if you bypass the Recycle Bin, because the data still exists on disk, and data recovery utilities can often get it back. Some encryption products avoid this problem by encrypting the file in place, literally overwriting it on disk with an encrypted version. It's more common, though, to offer secure deletion as an option. If you choose a product that lacks this feature, you should find a free secure deletion tool to use along with it.

Overwriting data before deletion is sufficient to balk software-based recovery tools. Hardware-based forensic recovery works because the magnetic recording of data on a hard drive isn't actually digital.

It's more of a waveform. In simple terms, the process involves nulling out the known data and reading around the edges of what's left. If you really think someone the feds? An encryption algorithm is like a black box. Dump a document, image, or other file into it, and you get back what seems like gibberish.

Run that gibberish back through the box, with the same password, and you get back the original. Even those that support other algorithms tend to recommend using AES.

If you're an encryption expert, you may prefer another algorithm, Blowfish , perhaps, or the Soviet government's GOST. For the average user, however, AES is just fine. Passwords are important, and you have to keep them secret, right? With PKI, you get two keys. One is public; you can share it with anyone, register it in a key exchange, tattoo it on your forehead—whatever you like.

The other is private, and should be closely guarded. If I want to send you a secret document, I simply encrypt it with your public key. When you receive it, your private key decrypts it. Using this system in reverse, you can create a digital signature that proves your document came from you and hasn't been modified.

Just encrypt it with your private key. The fact that your public key decrypts it is all the proof you need. PKI support is less common than support for traditional symmetric algorithms. If you want to share a file with someone and your encryption tool doesn't support PKI, there are other options for sharing. Many products allow creation of a self-decrypting executable file. You may also find that the recipient can use a free, decryption-only tool. Right now there are three Editors' Choice products in the consumer-accessible encryption field.

The first is the easiest to use of the bunch, the next is the most secure, and the third is the most comprehensive. AxCrypt Premium has a sleek, modern look, and when it's active you'll hardly notice it.

Files in its Secured Folders get encrypted automatically when you sign out, and it's one of the few that support public key cryptography. CertainSafe Digital Safety Deposit Box goes through a multistage security handshake that authenticates you to the site and authenticates the site to you.

Your files are encrypted, split into chunks, and tokenized. Then each chunk gets stored on a different server. A hacker who breached one server would get nothing useful. Folder Lock can either encrypt files or simply lock them so nobody can access them. It also offers encrypted lockers for secure storage. Among its many other features are file shredding, free space shredding, secure online backup, and self-decrypting files. The other products here also have their merits, too, of course.

Read the capsules below and then click through to the full reviews to decide which one you'll use to protect your files. Have an opinion on one of the apps reviewed here, or a favorite tool we didn't mention? Let us know in the comments. MicroEncryption renders bulk data breach of cloud-stored files impossible. Logon handshake authenticates both user and server. Can share files with guests or other users. Retains previous versions of modified files.

If you forget password or security answers, you lose all access. Can only share entire folders, not files. Encrypted lockers protect files and folders. Can lock files and folders, making them invisible. Many useful bonus features. Product serial number stands in for master password by default. Locked files are not encrypted. Secure backup requires separate subscription. It combines a wide range of features with a bright, easy-to-use interface.

Very easy to use. Handles editing encrypted files. Secure sharing using public key cryptography. Secure online password storage. Can be risky if you don't ensure local security of your PC. Offers 17 encryption algorithms.

Awkward, dated user interface. Each time you boot the device up, the BlackBerry KEY2 takes extra steps to ensure your phone wasn't tampered with. Known as the Hardware Root of Trust , cryptographic keys are injected into the processor to verify the device and to ensure no tampering occurred. These keys are unique to the smartphone and one of the key reasons why the KEYone and hopefully, KEY2 will remain unrooted. This is because on every bootup, each layer of your device is checked for alteration.

From the hardware to the operating system, the KEY2 looks for any modification and will not boot up if any layer doesn't pass inspection. Because the Linux kernel is a craved target for smartphone hacking, BlackBerry hardens the kernel during manufacturing.

BlackBerry signs and verifies each Key2 leaving the factory to ensure that the each phone leaves in the desired state, both its hardware and software. But the hardening process doesn't end after the phone leaves the factory. BlackBerry promises two years of Android monthly security patches which address any new vulnerabilities including any potential compromises to the kernel.

And it's not just Google's security commits — BlackBerry adds their own security patches to address any vulnerabilities found that might specifically compromise their device. Once again, BlackBerry opted for full-disk encryption instead of Android's newer file-based encryption.

While file-based encryption can isolate some files from others, full-disk encryption ensures everything stored on your hard drive from your pictures to the root folder is secured via AES encryption standard.

FIPS is a US government computer security standard used to approve cryptography of hardware and software components. Not all of the KEY2's security enhancements are under the hood; there are some improvements that you can not only see, but interact with.

A great example of this is the Privacy Shade, which obstructs the view of all but a small section of your screen. Especially when using your phone in public, this protect your privacy against those nosey neighbors who can't help but look at your screen. Another great example of this is DTEK. DTEK is the dashboard which allows you to interact with many of the software-based changes implemented by BlackBerry and acts as central hub for your KEY2's security.

DTEK automatically monitors the operating system and apps for any potential risk to your privacy and rates the device's level of integrity using a gauge. If DTEK discovers any privacy risks, it will recommend a course of action which can be performed within the app. The KEY2 introduces a new feature known as BlackBerry Integrity Protection which alerts users of malicious apps performing suspicious behavior such as turning on the microphone in the background. Additionally, users can set up their own triggers for similar unwanted behaviors such as when an app request use of the camera in the background.

For a cliff notes version, when it comes to security and privacy, there is no other smartphone we recommend more. BlackBerry builds the KEY2 from the ground up with security in mind, allowing them to be ahead of their competition.

A majority of the security and privacy features available to the iPhone X come courtesy of iOS. Apple's mobile operating system has several advantages over its competitors that protect the device from various threats.

One example of this is Apple's ability to update all iOS devices much quicker than Google. Because of the open-source nature of Android, OEMs have added skins onto the operating system to diversify their smartphones.

However, these skins make updating devices difficult, as updates normally break some of the skin's features. This allows Apple to test a few devices to make sure updates are compatible, then push it out to the masses. While the majority of Apple products are on the latest firmware, only 0. Another advantage of iOS is how it handles encryption.

While both Android and iOS utilize file-based encryption, Apple's implementation is a much more refined model. These keys are then encrypted by another key that is derived from the user's passcode and the hardware. This second set of keys protects files based on their contents. For files requiring a higher level of security, the keys unlock its content only after the device is turned on and unlocked. For other files, authentication is needed only once to access them. There are four classes of security for these keys, which allows Apple more refined control over file encryption.

Since each app is manually reviewed by a team at Apple, malicious apps have a harder time making it to the App Store. One major point we should note: The reason we chose the iPhone X over the iPhone 8 or 8 Plus is its facial recognition system. Apple has also taken steps to ensure that your Face ID data is as secure as possible. The map of your face is encrypted and stored in the Secure Enclave, an isolated piece of hardware inside of the iPhone X.

With the exception of diagnostic data for Apple support, the Face ID data never leave the device. Apps which use Face ID for authentication are only informed that authentication is successful and aren't allowed access to the data. There's another nice privacy feature that comes along with Face ID.

When someone besides you picks up your iPhone X, any notifications will be blocked, preserving your privacy. However, once the TrueDepth camera authenticates a valid user you , it will reveal the contents.

If you're not willing to pay over a grand after taxes, the iPhone 8 models are almost exactly as secure as the iPhone X, so you can't go wrong either way.

That said, the X is the absolute top-tier Apple phone when it comes to security and privacy. The Samsung Galaxy Note 8 utilizes a similar security offering to the Blackberry suite. Known as Samsung Knox , this security platform provides deep-level protection that combines both hardware and software solutions. Knox's goal is to separate your work environment from your personal environment and provide the necessary protection to isolate each area effectively.

The Galaxy Note 8 achieves this goal using a multitude of features. Similar to Blackberry, it starts with the Hardware Root of Trust. The Device Root Key a cryptographic key is injected into each Galaxy Note 8 during the manufacturing process and is only accessible in a secure environment known as the Trust Zone.

File Encryption, Whole-Disk Encryption, and VPNs

Leave a Reply

Encryption: Each of these phones uses one of two types of encryption: file-based (FBE) or full disk (FDE). File-based encryption is the more effective method of the two, as it allows individual files to be locked with different keys, whereas full disk encryption uses only one key to lock the entire data partition. We believe Folder Lock is the best encryption software overall because it is very secure and easy to use, plus it includes a password recovery feature. It also has extra privacy . Encrypted phone calls and texts are no longer just the domain of the expert or the "bad guy." Gizmag looks at free or inexpensive apps designed to secure your texts and phone calls from man-in-the-middle attacks, provider backdoors, and .