Based upon both market trends and device usage on campus, the ISO has opted to specify approved methods for encrypting Apple, Blackberry, and Android based handheld devices.
Apple iOS devices
Supported devices include the iPhone (3GS or later), iPad, and iPod Touch (3rd generation or later) only, running iOS 4.x or above. Earlier versions of the hardware and operating system software do not support key security features, such as hardware encryption.
The only approved encryption method for iOS devices at this time is the built-in whole disk encryption that is provided with iOS 4 and above running on a supported device, with data protection enabled. Data protection allows for applications to protect application specific data with a unique encryption key derived from the user's passcode. Without this, application data could be accessed with a simple jailbreak. If the device originally shipped with iOS 3 (e.g. the iPhone 3GS, iPad, and iPod Touch), data protection will not be enabled until the device is restored after upgrading to iOS 4. Older devices, such as the iPhone 3G, do not support data protection or hardware encryption and as such, there is no approved encryption method for them.
To verify that data protection is enabled:
1. Tap Settings.
2. Tap General.
3. Tap Passcode Lock.
4. "Data protection is enabled" should be displayed at the bottom of the screen.
If data protection is not enabled, enable it by setting a passcode on the device:
1. Tap Settings.
2. Tap General.
3. Tap Passcode Lock.
4. Tap in a passcode.
5. Tap in the same passcode.
It is important to understand that applications must be specifically designed to utilize data protection. Do not store or use sensitive data with applications that do not make use of data protection. More information regarding this feature is available on Apple's site at iOS 4: Understanding data protection. iOS 7 greatly expanded the use of data protection to encrypt all application data by default, and therefore is strongly recommended.
It is strongly advised that, in addition to enabling data protection, all iOS users read the Apple iOS Hardening Checklist and follow all of the recommendations therein.
RIM BlackBerry OS devices
Devices using version 4.2 and later of BlackBerry OS are supported. Earlier versions of the operating system do not support all encryption options, such as encryption of media cards.
The only approved encryption method for BlackBerry devices is the native content protection. Content protection will encrypt data the operating system determines to be sensitive, such as emails, contacts, browser cache, and other user data. Encrypting the contact list will disable incoming caller identification.
To enable content protection:
1. Click Options.
2. Click Security Options.
3. Click General Settings.
4. Set Content Protection to Enabled.
To encrypt media cards:
1. Click Options.
2. Depending upon the version of the OS, click Media Card or click Advanced Options and then click Media Card.
3. Set Encryption Mode to one of the following: Device, Security Password, or Security Password & Device.
Google Android devices
Devices running Android 4.0 (Ice Cream Sandwich) or above for smartphones, Android 3.0 (Honeycomb) or above for tablets are supported. Workarounds exist for some devices running Android 2.3.4 (Gingerbread). Earlier versions of Android do not support native encryption.
The only approved encryption method for Android devices is the native device encryption. Device encryption will encrypt all user data including application data such as emails, contacts, sms and downloaded files. The process to enable encryption will vary based on the version of the operating system installed and the manufacturer of your device, but general steps are provided below.
To enable device encryption:
- Make sure you have a lockscreen PIN or password set.
- Plug in device charger.
- Go to Settings.
- Click Security.
- Click Encrypt phone.
- Read the warnings, then click the Encrypt phone button to start encryption.
Copyright © 2001-2011 Information Technology Services. All rights reserved.
