The new Google Pixel and Pixel XL are encrypted by default to offer strong data protection, which protects your data if your phone falls into someone else’s hands, while maintaining a great user experience with high I/O performance and long battery life. In addition to encryption, the Pixel phones debuted running the Android Nougat release, which has even more security improvements.
File-Based Encryption Direct Boot experience
File-based encryption (FBE) means different files are encrypted with different keys that can be unlocked independently. Separates data into device encrypted (DE) data and credential encrypted (CE) data, FBE uses file-based encryption to allow a seamless user experience when a device reboots by combining the unlock and decrypt screen. For users, this means that applications like alarm clocks, accessibility settings, and phone calls are available immediately after boot. Enhanced with TrustZone® security Modern processors provide a means to execute code in a mode that remains secure even if the kernel is compromised. On ARM®-based processors this mode is known as TrustZone. Starting in Android Nougat, all disk encryption keys are stored encrypted with keys held by TrustZone software. This secures encrypted data in two ways:
- TrustZone enforces the Verified Boot process. If TrustZone detects that the operating system has been modified, it won’t decrypt disk encryption keys; this helps to secure device encrypted (DE) data.
- TrustZone enforces a waiting period between guesses at the user credential, which gets longer after a sequence of wrong guesses. With 1624 valid four-point patterns and TrustZone’s ever-growing waiting period, trying all patterns would take more than four years. This improves security for all users, especially those who have a shorter and more easily guessed pattern, PIN, or password.
