Hi! Great answer, and just what I wanted to hear!
Thanks /Måns 2012/1/10 Marc Blank <[email protected]>: > The answer here is somewhat nuanced. ActiveSync can require that the device > and/or sd card be encrypted, and we enforce those policies in ICS; however, > ICS does not have the ability to encrypt removable storage (i.e. SD cards). > So here's what happens: > > 1) In all current versions of ICS (up to 4.0.3), we accept the "encrypt > device" requirement and reject the "encrypt sd card" in all cases (reject = > we don't allow the account to be created/synced on device) > 2) In the next update to ICS, we will also accept "encrypt sd card" if and > only if the device is encrypted and it has no removable volumes (this is > true of the Nexus S and Galaxy Nexus); on these devices, all internal > storage is encrypted when device encryption is enabled. > > Having said that, the Email/Exchange application never stores emails other > than in internal storage; however, user can still choose to save attachment > files to "sd card" (which may or may not be external) unless, of course, the > ActiveSync policies are set up to disallow loading of attachments. > > Does this make sense? Sorry if it's complicated, but ... that's how it is! > > Marc > > > On Tue, Jan 10, 2012 at 11:34 AM, Brian Carlstrom <[email protected]> wrote: >> >> +mblank >> >> >> On Tue, Jan 10, 2012 at 1:21 AM, Måns S <[email protected]> wrote: >>> >>> Hi! >>> >>> Being stuck with a third party solution that really works bad at work >>> (DME) to ensure that all mail messages are stored in an enctypted >>> format on the phone I wonder a bit about the features in ICS for this. >>> I need fuel to convice our security manager that ICS really does what >>> we have DME for, which is to ensure that even if a remote wipe has >>> been done - no one should be able to read the data from the deleted >>> local storage on the phone. >>> >>> As I understand it ICS offers "full device" encryption, but not for >>> the SD card? So - are all the emails that you get via Active Sync to >>> ICS stored to encrypted storage, or is there a possibility for the >>> user to have their local storage for mail on an unencrypted device >>> (SD)? Regarding policys as I understand there is more support for >>> Active Sync commands - can you force the users to use encrypted >>> storage if they are going to use Active Sync? >>> >>> Regards /Måns >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Android Security Discussions" group. >>> To post to this group, send email to >>> [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/android-security-discuss?hl=en. >>> >> > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
