WhisperCore app encrypts all data on Android

Nexus S is first device targeted in beta release of full disk encryption app for Android.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read
Moxie Marlinspike, co-founder and chief technology officer at Whisper Systems, demonstrates the new WhisperCore app on an Android phone.
Moxie Marlinspike, co-founder and chief technology officer at Whisper Systems, demonstrates the new WhisperCore app on an Android phone. Stuart Anderson

Whisper Systems today began offering hard disk encryption for Android--an app called WhisperCore that is free for individuals to use.

The app includes full disk encryption for all data stored on the device and allows for SD (Secure Digital) card encryption as well, said Moxie Marlinspike, co-founder and chief technology officer of Whisper Systems.

The beta release is limited to the Nexus S, but will be expanded to other devices soon, he told CNET. Meanwhile, pricing for commercial use is based on the size of the deployment.

Once the app is installed on the phone, the user sets a passphrase, which is used to generate a key that encrypts all the data on the disk.

"If the device is lost or stolen, the data is totally opaque and inaccessible," Marlinspike said, adding that his goal was to develop a system "that will transform these consumer devices into enterprise-class secure devices."

Some mobile security services offer remote wipe for lost or stolen devices, but typically the files remain on the device and can be recovered with special tools even though they have been erased. With disk encryption the files cannot be accessed without the passphrase.

"WhisperCore uses AES (Advanced Encryption Standard) with 256-bit keys in XTS mode, the same disk encryption protocol that's proven itself in the PC space with tools like TrueCrypt or LUKS (Linux Unified Key Setup)," Marlinspike said.

Marlinspike could have benefited from WhisperCore when his smartphones were seized four months ago by Customs agents as he returned to the U.S. on an international flight. However, his text messages were encrypted at the time with an early version of TextSecure, another app from Whisper Systems.

"Certainly I am personally motivated to feel like I have a secure device and I'm interested in writing software that allows me and others to feel safe," he said. Also, "[for] democracy activists around the world, if their devices are seized then the data is encrypted."

Whisper Systems also offers RedPhone, which provides end-to-end encryption for phone calls.

Marlinspike said he believed WhisperCore is the first publicly available hard disk encryption app for Android. Sophos has said it expects to begin selling software that includes disk encryption for smartphones later this year. And RIM offers it for BlackBerry devices.