Malware misinformation

Documenting misinformation in the infosecurity space, focusing particularly on malware analysis and forensics.

Created by @maldr0id

View the Project on GitHub maldroid/misinformation.tech

Claim ID: 00010

The following claim is often repeated as an advice to users:

If the data is encrypted, malware won’t be able to steal it

The claim is considered: :x: FALSE :x:

Why is it false?

Every modern mobile operating system encrypts the user data by default12. It’s done to make sure that when your device is stolen or lost the data stored on it cannot be easily read. However, malware runs as a process on the operating system and, depending on granted permissions, will have access to the files in the same way as any other application does. This means that, provided it has appropriate permissions, malware can e.g. access your photos even though they are stored encrypted. However, encryption would prevent a thief from accessing the photos if your phone gets stolen and it’s locked.

Modern mobile operating systems provide sandboxing of applications34. Sandboxing prevents one application from accessing files that belong to another application unless they both agree to share the files. This means that malware, even if it gets installed, will not have access to e.g. the full message history in your instant messaging application or the full browsing history kept in your browser.

Full device encryption on modern mobile operating systems is a very important security feature, but it does not impact malware’s ability to steal the data. This is achieved using sandboxing and the permission model.

Statement sources

The websites below repeat the claim. This is not a full list of websites.

Campaigns

No misinfomartion campaigns have used this claim.

Footnotes