Appreciate the thoughts. My understanding is that on Android devices, cryptographic keys are recoverable when sitting in RAM. For normal users, punching in their password once means they have their cryptographic keys in RAM until they restart their phone, even when the device is locked. If the phone hasn’t been turned off or the attacker knows how to keep the keys in RAM (e.g., with a cold boot attack, like you described), the keys can be recovered. In effect, this means the phone needs to be turned off completely and given time to “cool down” for disk encryption to work.

More here:

Written by

Writing about security for journalists, as well as beginners. Principal researcher at @freedomofpress. freedom.press/training

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store