I have looked at the FAQ and searched the forum, but I am still not sure what this means:
Sensitive data is stored in user profiles. User profiles each have their own unique, randomly generated disk encryption key and their own unique key encryption key is used to encrypt it. The owner profile is special and is used to store sensitive system-wide operating system data.
And:
The OS derives a password token from the profile's lock method credential using scrypt. This is used as the main input for key derivation.
What is « sensitive data » exactly (is that a standard Android term)? What happens to regular files that are just written by apps to the filesystem, or copied via usb, with no additional encryption? Are they encrypted using the global (owner’s) key, meaning they are not at rest until reboot, or the profile-specific key?
Maybe a naive question, but how does one store a file and make it « sensitive data »?
Thanks a lot!