protect data at rest • At which level should data be encrypted? • Block device (Full-Disk-Encryption, FDE) • File (File-Based-Encryption, FBE) • Android once adopted FDE, but later changed to FBE • because FDE requires user-interaction before OS boot • https://source.android.com/security/encryption