• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Under Android Ver 10 Can You Encrypt Phone?

P

persistentone

Well-Known Member
I have a Samsung tablet A7 SM-T500 running Android 10. Under "Security" settings, there is an option to "Encrypt or Decrypt SD Card" but I no longer see any option to "Encrypt Phone". I want to encrypt the user data on the tablet's built-in storage. Has this feature been removed from Android 10? If it is still there, where do I find it?
 
Last edited:
The internal storage has been encrypted by default for many years - I think it might even have been for devices originally released with Android 5, or perhaps 6. Certainly a device released in the last few years will be encrypted automatically.
 
But with the original Encrypt Phone feature, you could not boot the device without supplying the decryption PIN. That feature prevented the phone from even loading the OS. What good is the current encryption feature if to break into the phone the thief just needs to iterate through 1000 PIN codes?
 
Last edited:
If you only use a 4-digit PIN that's actually 10,000 codes (and you can use longer). But phones usually have mechanisms to frustrate such iteration (timeouts of increasing length or factory resets when too many incorrect attempts are made).

I assume you mean the original "encrypt phone" option though, since "encrypt SD" could surely be subverted by just removing the SD card, granting access to the phone itself? Encrypting internal storage is more like encrypting a laptop's drive: it stops anyone accessing the storage without the credentials to unlock the device (admittedly with a phone's storage removing the chip and reading it with another device is in a different league of difficulty from removing a laptop's SSD and plugging it into another computer), and prevents data from being recovered after a factory reset (including one triggered remotely if you have such anti-theft software enabled). And the auto-generated encryption key will be much stronger than a short encryption PIN that you have to remember, so that aspect of the protection will be stronger.
 
Hadron said:
I assume you mean the original "encrypt phone" option though, since "encrypt SD" could surely be subverted by just removing the SD card, granting access to the phone itself?
Click to expand...

Yes, I mean the original Encrypt Phone feature and I corrected the original text sorry.

So why did Google or Samsung remove "Encrypt Phone" from Android 10?
 
persistentone said:
Yes, I mean the original Encrypt Phone feature and I corrected the original text sorry.

So why did Google or Samsung remove "Encrypt Phone" from Android 10?
Click to expand...

AFAIK that was a feature of older versions of Android, where the devices didn't usually have encrypted internal storage. I believe default encrypted storage for devices was introduced with Android 5 or 6, and so "Encrypt phone" is superfluous. How securely you lock your phone is up to you, like using longer PINs or passwords, or more complex pattern unlocks, that's in addition to things like time-outs, and unlock attempt limits.

Some manufacturers offer a vault type feature in their systems, which is basically a password or PIN locked folder, that operates in addition to a device's own encrypted internal storage and locks. and And there are third-party apps that can do it as well.
 
Last edited:
I genuinely see no advantage in a decryption key you have to remember and enter yourself over a PIN or password of the same length. Both do the same thing: enter them and you have access to the device.

Now you might argue that you are happier setting up a longer decryption PIN than a lockscreen PIN or password because you only have to enter that once when you boot the phone. But (a) if the thief steals the phone when it's powered on there is no difference at all, because it's only your (presumably short) lockscreen PIN that is preventing them from gaining access, and (b) if you use a fingerprint instead you will only have to enter the PIN/password on startup and occasionally when the phone wants to confirm your ID (every few days in my case), so the extra inconvenience of that is not large.

But as Mike says, there would be no point in keeping an "encrypt phone" option once all phones were encrypted anyway, so it probably died around Android 5 or 6.
 
mikedt said:
AFAIK that was a feature of older versions of Android, where the devices didn't usually have encrypted internal storage. I believe default encrypted storage for devices was introduced with Android 5 or 6, and so "Encrypt phone" is superfluous. How securely you lock your phone is up to you, like using longer PINs or passwords, or more complex pattern unlocks, that's in addition to things like time-outs, and unlock attempt limits.
Click to expand...

So how is Android implementing that default encrypted storage? Is some private key created at the factory when the OS is loaded? And this private key is itself encrypted by some key shared by all users and known only to Android? At some point, there must be a key that is well known within a small community that could unlock the data? It is fine to have such encryption, but it would never substitute for encryption that uses a key only known to me (forgetting for a second that Android intentionally crippled the feature by allowing the PIN to be only four characters, a password length that could be brute-forced in less than a millisecond by any computer).
 
Last edited:
NO, the key is generated by the phone, initially when it's first powered on, and then each time there's a Factory Data Reset. Each phone's generated key is unique to that device. It's aloo a new unique key generated with each Factory Data Reset. AFAIK only government agencies have the resources to break these keys, and then only after (probably) months of computing effort.
 
Davdi said:
NO, the key is generated by the phone, initially when it's first powered on, and then each time there's a Factory Data Reset. Each phone's generated key is unique to that device. It's aloo a new unique key generated with each Factory Data Reset. AFAIK only government agencies have the resources to break these keys, and then only after (probably) months of computing effort.
Click to expand...

How the private key gets created is not the important detail. What's important is how is that key protected from someone who gets the device, assuming they have a way to read the file system. Normally you would expect the private key to itself be encrypted. But encrypted by what? How could that additional encryption key be made unique to each tablet?
 
Because the device itself generates a new key each time it's Factory Data Reset. I don 't know what it uses for entropy (Randomness) when generating a key, someone with more knowledge of Android would probably be able to say.
 
Davdi said:
Because the device itself generates a new key each time it's Factory Data Reset. I don 't know what it uses for entropy (Randomness) when generating a key, someone with more knowledge of Android would probably be able to say.
Click to expand...

Is that key stored on the file system in the clear? If yes, anyone who reads the file system has the key needed to read the user data.

I assume the key is not stored in the clear, which is why I ask how is it being protected?
 
Android's force-encrypt feature is executed from the /vendor fstab file, which includes a specific flag set to 1 within the mountpoint line for the /userdata partition. The encryption key in Android 9, 10 and 11 is created by /vbmeta within the /tee (trusted execution environment), where the key is also isolated from the Android OS and stored in a manner similar to application sandboxing -- but with an encrypted isolation barrier to prevent malicious code from intercepting or tampering with the key. With root access, or with a TWRP installed script, the fstab file can be edited to set the flag from 1 to 0, which enables the legacy opt-encrypt feature. Opt-encrypt gives the user the option to encrypt userdata instead of forcing encryption by default. This option was typically found under device Settings>Security>Encrypt SD Card.
 
can i recover the data after doing factory reset to my android 10 , if i have the password for the last lock screen ?
 
Davdi said:
NO, the key is generated by the phone, initially when it's first powered on, and then each time there's a Factory Data Reset. Each phone's generated key is unique to that device. It's aloo a new unique key generated with each Factory Data Reset. AFAIK only government agencies have the resources to break these keys, and then only after (probably) months of computing effort.
Click to expand...
What if you know your password of the lock screen and typed it again in order to recover data after doing a factory reset, is this acceptable for decryption again? on fbe ( file based encryption ) Because I see this, what Android says (can be unlocked independently)
 

Attachments

  • Screenshot_20220127-014809_Samsung Internet.jpg
    Screenshot_20220127-014809_Samsung Internet.jpg
    114.8 KB · Views: 99
Hadron said:
It absolutely is not stored in the clear. Does this answer your question: https://source.android.com/security/encryption/full-disk
Click to expand...
its fbe ( file based encryption ) from Android 7.0 and higher.. not fde ( full disk encryption) cheack for that here its defferent

https://source.android.com/security/encryption/file-based

What I understood from reading on the site is that the password of lock screen is generated as well, but it can also be decrypted if I put the password for the lock screen first again .. ( I think it protects you from hacking and cracking the password, but it does not protect you if someone else knows your first password for the lock screen )
 
mikedt said:
Nope.
Click to expand...
from Android 7.0 and higher.. not fde its fbe ( file based encryption)

https://source.android.com/security/encryption/file-based

What I understood from reading on the site is that the password of lock screen is generated as well, but it can also be decrypted if I put the password for the lock screen first again .. ( I think it protects you from hacking and cracking the password, but it does not protect you if someone else knows your first password for the lock screen )
 
FBE vs FDE doesn't change the important principle: the data are encrypted, the phone will decrypt them if it is unlocked (you wouldn't want to have to enter a password for every single file), but your lockscreen password is not the encryption key in either system. In FDE it's used as part of the hashing of the key, but the key and the other part of the hash, the "salt", are random, so knowing the lockscreen password is not enough to recover encrypted data. FBE is stronger and more flexible, but has in common that there is a lot more to the key than just your lockscreen password (indeed I don't find any evidence that the lockscreen password is anything to do with the key). So going back to the question that concerns you, while the lockscreen password gives you access to the data before a reset, it won't allow you to recover them afterwards.
 
You must log in or register to reply here.
Back
Top Bottom