How to Encrypt your Android Phone (a Complete Guide)

All new iPhones are now encrypted by default, which is something that has alarmed law enforcement services the world over. Google also announced that it would start encrypting Android phones by default, and although it has reneged somewhat on this promise, it still strongly recommends that manufacturer’s ship their phones with full-disk encryption pre-enabled.

Regardless, it is a simple matter for owners of unencrypted Android phones (Gingerbread 2.3.4+) to encrypt their both their phone and any SD cards they use. Note also that if you are interested in improving your privacy and security on your Android device, you should also check out our article on 5 Best VPNs for Android.

Why do I want to encrypt my phone?

Most of us these days keep a vast amount of personal information on our smart phones – photos, contact numbers and addresses, passwords, bank details, emails, etc. In addition to this, business users often keep sensitive information on their phones that is vulnerable to corporate espionage.

While a standard lock-screen code will deter casual theft of your data if you lose your phone, to a determined tech-savvy adversary the lock-screen offers little real protection.

Encrypting your phone, on the other hand, makes it secure against almost all forms of attack, and will probably foil even the NSA.

Reasons not to encrypt your phone

Encryption/decryption takes processing power, and will therefore slow down your phone a little*. On faster phones you are very unlikely notice a difference, but users of slower phones may want to think twice before encrypting them (this is likely the main reason Google dropped its requirement that all new phones be encrypted by default.)

*Note that both of these articles test performance using a Google Nexus 6, which as Android Central notes, “causes a greater discrepancy in performance than we’d see with most other devices, thanks to Qualcomm’s crypto engine.” We therefore decide to perform our own tests using our Samsung Note 4 and the AndEBench-Pro 2015 industry-standard benchmarking tool.

EEMC before

Before phone encryption

EMMC afterAfter phone encryption

As we can see, encrypting the phone caused a 9% performance hit. Such is the price of security, but we have to say that we didn’t notice a real difference in practice.

Another issue is that it is not easy to reverse the encryption process should you change your mind. It can be done by factory resetting your phone, but this will mean that you lose all data stored on the phone.

Is it legal?

Encrypting your phone is legal pretty much everywhere. In the Unites States, the California Supreme Court has ruled that although police can legally search an unencrypted phone at the time of arrest, a warrant is required if the phone is encrypted. In Canada, the Court of Appeal for Ontario has issued a similar ruling.

Of course, even with a warrant, an encrypted phone cannot be accessed unless you divulge your Master Password. US citizens are probably protected from doing this by the Fifth Amendment right against self-incrimination, but UK citizens (for example) can be legally compelled to disclose their passwords under the Key disclosure law.

If these issues are important to you, then we strongly suggest researching the legal situation regarding mandatory decryption of data in your country.

How secure is Android full disk encryption?

Android full disk encryption is based on dm-crypt, an open source transparent disk encryption subsystem used in Linux.  It uses cipher mode 128-bit AES-cbc with essiv:sha256, and the Master Password is protected using AES-128. Android versions 4.4+ further harden the Mater Password against brute-force attacks with 2000 iterations of PBKDF2.

A detailed discussion on the encryption used is available here, but the long and the short of it that accessing encrypted data on your phone is pretty much impossible (without knowing your Master Password.)

How to encrypt your phone

For this tutorial we are using an unrooted Samsung Galaxy Note 4 running Android 5.1.1, but the process should be very similar for all Android phones (and other Android devices.)

  1. Plug your phone into a power source. The process can take an hour or more (depending on how much data requires encrypting), and you really don’t to run out of juice half way through!
  2. Ensure that you have backed-up all your important data.
  3. Go to Settings -> Lock Screen -> Screen Lock -> [enter current password] -> Password and create a password that is at least 6 characters long, and contains at least 1 number. Unfortunately there is a limit of 16 characters, which makes using strong passphrases more or less impossible.


If you do not perform this step first, you will be sent back to do it when you start to encrypt your device

  1. Go to Settings -> System -> Security -> Encrypt device


  1. Select “Encrypt Phone” to confirm encryption. You will be asked once more to confirm your password, then sit back and relax as Android does its thing…

encrypting phone

For us, this took around 45 minutes

Password boot

Once done, you need to enter your master password each time you reboot your phone

Unfortunately, with encryption enabled, pattern and PIN unlock are disabled on the lock screen. This could be something of a nuisance, and is worth bearing in mind when deciding whether or not to encrypt your phone. Fortunately for us, it is possible to re-enable the fingerprint scanner on the Note 4 after encryption.

The only way to reverse phone encryption is to reset the phone to its factory-default settings. If you do this, all data stored on the phone will be erased. You will also be permanently unable to access encrypted data on your SD card (as the SD card encryption keys will be deleted), so make sure you decrypt an encrypted SD card before performing a factory reset of the phone.

To factory reset you phone go to Settings -> Personalisation -> Backup and reset ->Factory data reset.

How to encrypt your SD card

In addition to encrypting the phone itself, it is possible to encrypt external SD cards (on phones that still support this very handy feature.)

Cards can only be used on the phone on which they are encrypted, but unlike phone encryption, SD card encryption can be fairly easily reversed. As noted above, if you factory reset your phone without first decrypting encrypted files on your SD card, these files will be lost.

To encrypt an SD card, simply go to Settings -> System -> Security -> Encrypt external SD card -> Enable, and follow the instructions.

You will be offered the choice of whether to exclude multimedia files from the encryption process (in order to save time) and asked to confirm your Master Password. Note that you will need around 2GB free space on the SD card before it can be encrypted.

SD card encrypt

SD encryption ongoing

The process can take a while, depending on how much data needs to be encrypted (but you can use your phone while this happens)

SD card encryption is completely transparent in use, as long as you access encrypted files from the password-protected phone you encrypted them on. The files cannot now be accessed in any other way.

diable SD encryption

Unlike with full-disk-encryption, SD card encryption can be easily reversed. Simply go to Settings -> System -> Security -> Encrypt external SD card -> Disable (you will be asked to confirm your master password)

Encrypting Android Conclusion

Making your phone more secure by encrypting it is very easy, and we find the added security a more than acceptable trade-off for the 9% performance hit this incurs for us (which in real-like use we don’t notice anyway.)

We do think that having to use the same master password used to secure the phone in order to disable the lock screen could be an issue. Thanks to the Note 4’s fingerprint scanner this is not a problem for us, but we can see those without such a scanner becoming pretty frustrated at having to enter a secure password every time they unlock their phone.

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage

38 responses to “How to Encrypt your Android Phone (a Complete Guide)

  1. Greetings,

    I want to ask about the updates, I use to have Sony Xperia and I encrypted it, everything was good until I received an update where I was unable to update the phone (it use to ask me to decrypt the phone first, and when I try to decrypt, it keep telling me that the phone will wipe all data decrypt it! so I did not decrypt the phone because I was afraid that it will delete all of my data).

    Now I have Note 4 (5.1.1), and Android 6.0 is almost there (which is taking forever!), so if I encrypted the phone now, do I still get the updates? or I have to decrypt it before update it? or do I lose any data if I decrypt it?

    1. Hi Muhammad,

      Hmm. My Note 4 is now running Android 6.0.1. It had no problem updating while encrypted, and it updated automatically. So fingers crossed…

  2. Hey I wanted to know I was not aware of this thing so for removing mydata from phone I first restored it from factory settings
    Then after reading this I encrypted it
    Thirdly I again factory restored it?
    Is my data now erased ,encrypted permanently???

    1. Hi Angel,

      Restoring to factory settings does just that – it wipes all personal data from your phone and returns it to state it was in when it shipped from the manufacturers factory. Factory resetting an encrypted phone will delete all personal data and remove the encryption. A factory reset is the only way to decrypt an encrypted phone.

        1. Hi Angel,

          After restoring factory settings your data cannot be recovered. This means that your phone is safe to sell.

  3. Hi Douglas,
    My phone (samsung galaxy s4) has been encrypting for two hours is it normal? How much more time should it take? And if I didn’t back it up will i lose my data?
    Thank you

    1. Hi Maria,

      Hopefully by the time I write your phone is now successfully encrypted! Yes, 2 hours (or even 3, sounds reasonable).

  4. Hi
    I heard that the decryption key is stored in the memory while the phone is on.
    Does this mean that its possible to extract the key while the phone is on?

  5. Hi Douglas,

    I just learned about this today and during my research I came across this page and information.
    Thank you so much for sharing it and for your prompt and thorough response to each reply. I have a Samsung S3 and am encrypting my SD card right now. It’s a 64 gig card with a lot of info on it (documents, pictures, videos and music) so it’s taking a while to finish. I’m totally okay with that.
    I have a few questions.
    I occasionally remove my SD card in order to transfer data from my PC to my phone, (I have an SD slot on my PC which makes this process a breeze).
    Will I still be able to do this or do I have to make all transfers via USB cable?
    Is it okay to unmount and mount the SD card after encryption?
    If I am able to transfer data via my PC to my phone, once my SD card is inserted into my PC card slot will my PC recognize the fact that the SD card is encrypted? Does it matter?
    Will I have to enter the password on my PC in order to transfer data onto the SD card?
    I just realized that some of my phone apps have been transferred to my SD card. Will they be affected by the encryption?
    Can an encryption be done on the SD card that I have in my Samsung tablet A 9.7, (I have been looking and so far have not seen anything that says that it can be done)?

    Thank you so much in advance 🙂

    1. Hi Vanessa,

      I’m glad this information is useful to you :).

      1) No, as this would completely invalidate the point of encrypting your card in the first place! Once your phone has decrypted the card (on bootup) you can make transfers via the phone’s USB cable (I personally do not find this to be much of an inconvenience).

      2) Yes, but the data is only be available once mounted on your phone.

      3) Your card is encrypted, so all data on it will be unavailable to your PC. I’m afraid that I don’t have an SD card slot for my PC to check exactly what it sees – I’m pretty sure that you won’t be able to transfer data (unencrypted) to the card, although I don’t see any harm being done if you want to give it a try (and if you can do it, then the data will not be encrypted). Basically, you read and write to the card via your phone’s USB cable.

      4) You phone decrypts your SD card, so if you transfer files via the phone’s USB cable then you will not need to enter a password. You will not be able to transfer files directly via your SD card reader.

      5) No, encrypting your phone will not affect your transferred apps (I’ve moved as many apps as I can over to my encrypted 64gb SD card, both before and after encryption).

      6) I can’t give you any information specifically about the Samsung tablet A 9.7, but can’t see why not (both phone and SD encryption are a standard feature of Android since Gingerbread 2.3.4). Look in the System -> Security settings. If the option is there, then you can do it!

  6. hi, i have encrypted my Huawei Mate7 and the screen lock pass is still the one that i used before encryption (a different one than encryption’s) is that right? also i would like to know what about the data that i add from now on to my phone. Are they gonna be encrypted as well or need to repeat encryption every while?

    1. Hi Jim,

      1) Yup. Please see my notes for Step 3.
      2) All data is now automatically encrypted. There is no need to re-encrypt.

    1. Hi Moro,

      I’m afraid that I don’t really understand your question. What do you mean by “download mode”?

  7. Recommend not using fingerprint scanner ALONE. Fingerprints cannot be changed (passwords have this advantage) and can be easily lifted without your knowing see the 200 youtube videos if you don’t believe me, AND your fingerprint can be legally compelled by police & others just like DNA swabbing can be. Instead, choose a longish password (and don’t divulge it – it’s your right.)

    1. Hi TKukler,

      The problem is that with Android encryption you need to enter a password every time your phone goes into standby! All security is a trade-off between security and usability, and entering a long password (plus using the fingerprint scanner) every time I pick up my phone breaks the usability side of the equation quite badly…

    1. Every since I have encrypted my phone and SD card (note4) I haven’t been able to receive picture messages… is there a solution to this?

      1. Hi Jolie,

        Hmm.. I do not have this problem – odd. Is it when you use your regular SMS app? If so then you could try using a different app for your SMS messages (I recommend Signal – see here for a review.)

  8. Hello, my question is once I do an encryption to my phone and SD card will it still look the same once I unlock with master password. Will my games remain the same, will I have same access as I do now? I have a Note4.

    1. Hi Jolie,

      Yes – everything remains the same. Boot-up takes somewhat longer and you get a message telling you that the SD card is encrypted at startup, but otherwise everything remains the same.

  9. I encrypted my phone
    recently before reading your
    post. The anti-virus app’s graphics was acting erratically. So I did a uninstall/install process.Now everything’s fine.However the phone took half an hour (much more than usual) to decrypt before it displayed the lock screen for the following reboot.I think it is because of the change in the anti-virus app’s data.Is it correct?

    1. Hi Liv,

      Well, half an hour is a very long time to boot, but boot does take longer after encryption (about 5 minutes on my Note 4). You could try decrypting your phone now that the troublesome anti-virus app is gone, the re-encrypting…

  10. What slices or partitions on the internal drive actually do get encrypted? It’s called “Full Disk Encryption” but I suspect it’s not the entire disk. I’m guessing only /data ? Other slices are /boot, /system, /recovery, /data, /cache, and /misc.

    1. Hi scott,

      As I understand it, the entire internal disk is encrypted. For a full description of how Android full disk encryption works, see here.

  11. Douglas I have an LG G3 and am thinking of encrypting the phones internal but not the SD card to be able to move files on and off of the card. Is this separation recommended?
    Also should all apps be internally located and can I have app downloads be located on the SD card while the app is internal and encrypted?
    I’m looking just to keep contacts, messages and emails encrypted while music and pictures aren’t. Can some pdf. and Word Doc. be both encrypted and un encrypted since not all are private?

    1. Hi Richard,

      Sure. Whatever is on the internal memory (the phone) will be encrypted, and on the unencrypted SD card… not. This includes both files and apps, so if you keep your message, contact and email apps on your phone all messages etc. will be encrypted. Keep any .pdfs and .docs you want encrypted on your phone, and move everything else to the SD card.

  12. What would be the point of encrypting my note 4 using a good difficult password then after finishing encrypting it go in and switch over the lock screen to a finger print scanner from the good password i just got through thinking of, that would defeat the whole purpose of encrypting the phone in the first place if it can be unlocked with a simple swipe of a fingerprint

    1. Hi Randy,

      It prevents the use of alternative methods to enter your phone (such as via booting into recovery mode). It also means that once a device is turned off, the password is needed.

    2. The reason is because say someone technology smart steals your phone. They know first turn it off and pull the sim card… Next to get around your fingerprint lock and access your phone boot the phone with a program to bypass it………. ohh wait they had to reboot your phone. That means now all your info is encrypted behind your secure password. They cant just bypass your fingerprint to access your data.

      Encryption is diffrent that a screen lock. Think of your front door as a lock screen, put in the key open the door or jjst break it down. Then think of encryption as an force field around the house that makes the thing unrecognizably blurry. You know the house is in front of you but you can’t make out the front door from the back door or window or garden or sog house or anything. You just see the force field, the phone, and u can see the house in ot just can’t figure out any part of the house, the encrypted data.

  13. Hi,
    In order to have my work e-mail on my phone, I needed to install some apps (Touchdown, Avast , airwatch)
    As soon as I installed this, and received my work mail, I couldn’t access my SD card anymore and received a notification that it was due to security settings. I had to encrypt it. So I first encrypted my phone and now want to encrypt my SD card. However, that option is not ‘clickable’ in the settings. And when my phone starts I see a notifcation that it save to remove SD card. When I put it bac kin I get: use of SD card is resticted due to security policy (translated) Do you know how I can access or encrypt my SD card again? Thanks!

    1. Hi Lindy,

      I am not 100% sure, but this sounds like an AirWatch issue, in which case you will need to ask your IT administrator to give you permission to access your SD card. If this is not the case, then I suggest uninstalling all the apps mentioned, and then trying to encrypt your SD card. When you reinstall the apps, check your SD card access each each time, to help you determine the culprit if the problem persists.

  14. Besides the character limit and the presence of at least one number, what other sort of character limitations are there to these encryption passwords? Are special characters allowed? Will Android check and prevent these character limitations or will they be silently unaccepted?

    1. Hi Drew,

      To be honest, I don’t know about other character limitations, but Android will not perform the encryption unless it accepts your password. You should therefore be fine experimenting with what it will and will not accept. Do remember that the Lock Screen uses the same Mater Password as you use to encrypt your phone, so selecting a very complex master password could be real pain in day-to-day use. And yes, the lack of a separate password (or PIN/pattern unlock support) for the Lock Screen is an issue for users with phones that do not have a fingerprint scanner…

  15. I encrypted my phone and now I’m stuck….I didn’t back up my pictures and videos,so if I decrpypt it,I don’t know if I will mess my phone system up…Locked screen is a BIG problem when I NEED to contact someone quickly…I don’t know what to do now..
    Thank you for this article…

    1. Hi Sue,

      The only way to decrypt your phone is to factory reset it, which will mean that you lose all your photos and videos etc. on the phone. However, there is nothing stopping you backing up your stuff before doing a factory reset – just plug your phone into a computer via its USB cable and copy your photos etc. across (or use a cloud based service such as Dropbox, or a spare (unencrypted) SD card etc.) You should also backup your contacts,download folder, and anything else you want to keep. If you play games on your phone then you may lose your saves, but other than that you should be able to back everything up (and transfer it back to your phone after the factor reset, if you wish). Do remember to decrypt any encrypted SD cards before you factory reset your phone, or you will lose all encrypted data on them.

Leave a Reply

Your email address will not be published. Required fields are marked *