VPN deals Advertisement

The Ultimate Guide to Encrypting your Android Phone

All new iPhones are now encrypted by default, which is something that has alarmed law enforcement services the world over. Google also announced that it would start encrypting Android phones by default, and although it has reneged somewhat on this promise, it still strongly recommends that manufacturer’s ship their phones with full-disk encryption pre-enabled.

Regardless, it is a simple matter for owners of unencrypted Android phones (Gingerbread 2.3.4+) to encrypt their both their phone and any SD cards they use. Note also that if you are interested in improving your privacy and security on your Android device, you should also check out our Best Android VPN guide.

Why do I want to encrypt my phone?

Most of us these days keep a vast amount of personal information on our smart phones – photos, contact numbers and addresses, passwords, bank details, emails, etc. In addition to this, business users often keep sensitive information on their phones that is vulnerable to corporate espionage.

While a standard lock-screen code will deter casual theft of your data if you lose your phone, to a determined tech-savvy adversary the lock-screen offers little real protection.

Encrypting your phone, on the other hand, makes it secure against almost all forms of attack, and will probably foil even the NSA.

Reasons not to encrypt your phone

Encryption/decryption takes processing power, and will therefore slow down your phone a little*. On faster phones you are very unlikely notice a difference, but users of slower phones may want to think twice before encrypting them (this is likely the main reason Google dropped its requirement that all new phones be encrypted by default.)

*Note that both of these articles test performance using a Google Nexus 6, which as Android Central notes, “causes a greater discrepancy in performance than we'd see with most other devices, thanks to Qualcomm's crypto engine.” We therefore decide to perform our own tests using our Samsung Note 4 and the AndEBench-Pro 2015 industry-standard benchmarking tool.

EEMC before

Before phone encryption

EMMC afterAfter phone encryption

As we can see, encrypting the phone caused a 9% performance hit. Such is the price of security, but we have to say that we didn’t notice a real difference in practice.

Another issue is that it is not easy to reverse the encryption process should you change your mind. It can be done by factory resetting your phone, but this will mean that you lose all data stored on the phone.

Encrypting your phone is legal pretty much everywhere. In Canada, the Court of Appeal for Ontario has issued ruled that although police can legally search a phone that is not protected by a password, a warrant is required if the phone is protected by a password.

Of course, even with a warrant, an encrypted phone cannot be accessed unless you divulge your Master Password. US citizens are probably protected from doing this by the Fifth Amendment right against self-incrimination, but UK citizens (for example) can be legally compelled to disclose their passwords under the Key disclosure law.

If these issues are important to you, then we strongly suggest researching the legal situation regarding mandatory decryption of data in your country.

How secure is Android full disk encryption?

Android full disk encryption is based on dm-crypt, an open source transparent disk encryption subsystem used in Linux.  It uses cipher mode 128-bit AES-cbc with essiv:sha256, and the Master Password is protected using AES-128. Android versions 4.4+ further harden the Mater Password against brute-force attacks with 2000 iterations of PBKDF2.

A detailed discussion on the encryption used is available here, but the long and the short of it that accessing encrypted data on your phone is pretty much impossible (without knowing your Master Password.)

How to encrypt your phone

For this tutorial we are using an unrooted Samsung Galaxy Note 4 running Android 5.1.1, but the process should be very similar for all Android phones (and other Android devices.)

  1. Plug your phone into a power source. The process can take an hour or more (depending on how much data requires encrypting), and you really don’t to run out of juice half way through!
  2. Ensure that you have backed-up all your important data.
  3. Go to Settings -> Lock Screen -> Screen Lock -> [enter current password] -> Password and create a password that is at least 6 characters long, and contains at least 1 number. Unfortunately there is a limit of 16 characters, which makes using strong passphrases more or less impossible.

password

If you do not perform this step first, you will be sent back to do it when you start to encrypt your device

  1. Go to Settings -> System -> Security -> Encrypt device

Settings

  1. Select “Encrypt Phone” to confirm encryption. You will be asked once more to confirm your password, then sit back and relax as Android does its thing…

encrypting phone

For us, this took around 45 minutes

Password boot

Once done, you need to enter your master password each time you reboot your phone

Unfortunately, with encryption enabled, pattern and PIN unlock are disabled on the lock screen. This could be something of a nuisance, and is worth bearing in mind when deciding whether or not to encrypt your phone. Fortunately for us, it is possible to re-enable the fingerprint scanner on the Note 4 after encryption.

The only way to reverse phone encryption is to reset the phone to its factory-default settings. If you do this, all data stored on the phone will be erased. You will also be permanently unable to access encrypted data on your SD card (as the SD card encryption keys will be deleted), so make sure you decrypt an encrypted SD card before performing a factory reset of the phone.

To factory reset you phone go to Settings -> Personalisation -> Backup and reset ->Factory data reset.

How to encrypt your SD card

In addition to encrypting the phone itself, it is possible to encrypt external SD cards (on phones that still support this very handy feature.)

Cards can only be used on the phone on which they are encrypted, but unlike phone encryption, SD card encryption can be fairly easily reversed. As noted above, if you factory reset your phone without first decrypting encrypted files on your SD card, these files will be lost.

To encrypt an SD card, simply go to Settings -> System -> Security -> Encrypt external SD card -> Enable, and follow the instructions.

You will be offered the choice of whether to exclude multimedia files from the encryption process (in order to save time) and asked to confirm your Master Password. Note that you will need around 2GB free space on the SD card before it can be encrypted.

SD card encrypt

SD encryption ongoing

The process can take a while, depending on how much data needs to be encrypted (but you can use your phone while this happens)

SD card encryption is completely transparent in use, as long as you access encrypted files from the password-protected phone you encrypted them on. The files cannot now be accessed in any other way.

diable SD encryption

Unlike with full-disk-encryption, SD card encryption can be easily reversed. Simply go to Settings -> System -> Security -> Encrypt external SD card -> Disable (you will be asked to confirm your master password)

Encrypting Android Conclusion

Making your phone more secure by encrypting it is very easy, and we find the added security a more than acceptable trade-off for the 9% performance hit this incurs for us (which in real-like use we don’t notice anyway.)

We do think that having to use the same master password used to secure the phone in order to disable the lock screen could be an issue. Thanks to the Note 4’s fingerprint scanner this is not a problem for us, but we can see those without such a scanner becoming pretty frustrated at having to enter a secure password every time they unlock their phone.

Written by: Douglas Crawford

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

57 Comments

  1. srinivas
    on May 16, 2018
    Reply

    Hi, is there any apk to test device CPU performance before encryption and after encryption of the phone?

    1. Douglas Crawford replied to srinivas
      on May 16, 2018
      Reply

      Hi srinivas, That is a very good question! I haven't used them to test performance before and after encryption, myself, but PCMark for Android and Geekbench 3 are well-respected benchmarking tools for Android. Toms's Guide has a great list of other good benchmarking apps.

  2. Brian Preston
    on May 5, 2018
    Reply

    Hello, While I support the need for encryption for a myriad of reasons, you make an argument that is misleading and irrelevant as of the date you wrote this (and continues to be today). As facts and truth seem to be a subjective topic these days, it would nice to see arguments and statements that are built on true and relevant facts so that people can make an informed decision based on actual facts instead of propaganda and fear mongering. I hope you issue a correction to this piece based on the following. You assert that it is legal for police to search you phone (at least in California) in referencing the California v. Diaz case before the California Supreme Court in 2011. However, that case was made moot with respect to phones being legally searched without a warrant by the US Supreme Court ("SCOTUS") decision in 2014 (more than a year before you wrote this piece). Please refer to the case of Riley v. California as decided unanimously before SCOTUS (http://www.scotusblog.com/2014/06/symposium-in-riley-v-california-a-unanimous-supreme-court-sets-out-fourth-amendment-for-digital-age/). Best Regards. PS I did not conduct any research in regard to Diaz to learn of how the SCOTUS decision may have subsequently impacted his case.

    1. Douglas Crawford replied to Brian Preston
      on May 7, 2018
      Reply

      Hi Brian, I very much do to try base everything I write on established facts and truths. I obviously missed the newer ruling when researching this article, so thank you for pointing it out. I have modified the text accordingly.

  3. Ajay singh
    on November 6, 2017
    Reply

    Is it possible to get in the encrypt ed note4 which have a fingerlock + third party app lock. I had done fairly on my note4 Samsung . Is it possible to break the lock or not I am confused. Please write about this. Factory reset with out password.should I get back to another device By having account details and correct password.

    1. Douglas Crawford replied to Ajay singh
      on November 7, 2017
      Reply

      Hi Ajay, - I you have the correct password you can open an encrypted Android device (including a Note 4). - If you do not have the correct master password then it should be impossible (at least in theory). After all, that is the entire point of encrypting it! - A factory reset will remove the encryption but also wipe all your data. But you should, at least, be able to use your phone again.

  4. Foley Hund
    on March 23, 2017
    Reply

    If one backs up their android on a pc, then encrypts it. Then sometime in the future decides to reverse the encryption, I assume the old back up can be put back onto the android.

    1. Douglas Crawford replied to Foley Hund
      on March 23, 2017
      Reply

      Hi Foley, Indeed.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.