Your Android device is a pocket-size container of important information that you don’t want to fall into the wrong hands. Think of your emails, SMS messages, contacts, credit card numbers, files, photos, etc. being exposed to someone who whether by intent or by accident got a hold of your Android phone or tablet.
No one wants to be in that vulnerable scenario. That’s why you can lock down your Android device with a combination of protective security measures, one of which is encryption, a pretty important one.
Encryption refers to the process of scrambling information in a way that makes the information non-understandable by anyone else except those who know how to unscramble it. The only way to bring it back to a readable or recognizable form is to decrypt it using a key.
This can be better understood with an analogy. Take the case of your diary written in English. If you lose the diary, the finder who understands English will be able to unravel the secrets that you keep in between the pages. But, if the entries were written in a secret code or language, no one could easily understand the contents, even if one has physical possession of the pages.
A similar analogy can be applied to the personal data on your Android device. A thief could take hold of your phone and access personal data such as your account info, app data, emails and SMS, files, and other sensitive info on your device. But, even if the thief does have access to your data, for as long as your data is “garbled” or encrypted, the data will just be a bunch of gobbledygook to the thief. It will be practically just junk and useless.
In short, encrypting your data won’t prevent a thief from accessing or getting a copy of your information. Rather, it will prevent the thief from reading and understanding your information.
To illustrate encryption further, let’s encipher (or encode) the word “Android” using simple substitution which replaces each letter with the second letter that comes after it in the English alphabet. That is, A is replaced by C, B is replaced by D, and so on. Using this substitution system, the word “Android” is then encrypted into “Cpftqkf” and your data thief won’t be able to make any sense of it at all. One has to know the “key” to decode the message. In this case, the key is the equivalence of A and C, B and D, and so on.
But, such substitution is too simplistic and can be easily cracked. Such simplistic encryption methods and algorithms are not used, of course, because they are not safe or secure. Thankfully, cryptography these days uses methods and algorithms more complex than just mere substitution or transposition and not very easy to solve even by computers.
Encryption of digital data comes in various shapes, sizes, and flavors. You can encrypt whole disks (e.g., hard disk drives, USB drives, SD cards), individual files or folders, network traffic, emails, and databases. It is a great way to “hide” or “disguise” your data from unauthorized people.
Although not all Android users feel the need to encrypt their phones and tablets to add an extra layer of security, Android does come with built-in ability to encrypt your phone or tablet. But, is encryption for you and do you really need it?
Foremost of all, you will want to encrypt your phone to further protect the data that it holds. A mere PIN or password may suffice for keeping your little ones or friends from tampering with your files — even the less-secure pattern lock could do the trick — but it may not be enough to keep a knowledgeable thief from accessing your data. Although, arguably, the difficulty of access will increase if the data are encrypted. While no security method or system is completely foolproof, you can use a combination of methods to help increase security.
You will want to encrypt your phone not as much to preserve your data as to prevent the finder (e.g., a phone thief) from being able to use your data. Provided you’ve PIN- or password-protected your device, an unsophisticated thief will most likely only go as far as booting the device into recovery mode and doing a factory reset from there — before selling the gadget.
If you’re a casual or average Android user, you can probably get by without encrypting your phone or tablet. For as long as you follow the tenets of basic protection for Android, you’ll most likely be fine. Most petty thieves of phones or tablets simply don’t care as much about what’s on the stolen phone as how much they could sell the stolen gadget for.
But, if you work for the government, you worry about corporate espionage, and/or you simply want to increase the security of your data, you’ll want to encrypt your device to protect your data against people who might be interested more in the data that you lug around in your mobile device than in the device itself.
Knowledgeable thieves who know their way around stuff like custom recoveries, bootloaders, or Android Debug Bridge (ADB), can easily extract data from your phone — even if it is PIN- or password-protected. German researchers, for example, have found a technique known as FROST (Forensic Recovery of Scrambled Telephones), which uses cold booting to extract phone data even if the phone is protected by a PIN or is encrypted.
Competent data thieves can easily access your data. Having a rooted phone and/or an unlocked bootloader can also make data access easier for such folks.
But, still, encrypting your phone data makes the data harder to access by most knowledgeable thieves. Ensuring that your phone’s bootloader is secure and that your phone is not rooted also adds protection. Encryption is not altogether perfect and has its own sets of flaws. Nevertheless, encryption adds an additional layer of protection to your device, making it more secure than one with unencrypted data.
Before deciding whether or not to encrypt your Android, take note of the following:
If you’re all good with these conditions, go ahead and encrypt your Android device.
Android encryption is a straightforward procedure. Take note that the menu locations may vary from device to device. Certain custom Android UIs and skins (e.g., Samsung TouchWiz UX) may also include other requirements. The steps below will guide you through the process.
First, set a PIN or password as screen lock for your Android device. The PIN or password that you assign will also be the decryption key and is, therefore, needed before encryption can proceed.
Some device manufacturers impose additional security lock requirements, such as this on the Galaxy S3 and Galaxy S4.
After setting a PIN or password, head to the Security submenu under the Settings menu and select Encrypt Phone or Encrypt Tablet. The encryption menu may be in a different location on some devices. On the HTC One, for instance, it’s under the Storage submenu in Settings.
The Encryption menu will look something like the following:
A short reminder will be shown on the screen. Encryption takes some time, so it is important to have enough power to last through the whole process. If your device has little power left, you will be notified before encryption can proceed. You will also need to plug your device to its charger before you can encrypt your device.
If you’re all set, tap the Encrypt Phone or Encrypt Tablet button at the bottom. Your device will ask for your PIN or password. Enter your PIN or password to confirm. You will see a warning message. Tap the Encrypt Phone or Encrypt Tablet button again to begin the encryption process.
Your device will reboot and will start the encryption. You’ll see a progress indicator of the encryption process. Encryption time varies and will depend on the amount of data on your device.
While encryption is ongoing, do not use or play with your device. If you interrupt the encryption process, you could lose all or part of your data permanently.
Once encryption is complete, your Android device will reboot, and your phone will ask you to type the password to decrypt storage. Type your PIN or password. Your device will decrypt your data and will boot back to Android.
You will know that your device has been encrypted when you find the label “Encrypted” in the Security submenu, or when at boot time your device asks for your password to decrypt the storage.
Some devices with external storage (e.g., Galaxy S3 and Galaxy S4) allow encrypting the data on the external SD card.
Usually, you can choose which files from your external SD card to encrypt. You can encrypt the entire external storage, or include/exclude multimedia files, or encrypt only new files (without encrypting the existing ones). So, in a sense, you have several encryption options for your SD card data.
The encrypted data on your external SD card won’t be accessible if you use the SD card on another Android device that wasn’t used for encrypting the SD card. Some devices will even report the encrypted SD card as either blank or having an unsupported file system.
External SD card encryption can also be undone. Unlike full-disk encryption of your phone’s internal storage. You can decrypt your external microSD card. On the Galaxy S3 and Galaxy S4, for instance, you can decrypt your external microSD card through the Encrypt External SD Card menu. The specific steps may vary depending on device or the firmware version.
Also be careful when you decide to encrypt or decrypt your external microSD card because some Android devices will erase all existing content when encrypting or decrypting your external storage.
In my experience with the only tablet that I have, the Nexus 7, encryption is impossible when other user accounts besides the primary account exist on the tablet. When I attempted to encrypt my Nexus 7, it just rebooted but did not go through the encryption process.
Only after I deleted all other user accounts did the encryption proceed. I suspect that this behavior is also the same on other tablets that have Android’s multiuser feature. So, if you run into the same road bump when trying to encrypt your Android tablet, try removing the other user accounts first.
After encryption, I was able to add new users. However, only the primary owner’s PIN or password can be used as the decrypt key. The primary user can’t use Swipe or Pattern for the lockscreen, but the other users can.
Android’s built-in encryption function is for the whole of your internal storage, but what if you want to encrypt only some of your files and directories/folders? That’s what encryption apps are for. With the help of encryption apps, you can choose which files to encrypt rather than choose to encrypt everything on disk. You can even permanently decrypt your encrypted data without having to wipe your device.
There is more than a handful of encryption apps on the Google Play Store, but here I’ll tell you a bit of two of my favorite ones: SSE – Universal Encryption App and Encryption Manager.
The no-cost and ads-free SSE – Universal Encryption App is a simple encryption app that lets you encrypt and decrypt files on your Android device.
To encrypt your files, launch the app and select File/Dir Encryptor. Locate your desired file or long tap on a folder and select Encrypt. You will then need to enter a password that will serve as your decrypt key. Afterwards, the app will then begin the encryption process.
By default, the app will keep a copy of the unencrypted original and create a new, encrypted copy which will have *.enc as filename extension. For security’s sake, of course, you’ll want to delete the source or original copy. Or, simply enable the Wipe Source After Encryption function in the app’s settings menu; it will cause the app to automatically delete the original file after encrypting it.
To decrypt a file or folder, simply tap on the encrypted file and select Decrypt. Enter your password for that file and the app will produce a separate decrypted copy of that file.
Aside from encrypting files, SSE – Universal Encryption App also features a Password Vault and a Text Encryptor.
Password Vault allows you to store your personal passwords of different accounts. While the Text Encryptor app allows you to encrypt and decrypt texts such as confidential notes or personal messages that you want to keep from prying eyes. Both features also need a password to access them.
Another encryption and decryption app that you can use on your mobile device is Encryption Manager.
First time you run the app, you will need to set a PIN. This will serve as your master key to be able to access all the features of the app. You will need to enter your PIN every time you use the app to be able encrypt and decrypt files within the app. Make sure to remember your PIN. If you entered the wrong PIN, you will only have 6 attempts to enter the correct PIN before the app deletes all encrypted data within the app.
To encrypt a file or folder, just tap the Add button on the app’s main menu and locate the desired file or folder. Long-tap on the file and select Manage Encrypted.
Before you begin encryption, you can set the app to delete the original files after encryption. If you have selected a folder, you can choose to encrypt files and subfolders and to delete empty folders after encryption. You can also choose which encryption algorithm to use before encrypting a file.
What I like best about this app is that you can easily decrypt a file when you want to use it, and the app deletes the decrypted file after use. Just tap on an encrypted file on the list of encrypted files and the app will decrypt it. Once you’re done using the file, the app will ask you if you want to delete the decrypted file.
The free version of the app, called Encryption Manager Lite, lets you encrypt up to only five files. To remove the limit, you can go for the premium version which costs about US$4.00.
These two apps are just sample of encryption apps available on the Google Play Store. There are other encryption apps that you can use to protect your messages, photos, call logs, and other sensitive data on your Android handset.
Our Android devices are filled with all sorts of confidential data that we don’t want unwanted people to mess with — messages, contact information, credit accounts, and other more. That’s why we need to safeguard not just our Android devices but also the data that they contain. For the latter, encryption is a reliable way of securing your mobile digital data. On Android, this is easily achieved through its built-in encryption feature.
Although encryption can’t give full protection to your sensitive data, you’ll sleep much more soundly at night knowing that potential data thieves won’t easily be able to use your confidential information because of encryption.
What do you think of encrypting your Android device? Do you or do you not encrypt your Android data? If you use encryption apps, what do you use? Tell us what you think. Share your thoughts in a comment below.
(with contributions from Alvin Ybañez)
Like this post? Share it!
Very good article.
A couple notes:
- Most Sony phones didn’t have encryption feature.
- Encrypted SDcard tied to phone that encrypt it. Contents of SDcard can only be read through phone usb mass storage mode. Backup often. If phone broken or got reset, your encrypted sdcard might be unreadable forever.
- Android SDcard encryption is storage-based, it includes underlying filesystem. If enrypted sdcard is corrupt, you will need to reformat it. Be extra careful. You can’t just fix the filesystem because it got encrypted too.
Great article. Also why this site is leagues ahead of others.
Nice Post ! But I think 90% of users do not need to use this
Do you have more details on the encryption type that Android uses (and bits and blocks and stuff)?
I’m good with Samsung Knox.
Knox is the Devil incarnated. It’s a system that takes away the customers right to its purchased product. If you want to hack your newer Samsung device, Knox will risk your warranty, even though this isn’t legal in Europe.
Well the thing is, I only use it to make transactions and use the incognito mode on it, no serious business. I just like that you get two separate launchers. I had no problems with knox. Its more secure for one, and I saw files on knox encrypted, compared to regular files.
Lol, I just use AVG’s screammyphone command. Having a skrillex song as alarm, it is guaranteed that the thief will actually throw it in the sea.
nice , i will try it :D
I think Apple hardware lock for stolen device is much better.
The thief can not use your device right away because it has passcode.
The thief can not restore or reset the device with iTunes without
I like Apple approach, hardware lock down that render the device useless is the way to go, thieves can only selling parts from stolen device, not the device itself, let alone touching your data inside the device. But their iCloud is a lame joke in security matter.
Hope to see something like that from Motorola or Microsoft so I will have nothing to worry about device get stolen anymore.
how much of a penalty is involved if encryption is enabled? thanks
I own a Sony Ericsson Arc S. Its updated to Android 4.0.4.. I didn’t find any option to encrpt the device. Is it available for my phone?
I once used it on my brand new micromax A110 1 year ago… But one fine day the same old encyption password I entered didn’t work?! God only knows (or experts know!) what happened but I tried it many times after reboot etc but in the end had to factory reset. Any idea what might have happened? And yeah nobody knew my password since i gave it to no one.
What about updating / flashing / sideloading when the device is encrypted? Is it still possible to boot to the recovery and flash a new rom or update? Or is it only possible to do a factory reset?
If I encrypt the internal storage & try content later or install app
Will that be auto encrypted?
Will I be able to send files via WiFi direct Bluetooth etc
What happens when I get software update after encryption?
Can anyone answer me? Thank you
does it effect on performance of rom manager or rooting? as you may know, rom manager is designed to back up the current rom you are using. if i encrypt my phone, the app may not able to back up the rom because its encrypted. or encrypytion may take root permission from me. i dont know man, i just don’t want to mess my phone up cuz i have bad memory with google update (4.4 to 4.42), it factory reset my phone. i don”t want my phone be Brand new again :P
If i want to sell my device then how does encrypting my data will help?? Mostly we factory reset our phn and sell it..please reply thanks
Go away spammer.