August 7, 2016
53
IMG_0053

The recent debate in the US between law enforcement agencies and tech giants over smartphone encryption has once again brought the issue to center stage. There’s little doubt that keeping your personal data secure these days is pretty important, so it is fortunate that Android gives you the tools you need to secure your device right out of the box. If you have been wondering how to get started, this guide will walk you through how to encrypt Android smartphones and tablets.

What is device encryption and what does it do

Before we go through how to enable it, it is probably best to understand what exactly encryption is and what the pros and cons are.

Device encryption is not a one-stop solution for protecting all of your data and information from prying eyes, especially when you are sending data over the internet. Instead, device encryption converts all of the data stored on your phone into a form that can only be read with the correct credentials. This goes above and beyond a regular lock screen password, as data can still be accessed from behind this screen with some specialized knowledge and use of recoveries, bootloaders, or the Android Debug Bridge.

Once encrypted, your music, photos, apps and account data can’t be read without first unjumbling the information using a unique key. There’s a fair bit of stuff going on behind the scenes, where a user password is converted into a key that is stored in a “Trusted Execution Environment” to keep it secure from software attacks. This key is then required to encrypt and decrypt files, sort of like those alphabet cypher puzzles that scramble up letters.

symmetric encryption

With Android this is very simple from a user’s viewpoint though, you just enter your passcode whenever you boot up or unlock the device and all of your files will be accessible. This means that if your handset falls into the wrong hands, no-one else will be able to make sense of any of the data on your phone without knowing your password.

Before you leap on in, there are a couple of points to consider. Firstly, opening up encrypted files requires additional processing power, so this will take a slight toll on the performance of your handset. Memory reading speeds can be a lot slower on older devices, but the performance hit in the vast majority of regular tasks is only very minor, if even noticeable at all.

Secondly, only some smartphones will offer an option to remove encryption from your handset. Encryption is a one way only process for most smartphones and tablets. If your handset doesn’t offer an option to decrypt the entire phone, the only option is to perform a complete factory reset that removed all of your personal data from the device. So check this out with your manufacturer beforehand.

See also:

Benchmarks show effect of device encryption on Nexus 6 performance

November 20, 2014

With that out of the way, let’s explore how to turn encryption on.

Encrypt my device

Device encryption works in the much the same way across all Android devices, but the methods for enabling it have changed ever so slightly over the years. Some device even come with encryption enabled by default these days, such as the Nexus 6 and 9, and if not, Android makes this a very simple process.

Android 5.0 or higher

For Android handsets and tablets running Android 5.0 Lollipop or newer, you can navigate straight to the “Security” menu under settings. Getting here might be slightly different depending on your OEM, but with stock Android this can be found under Settings > Personal > Security.

Encrypt Android options

Here you should see an option to “Encrypt phone” or “Encrypt tablet”. You’ll be asked to plug your phone in to charge while the process takes place, just to make sure that your phone doesn’t shut off and cause errors. If you haven’t done so already, you will be prompted to set lock screen PIN or password, which you will need to enter when you turn your phone on or unlock it in order to access your newly encrypted files. Be sure to remember this password!

Android 4.4 or lower

If you’re running a handset with Android 4.4 KitKat or lower, you will have to setup a PIN or password before starting up the encryption process. Fortunately this is simple enough, head on over to Settings > Security > Screen Lock. Here you can either pick a pattern, numbered PIN, or mixed password for your lock screen. This will be the same password used after encryption, so make a note of it.

Once that’s done, you can go back to the Security menu and hit “Encrypt phone” or “Encrypt tablet.” You’ll need to have your phone plugged in and read through the warning messages, and you will almost certainly have to confirm your PIN or password one last time before the encryption process starts.

IMG_0050

Encrypting your phone can take an hour or more, depending on how powerful your handset is and the amount of data that you have saved on the device. Once the process is finally finished you can enter your PIN and start using your newly encrypted device.

Back in the Security menu, you will also likely spot an option to encrypt files on your microSD card as well. This is a recommended step you want to keep all of your data secure, but isn’t really necessary if you’re just using your microSD card to save music or films that aren’t particularly personal.

There are a few caveats here too. Firstly, you will no longer be able to use your microSD card with other devices without completely removing the encryption first, as other phones or computers won’t know the key. Although an encrypted microSD card is still completely transparent to move files to and from over USB, just so long as you access the encrypted files from the phone used to encrypt it. Furthermore, if you reset your device before selecting decrypt then the encryption key will be lost and you won’t be able to gain access the  secure files on your microSD card. So think about this one carefully.

And you’re done

That’s it, is really is that simple to encrypt Android devices and is a great way to keep your data a lot more secure. There are minimal trade-offs in terms of performance, but any differences should be very hard to notice on modern handsets.

IMG_0047

Extra options with third party apps

If you don’t fancy committing yourself to full device encryption, there are a small number of Android apps in the Play Store that offer up a section of different features, including single file, text, and folder encryption options.

SSESSE – Universal Encryption App

SSE has been running for quite a while and still appears to be receiving little updates every now and again. Rather than mass encrypting your entire phone, SSE can be used to secure and decrypt individual files or directories, which you might prefer if you just want to keep a few things secure. You can set passwords to work as your decrypt key and there’s an option to either create encrypted copies of files or completely replace them.

The app also features a text encryptor and a password vault. The text editor can be used for keeping encrypted notes and these can be shared across platforms. The vault is designed to store and manage all of your passwords, PINs, and notes in one secure place protected by one master password. Sort of like an encrypted LastPass on your device.

Get it now on Google Play!

Crypto GhostCrypto Ghost- File Encryption

If you’re looking for a way to share encrypted and signed files with your contacts, then it might be worth checking out Crypto Ghost.

This app can secure your files with a personal key using your email and password, which has the added convenience of making your password retrievable. You can also generate a separate password for files so that you can share them with your friends without having to expose your main password. It’s not possible to encrypt files to share using the default Android method, as they are decrypted on the device first and you can’t reproduce keys for use on other devices. So this is a handy solution for sharing files that you might not want others to see.

Get it now on Google Play!
Extra protection:

15 best antivirus Android apps and anti-malware Android apps

4 weeks ago

Safe CameraSafe Camera – Photo Encryption

Perhaps you don’t really have that many files that you’re too concerned about and maybe just want to keep your pictures safe, then you could use an app like Safe Camera. Safe Camera encrypts your photos as soon as you take them, and they can then be viewed from the dedicated gallery. The camera app is relatively basic, with flash and timer options but not much else.

Once you’ve taken your pictures you can share them using your master password for the app, a unique password, or even decrypt them if you want to. There’s also an option to import and secure existing photos, and the app also supports GIFs.

Speaking of communication, there are also a number of apps which offer encrypted communications over both the web and text. Although these apps require you to set-up and share keys with your partners, so there’s a fair bit more work involved here.

Get it now on Google Play!

Android N features

Although, at the time of writing, Android N hasn’t been launched to the general public yet, the preview builds that have been landing on Nexus devices have revealed that Google has some plans for new encryption features in Android N too.

The big change is the introduction of Direct Boot. Unlike the current situation that locks your entire encrypted phone down until you enter the password, the new system allows a small selection of software to run as soon as you turn on your phone. This means that phone calls, alarms, and the like can right away from boot, while apps that you download and more personal data won’t work until you enter the password.

This is part of Google’s revised approach to encryption, which sees the old entire partition encryption method replaced by file-level encryption. File-level encryption is faster on older devices because the system doesn’t have to decrypt huge chunks of data all at once. This method has the added benefit of granting apps much finer control over the data that is and isn’t decrypted, which can significantly improve security in the event that a system is compromised. Although there are somes concern about the amount of meta-data used by this type of design, and the possibility of it being accessible.

Final Thoughts

Given the amount of sensitive personal information that we keep on our mobile devices these days, including banking details, encrypting your Android device is a very sensible decision. There are quite a few options out there offering various levels of security, from system wide Android encryption to apps dedicated to protecting more specific files. Keep in mind though, encryption won’t give you complete protection from everything, but it offers excellent protection in the case of stolen devices.

Robert Triggs
Lead Technical Writer at Android Authority, covering the latest trends in consumer electronics and hardware. In his spare moments, you'll probably find him tinkering with audio electronics and programming.
Show 53 comments