How to encrypt your Android device
Your Android device is a pocket-size container of important information that you don’t want to fall into the wrong hands. Think of your emails, SMS messages, contacts, credit card numbers, files, photos, etc. being exposed to someone who whether by intent or by accident got a hold of your Android phone or tablet.
No one wants to be in that vulnerable scenario. That’s why you can lock down your Android device with a combination of protective security measures, one of which is encryption, a pretty important one.
What is encryption?
Encryption refers to the process of scrambling information in a way that makes the information non-understandable by anyone else except those who know how to unscramble it. The only way to bring it back to a readable or recognizable form is to decrypt it using a key.
This can be better understood with an analogy. Take the case of your diary written in English. If you lose the diary, the finder who understands English will be able to unravel the secrets that you keep in between the pages. But, if the entries were written in a secret code or language, no one could easily understand the contents, even if one has physical possession of the pages.
A similar analogy can be applied to the personal data on your Android device. A thief could take hold of your phone and access personal data such as your account info, app data, emails and SMS, files, and other sensitive info on your device. But, even if the thief does have access to your data, for as long as your data is “garbled” or encrypted, the data will just be a bunch of gobbledygook to the thief. It will be practically just junk and useless.
In short, encrypting your data won’t prevent a thief from accessing or getting a copy of your information. Rather, it will prevent the thief from reading and understanding your information.
How does it work? What does it do?
To illustrate encryption further, let’s encipher (or encode) the word “Android” using simple substitution which replaces each letter with the second letter that comes after it in the English alphabet. That is, A is replaced by C, B is replaced by D, and so on. Using this substitution system, the word “Android” is then encrypted into “Cpftqkf” and your data thief won’t be able to make any sense of it at all. One has to know the “key” to decode the message. In this case, the key is the equivalence of A and C, B and D, and so on.
But, such substitution is too simplistic and can be easily cracked. Such simplistic encryption methods and algorithms are not used, of course, because they are not safe or secure. Thankfully, cryptography these days uses methods and algorithms more complex than just mere substitution or transposition and not very easy to solve even by computers.
Encryption of digital data comes in various shapes, sizes, and flavors. You can encrypt whole disks (e.g., hard disk drives, USB drives, SD cards), individual files or folders, network traffic, emails, and databases. It is a great way to “hide” or “disguise” your data from unauthorized people.
Although not all Android users feel the need to encrypt their phones and tablets to add an extra layer of security, Android does come with built-in ability to encrypt your phone or tablet. But, is encryption for you and do you really need it?
Why do it at all?
Foremost of all, you will want to encrypt your phone to further protect the data that it holds. A mere PIN or password may suffice for keeping your little ones or friends from tampering with your files — even the less-secure pattern lock could do the trick — but it may not be enough to keep a knowledgeable thief from accessing your data. Although, arguably, the difficulty of access will increase if the data are encrypted. While no security method or system is completely foolproof, you can use a combination of methods to help increase security.
You will want to encrypt your phone not as much to preserve your data as to prevent the finder (e.g., a phone thief) from being able to use your data. Provided you’ve PIN- or password-protected your device, an unsophisticated thief will most likely only go as far as booting the device into recovery mode and doing a factory reset from there — before selling the gadget.
If you’re a casual or average Android user, you can probably get by without encrypting your phone or tablet. For as long as you follow the tenets of basic protection for Android, you’ll most likely be fine. Most petty thieves of phones or tablets simply don’t care as much about what’s on the stolen phone as how much they could sell the stolen gadget for.
But, if you work for the government, you worry about corporate espionage, and/or you simply want to increase the security of your data, you’ll want to encrypt your device to protect your data against people who might be interested more in the data that you lug around in your mobile device than in the device itself.
Knowledgeable thieves who know their way around stuff like custom recoveries, bootloaders, or Android Debug Bridge (ADB), can easily extract data from your phone — even if it is PIN- or password-protected. German researchers, for example, have found a technique known as FROST (Forensic Recovery of Scrambled Telephones), which uses cold booting to extract phone data even if the phone is protected by a PIN or is encrypted.
Competent data thieves can easily access your data. Having a rooted phone and/or an unlocked bootloader can also make data access easier for such folks.
But, still, encrypting your phone data makes the data harder to access by most knowledgeable thieves. Ensuring that your phone’s bootloader is secure and that your phone is not rooted also adds protection. Encryption is not altogether perfect and has its own sets of flaws. Nevertheless, encryption adds an additional layer of protection to your device, making it more secure than one with unencrypted data.
Before deciding whether or not to encrypt your Android, take note of the following:
- The process of encrypting and decrypting adds an additional load to and uses resources on your Android device. This can take a hit at your device’s performance and can result in lag. On slower devices, the lag can be noticeable. But, generally and in most cases, the delay is negligible. Your mileage may vary, though.
- The initial encryption process usually takes about an hour to finish — or more, depending on the amount of data to be encrypted.
- Do not interrupt the encryption process. Doing so could lead to permanent loss of data.
- Encryption is irreversible. You cannot toggle encryption on or off. The only way to remove it is to perform a factory reset, which also wipes your device’s data.
- To use an encrypted Android device, you’ll need to enter your password or PIN at boot time. This allows the device to decrypt the data so that you can use the device as you normally would.
- Pattern and swipe lock screens will be disabled when you encrypt your device. These aren’t as secure as a PIN or password anyway.
- You can’t encrypt Android tablets with existing multiple user accounts. Delete the additional accounts first before you encrypt your tablet.
If you’re all good with these conditions, go ahead and encrypt your Android device.
Encrypting your Android
Android encryption is a straightforward procedure. Take note that the menu locations may vary from device to device. Certain custom Android UIs and skins (e.g., Samsung TouchWiz UX) may also include other requirements. The steps below will guide you through the process.
First, set a PIN or password as screen lock for your Android device. The PIN or password that you assign will also be the decryption key and is, therefore, needed before encryption can proceed.
Some device manufacturers impose additional security lock requirements, such as this on the Galaxy S3 and Galaxy S4.
After setting a PIN or password, head to the Security submenu under the Settings menu and select Encrypt Phone or Encrypt Tablet. The encryption menu may be in a different location on some devices. On the HTC One, for instance, it’s under the Storage submenu in Settings.
The Encryption menu will look something like the following:
A short reminder will be shown on the screen. Encryption takes some time, so it is important to have enough power to last through the whole process. If your device has little power left, you will be notified before encryption can proceed. You will also need to plug your device to its charger before you can encrypt your device.
If you’re all set, tap the Encrypt Phone or Encrypt Tablet button at the bottom. Your device will ask for your PIN or password. Enter your PIN or password to confirm. You will see a warning message. Tap the Encrypt Phone or Encrypt Tablet button again to begin the encryption process.
Your device will reboot and will start the encryption. You’ll see a progress indicator of the encryption process. Encryption time varies and will depend on the amount of data on your device.
While encryption is ongoing, do not use or play with your device. If you interrupt the encryption process, you could lose all or part of your data permanently.
Once encryption is complete, your Android device will reboot, and your phone will ask you to type the password to decrypt storage. Type your PIN or password. Your device will decrypt your data and will boot back to Android.
You will know that your device has been encrypted when you find the label “Encrypted” in the Security submenu, or when at boot time your device asks for your password to decrypt the storage.
Encrypting external SD card
Some devices with external storage (e.g., Galaxy S3 and Galaxy S4) allow encrypting the data on the external SD card.
Usually, you can choose which files from your external SD card to encrypt. You can encrypt the entire external storage, or include/exclude multimedia files, or encrypt only new files (without encrypting the existing ones). So, in a sense, you have several encryption options for your SD card data.
The encrypted data on your external SD card won’t be accessible if you use the SD card on another Android device that wasn’t used for encrypting the SD card. Some devices will even report the encrypted SD card as either blank or having an unsupported file system.
External SD card encryption can also be undone. Unlike full-disk encryption of your phone’s internal storage. You can decrypt your external microSD card. On the Galaxy S3 and Galaxy S4, for instance, you can decrypt your external microSD card through the Encrypt External SD Card menu. The specific steps may vary depending on device or the firmware version.
Also be careful when you decide to encrypt or decrypt your external microSD card because some Android devices will erase all existing content when encrypting or decrypting your external storage.
Encrypting Android tablets with multiple-user accounts
In my experience with the only tablet that I have, the Nexus 7, encryption is impossible when other user accounts besides the primary account exist on the tablet. When I attempted to encrypt my Nexus 7, it just rebooted but did not go through the encryption process.
Only after I deleted all other user accounts did the encryption proceed. I suspect that this behavior is also the same on other tablets that have Android’s multiuser feature. So, if you run into the same road bump when trying to encrypt your Android tablet, try removing the other user accounts first.
After encryption, I was able to add new users. However, only the primary owner’s PIN or password can be used as the decrypt key. The primary user can’t use Swipe or Pattern for the lockscreen, but the other users can.
Encrypting through an Android app
Android’s built-in encryption function is for the whole of your internal storage, but what if you want to encrypt only some of your files and directories/folders? That’s what encryption apps are for. With the help of encryption apps, you can choose which files to encrypt rather than choose to encrypt everything on disk. You can even permanently decrypt your encrypted data without having to wipe your device.
There is more than a handful of encryption apps on the Google Play Store, but here I’ll tell you a bit of two of my favorite ones: SSE – Universal Encryption App and Encryption Manager.
SSE – Universal Encryption App
The no-cost and ads-free SSE – Universal Encryption App is a simple encryption app that lets you encrypt and decrypt files on your Android device.
To encrypt your files, launch the app and select File/Dir Encryptor. Locate your desired file or long tap on a folder and select Encrypt. You will then need to enter a password that will serve as your decrypt key. Afterwards, the app will then begin the encryption process.
By default, the app will keep a copy of the unencrypted original and create a new, encrypted copy which will have *.enc as filename extension. For security’s sake, of course, you’ll want to delete the source or original copy. Or, simply enable the Wipe Source After Encryption function in the app’s settings menu; it will cause the app to automatically delete the original file after encrypting it.
To decrypt a file or folder, simply tap on the encrypted file and select Decrypt. Enter your password for that file and the app will produce a separate decrypted copy of that file.
Aside from encrypting files, SSE – Universal Encryption App also features a Password Vault and a Text Encryptor.
Password Vault allows you to store your personal passwords of different accounts. While the Text Encryptor app allows you to encrypt and decrypt texts such as confidential notes or personal messages that you want to keep from prying eyes. Both features also need a password to access them.
Another encryption and decryption app that you can use on your mobile device is Encryption Manager.
First time you run the app, you will need to set a PIN. This will serve as your master key to be able to access all the features of the app. You will need to enter your PIN every time you use the app to be able encrypt and decrypt files within the app. Make sure to remember your PIN. If you entered the wrong PIN, you will only have 6 attempts to enter the correct PIN before the app deletes all encrypted data within the app.
To encrypt a file or folder, just tap the Add button on the app’s main menu and locate the desired file or folder. Long-tap on the file and select Manage Encrypted.
Before you begin encryption, you can set the app to delete the original files after encryption. If you have selected a folder, you can choose to encrypt files and subfolders and to delete empty folders after encryption. You can also choose which encryption algorithm to use before encrypting a file.
What I like best about this app is that you can easily decrypt a file when you want to use it, and the app deletes the decrypted file after use. Just tap on an encrypted file on the list of encrypted files and the app will decrypt it. Once you’re done using the file, the app will ask you if you want to delete the decrypted file.
The free version of the app, called Encryption Manager Lite, lets you encrypt up to only five files. To remove the limit, you can go for the premium version which costs about US$4.00.
These two apps are just sample of encryption apps available on the Google Play Store. There are other encryption apps that you can use to protect your messages, photos, call logs, and other sensitive data on your Android handset.
Our Android devices are filled with all sorts of confidential data that we don’t want unwanted people to mess with — messages, contact information, credit accounts, and other more. That’s why we need to safeguard not just our Android devices but also the data that they contain. For the latter, encryption is a reliable way of securing your mobile digital data. On Android, this is easily achieved through its built-in encryption feature.
Although encryption can’t give full protection to your sensitive data, you’ll sleep much more soundly at night knowing that potential data thieves won’t easily be able to use your confidential information because of encryption.
What do you think of encrypting your Android device? Do you or do you not encrypt your Android data? If you use encryption apps, what do you use? Tell us what you think. Share your thoughts in a comment below.
(with contributions from Alvin Ybañez)
- Allen M. (2011, March 27). Encryption – types of encryption and key concepts. Retrieved from http://kb.wisc.edu/page.php?id=17489
- Are there actually any advantages to Android full-disk encryption? (2012, January 9). Retrieved from http://security.stackexchange.com/a/14186
- Greenberg, A. (2013, February 14). “Frost” attack unlocks Android phones’ data by chilling their memory in a freezer. Retrieved from http://www.forbes.com/sites/andygreenberg/2013/02/14/frost-attack-unlocks-android-phones-data-by-chilling-its-memory-in-a-freezer/
- Hoffman, C. (2013, March 30). How to encrypt your Android phone and why you might want to. Retrieved from http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/
- Hoffman, C. (2013, March 27). HTG explains: How encryption can be bypassed with a freezer. Retrieved from http://www.howtogeek.com/141805/htg-explains-how-encryption-can-be-bypassed-with-a-freezer/
- Office of Information Technology University of Colorado Boulder. (2012, October 19). Types of encryption. Retrieved from http://www.colorado.edu/oit/it-security/security-awareness/encryption/types-encryption
- Proffitt, B. (2013, September 5). Encrypting your data? The NSA may see it anyway. Retrieved from http://readwrite.com/2013/09/05/nsa-encryption-breaking-decryption
- Rouse, M. (2008, June). Asymmetric cryptography (public-key cryptography). Retrieved from http://searchsecurity.techtarget.com/definition/asymmetric-cryptography
- Tyson, J. (2011, April 6). How encryption works. Retrieved from http://computer.howstuffworks.com/encryption.htm