How to encrypt your Android device

by: Rob TriggsAugust 7, 2016
949
IMG_0053

The recent debate in the US between law enforcement agencies and tech giants over smartphone encryption has once again brought the issue to center stage. There’s little doubt that keeping your personal data secure these days is pretty important, so it is fortunate that Android gives you the tools you need to secure your device right out of the box. If you have been wondering how to get started, this guide will walk you through how to encrypt Android smartphones and tablets.

What is device encryption and what does it do

Before we go through how to enable it, it is probably best to understand what exactly encryption is and what the pros and cons are.

Device encryption is not a one-stop solution for protecting all of your data and information from prying eyes, especially when you are sending data over the internet. Instead, device encryption converts all of the data stored on your phone into a form that can only be read with the correct credentials. This goes above and beyond a regular lock screen password, as data can still be accessed from behind this screen with some specialized knowledge and use of recoveries, bootloaders, or the Android Debug Bridge.

Once encrypted, your music, photos, apps and account data can’t be read without first unjumbling the information using a unique key. There’s a fair bit of stuff going on behind the scenes, where a user password is converted into a key that is stored in a “Trusted Execution Environment” to keep it secure from software attacks. This key is then required to encrypt and decrypt files, sort of like those alphabet cypher puzzles that scramble up letters.

symmetric encryption

With Android this is very simple from a user’s viewpoint though, you just enter your passcode whenever you boot up or unlock the device and all of your files will be accessible. This means that if your handset falls into the wrong hands, no-one else will be able to make sense of any of the data on your phone without knowing your password.

Before you leap on in, there are a couple of points to consider. Firstly, opening up encrypted files requires additional processing power, so this will take a slight toll on the performance of your handset. Memory reading speeds can be a lot slower on older devices, but the performance hit in the vast majority of regular tasks is only very minor, if even noticeable at all.

Secondly, only some smartphones will offer an option to remove encryption from your handset. Encryption is a one way only process for most smartphones and tablets. If your handset doesn’t offer an option to decrypt the entire phone, the only option is to perform a complete factory reset that removed all of your personal data from the device. So check this out with your manufacturer beforehand.

nexus 6 review aa (8 of 14)See also: Benchmarks show effect of device encryption on Nexus 6 performance54

With that out of the way, let’s explore how to turn encryption on.

Encrypt my device

Device encryption works in the much the same way across all Android devices, but the methods for enabling it have changed ever so slightly over the years. Some device even come with encryption enabled by default these days, such as the Nexus 6 and 9, and if not, Android makes this a very simple process.

Android 5.0 or higher

For Android handsets and tablets running Android 5.0 Lollipop or newer, you can navigate straight to the “Security” menu under settings. Getting here might be slightly different depending on your OEM, but with stock Android this can be found under Settings > Personal > Security.

Encrypt Android options

Here you should see an option to “Encrypt phone” or “Encrypt tablet”. You’ll be asked to plug your phone in to charge while the process takes place, just to make sure that your phone doesn’t shut off and cause errors. If you haven’t done so already, you will be prompted to set lock screen PIN or password, which you will need to enter when you turn your phone on or unlock it in order to access your newly encrypted files. Be sure to remember this password!

Android 4.4 or lower

If you’re running a handset with Android 4.4 KitKat or lower, you will have to setup a PIN or password before starting up the encryption process. Fortunately this is simple enough, head on over to Settings > Security > Screen Lock. Here you can either pick a pattern, numbered PIN, or mixed password for your lock screen. This will be the same password used after encryption, so make a note of it.

Once that’s done, you can go back to the Security menu and hit “Encrypt phone” or “Encrypt tablet.” You’ll need to have your phone plugged in and read through the warning messages, and you will almost certainly have to confirm your PIN or password one last time before the encryption process starts.

IMG_0050

Encrypting your phone can take an hour or more, depending on how powerful your handset is and the amount of data that you have saved on the device. Once the process is finally finished you can enter your PIN and start using your newly encrypted device.

Back in the Security menu, you will also likely spot an option to encrypt files on your microSD card as well. This is a recommended step you want to keep all of your data secure, but isn’t really necessary if you’re just using your microSD card to save music or films that aren’t particularly personal.

There are a few caveats here too. Firstly, you will no longer be able to use your microSD card with other devices without completely removing the encryption first, as other phones or computers won’t know the key. Although an encrypted microSD card is still completely transparent to move files to and from over USB, just so long as you access the encrypted files from the phone used to encrypt it. Furthermore, if you reset your device before selecting decrypt then the encryption key will be lost and you won’t be able to gain access the  secure files on your microSD card. So think about this one carefully.

And you’re done

That’s it, is really is that simple to encrypt Android devices and is a great way to keep your data a lot more secure. There are minimal trade-offs in terms of performance, but any differences should be very hard to notice on modern handsets.

IMG_0047

Extra options with third party apps

If you don’t fancy committing yourself to full device encryption, there are a small number of Android apps in the Play Store that offer up a section of different features, including single file, text, and folder encryption options.

SSESSE – Universal Encryption App

SSE has been running for quite a while and still appears to be receiving little updates every now and again. Rather than mass encrypting your entire phone, SSE can be used to secure and decrypt individual files or directories, which you might prefer if you just want to keep a few things secure. You can set passwords to work as your decrypt key and there’s an option to either create encrypted copies of files or completely replace them.

The app also features a text encryptor and a password vault. The text editor can be used for keeping encrypted notes and these can be shared across platforms. The vault is designed to store and manage all of your passwords, PINs, and notes in one secure place protected by one master password. Sort of like an encrypted LastPass on your device.

Get it now on Google Play!

Crypto GhostCrypto Ghost- File Encryption

If you’re looking for a way to share encrypted and signed files with your contacts, then it might be worth checking out Crypto Ghost.

This app can secure your files with a personal key using your email and password, which has the added convenience of making your password retrievable. You can also generate a separate password for files so that you can share them with your friends without having to expose your main password. It’s not possible to encrypt files to share using the default Android method, as they are decrypted on the device first and you can’t reproduce keys for use on other devices. So this is a handy solution for sharing files that you might not want others to see.

Get it now on Google Play!
best antivirus android appsExtra protection: 15 best antivirus Android apps and anti-malware Android apps216

Safe CameraSafe Camera – Photo Encryption

Perhaps you don’t really have that many files that you’re too concerned about and maybe just want to keep your pictures safe, then you could use an app like Safe Camera. Safe Camera encrypts your photos as soon as you take them, and they can then be viewed from the dedicated gallery. The camera app is relatively basic, with flash and timer options but not much else.

Once you’ve taken your pictures you can share them using your master password for the app, a unique password, or even decrypt them if you want to. There’s also an option to import and secure existing photos, and the app also supports GIFs.

Speaking of communication, there are also a number of apps which offer encrypted communications over both the web and text. Although these apps require you to set-up and share keys with your partners, so there’s a fair bit more work involved here.

Get it now on Google Play!

Android N features

Although, at the time of writing, Android N hasn’t been launched to the general public yet, the preview builds that have been landing on Nexus devices have revealed that Google has some plans for new encryption features in Android N too.

The big change is the introduction of Direct Boot. Unlike the current situation that locks your entire encrypted phone down until you enter the password, the new system allows a small selection of software to run as soon as you turn on your phone. This means that phone calls, alarms, and the like can right away from boot, while apps that you download and more personal data won’t work until you enter the password.

This is part of Google’s revised approach to encryption, which sees the old entire partition encryption method replaced by file-level encryption. File-level encryption is faster on older devices because the system doesn’t have to decrypt huge chunks of data all at once. This method has the added benefit of granting apps much finer control over the data that is and isn’t decrypted, which can significantly improve security in the event that a system is compromised. Although there are somes concern about the amount of meta-data used by this type of design, and the possibility of it being accessible.

Final Thoughts

Given the amount of sensitive personal information that we keep on our mobile devices these days, including banking details, encrypting your Android device is a very sensible decision. There are quite a few options out there offering various levels of security, from system wide Android encryption to apps dedicated to protecting more specific files. Keep in mind though, encryption won’t give you complete protection from everything, but it offers excellent protection in the case of stolen devices.

  • nzerf

    Very good article.

    A couple notes:
    – Most Sony phones didn’t have encryption feature.
    – Encrypted SDcard tied to phone that encrypt it. Contents of SDcard can only be read through phone usb mass storage mode. Backup often. If phone broken or got reset, your encrypted sdcard might be unreadable forever.
    – Android SDcard encryption is storage-based, it includes underlying filesystem. If enrypted sdcard is corrupt, you will need to reformat it. Be extra careful. You can’t just fix the filesystem because it got encrypted too.

  • cizzlen

    Great article. Also why this site is leagues ahead of others.

  • Tiến Bùi

    Nice Post ! But I think 90% of users do not need to use this

  • SHeadius

    Go away spammer.

  • MasterMuffin

    Do you have more details on the encryption type that Android uses (and bits and blocks and stuff)?

  • Brian Dong Min Kim

    I’m good with Samsung Knox.

    • Yesiree

      Knox is the Devil incarnated. It’s a system that takes away the customers right to its purchased product. If you want to hack your newer Samsung device, Knox will risk your warranty, even though this isn’t legal in Europe.

      • Brian Dong Min Kim

        Well the thing is, I only use it to make transactions and use the incognito mode on it, no serious business. I just like that you get two separate launchers. I had no problems with knox. Its more secure for one, and I saw files on knox encrypted, compared to regular files.

  • teotsi21

    Lol, I just use AVG’s screammyphone command. Having a skrillex song as alarm, it is guaranteed that the thief will actually throw it in the sea.

  • infernalx

    nice , i will try it :D

  • Guest

    I think Apple hardware lock for stolen device is much better.
    The thief can not use your device right away because it has passcode.
    The thief can not restore or reset the device with iTunes without

  • I like Apple approach, hardware lock down that render the device useless is the way to go, thieves can only selling parts from stolen device, not the device itself, let alone touching your data inside the device. But their iCloud is a lame joke in security matter.

    Hope to see something like that from Motorola or Microsoft so I will have nothing to worry about device get stolen anymore.

    • Guest

      Yea , its so lame that Google Gmail accounts get hacked more than any other accounts, this is a fact. Second we all know that 5+ million account were leaked all ready lol. Good try sheep.

  • mrjayviper

    how much of a penalty is involved if encryption is enabled? thanks

  • Rahul Agarwal

    I own a Sony Ericsson Arc S. Its updated to Android 4.0.4.. I didn’t find any option to encrpt the device. Is it available for my phone?

  • Aditya Waghmare

    I once used it on my brand new micromax A110 1 year ago… But one fine day the same old encyption password I entered didn’t work?! God only knows (or experts know!) what happened but I tried it many times after reboot etc but in the end had to factory reset. Any idea what might have happened? And yeah nobody knew my password since i gave it to no one.

  • What about updating / flashing / sideloading when the device is encrypted? Is it still possible to boot to the recovery and flash a new rom or update? Or is it only possible to do a factory reset?

  • Balraj

    Small doubt
    If I encrypt the internal storage & try content later or install app
    Will that be auto encrypted?
    Will I be able to send files via WiFi direct Bluetooth etc
    What happens when I get software update after encryption?
    Can anyone answer me? Thank you

  • kyeongwoo nam

    does it effect on performance of rom manager or rooting? as you may know, rom manager is designed to back up the current rom you are using. if i encrypt my phone, the app may not able to back up the rom because its encrypted. or encrypytion may take root permission from me. i dont know man, i just don’t want to mess my phone up cuz i have bad memory with google update (4.4 to 4.42), it factory reset my phone. i don”t want my phone be Brand new again :P

  • kris90

    If i want to sell my device then how does encrypting my data will help?? Mostly we factory reset our phn and sell it..please reply thanks

    • Brian Gentles

      Factory reset doesn’t actually remove the bits from memory just removes the references to the file, pretty much the same way deleting a file on your computer works. If the device is encrypted first then although the bits are still there it’s impossible to decrypt them to read the content.

  • cherry

    i have a question, can you make your boot process secure with pin, which means, every time you want to shutdown or reboot, the system ask you for pin to confirm. this will be helpful if someone steels your phone and shut it down, so you cannot track using lookout or other apps. because once they stole the phone, depending on how excrypted your phone is, they can still try to mess with your phone.

  • david johnson

    On my polaroid 4.2 tab there is no encryption button. Also cannot sign in to Google play. Reply to [email protected] Thanks

  • Boris Androidanov

    ES File Explorer file Manager (Free from Play Store) also allows you to encrypt individual files and whole folders. Adds another layer of protection for highly sensitive stuff if phone is encrypted, or first line if not. I use it also to protect any sensitive backups on my external SD Card.

  • Moving Back To Apple

    Android encryption is worthless since Google has the capability to bypass it. Apple iOS 8 does it right.

  • I use a pattern lock for my screen and was able to encrypt my Nexus 5

  • Naresh Landam

    Encrypt your confidential data: This powerful option will let you encrypt your accounts, settings, downloaded apps and their data, media and other files. Once you encrypt your phone or tablet, you need to type a numeric PIN or password to decrypt it each time you power it on. Remember that you cannot decrypt your device except by performing a factory data reset which erases all your data.This process of encryption takes an hour or more.So you must keep your device plugged in until encryption is complete or else there is a chance of losing some or all of your valuable data. To encrypt your smartphone or tablet: Settings > Security > Encrypt. I found out in here, give it a look, http://www.spinfold.com/less-known-android-features

  • sal quattrochi

    when you encrypt the android s4, are all calls and texts now encrypted?

  • Sam J

    Is there any way to pull photos from Google+ back to a Samsung S4 with an encrypted SD card—once the phone has been wiped?

  • Joe

    Don’t do it!!!! After a full day of blank screen I powered off the phone. That caused it to factory reset. What a waste of time and lost data!

  • Link_Alcera

    For my Note 3 since day 1 I already made my encryption, but just to note that if you did add new files on SD/Device you might need to redo the steps again since I can read/copy the file on my PC without a hassle.

  • Don_Alduck

    Okay, I understand it all, but do not fully get the SD card part. Q1, So if i encrypt my SD on my phone, why would i not get a pop up window (or something similar) on a different device (phone/pc/tablet) using the same (previously encrypted) SD card to put in my password or PIN? Wouldn’t that be still secure?

    Q2, Also, what would happen if my encrypted SD would be removed for lets say 1 day or so? Would everything be normal once i’d put it back in the phone it’s been encrypted in?
    AFAIK, the SD encryption will only encrypt the new files, so older files will have to be re-uploaded

  • SalPicão

    And if the touchscreen stop working? (software or hardware failure) How to get you data from you phone to a new one or a computer?

    • EasyCare

      Replace the panel first then decrypt it. Simple, right?

      • SalPicão

        And if the problem is not on the screen sensor only? My point is, if you encrypt you external SD card, good by data… or ir there a way of decrypting it? would be nice to have a key that could decrypt…

        • EasyCare

          Component failure is something unexpected. You can’t argue bad luck.

        • jdgrn01

          All you need to decrypt the data is your original key.. you can reload the program on to your new phone, enter your email and password (the original) and then restore your old key to decrypt the data on your external SD..

    • Tim Locke

      Backups.

  • How to slow down your Android device

    • EasyCare

      *secure

      • Slow down.

        • Ahti

          install GO Launcher Ex.

        • EasyCare

          Because you’re not the kind of people that use it.

  • Rohit Raja

    Why would anyone willingly slow their phone down, may be uber secret agents….

    • Liam

      Uhm, those who are willing to encrypt their files? There are more people willing to encrypt their files than you think.

    • Lakerma

      Mostoften the performance hit is very minor! Even my Moto X 2013 runs exactly the same way with encryption enabled, as it did when it was not encrypted… Just try it out is my suggestion

  • revelationman

    I never was asked to set a password, I am using a G4 and it has not slowed down the phone in the slightest , the encryption was fast it did not take long, I wanted the phone encrypted,

  • EloCode

    we should encrypt our device ? No, because, u can’t be safe when u’re connecting in internet there is risk, It’s what I think,

    • Risk is everywhere, but the thing is how much you can minimize the threat.