How to encrypt your Android device

by: Elmer MontejoDecember 30, 2013

Your Android device is a pocket-size container of important information that you don’t want to fall into the wrong hands. Think of your emails, SMS messages, contacts, credit card numbers, files, photos, etc. being exposed to someone who whether by intent or by accident got a hold of your Android phone or tablet.

No one wants to be in that vulnerable scenario. That’s why you can lock down your Android device with a combination of protective security measures, one of which is encryption, a pretty important one.

Learn everything about what encryption is, how it works, and how you can encrypt your Android device from this guide.

What is encryption?

Encryption refers to the process of scrambling information in a way that makes the information non-understandable by anyone else except those who know how to unscramble it. The only way to bring it back to a readable or recognizable form is to decrypt it using a key.

This can be better understood with an analogy. Take the case of your diary written in English. If you lose the diary, the finder who understands English will be able to unravel the secrets that you keep in between the pages. But, if the entries were written in a secret code or language, no one could easily understand the contents, even if one has physical possession of the pages.


A similar analogy can be applied to the personal data on your Android device. A thief could take hold of your phone and access personal data such as your account info, app data, emails and SMS, files, and other sensitive info on your device. But, even if the thief does have access to your data, for as long as your data is “garbled” or encrypted, the data will just be a bunch of gobbledygook to the thief. It will be practically just junk and useless.

In short, encrypting your data won’t prevent a thief from accessing or getting a copy of your information. Rather, it will prevent the thief from reading and understanding your information.

How does it work? What does it do?

To illustrate encryption further, let’s encipher (or encode) the word “Android” using simple substitution which replaces each letter with the second letter that comes after it in the English alphabet. That is, A is replaced by C, B is replaced by D, and so on. Using this substitution system, the word “Android” is then encrypted into “Cpftqkf” and your data thief won’t be able to make any sense of it at all. One has to know the “key” to decode the message. In this case, the key is the equivalence of A and C, B and D, and so on.

But, such substitution is too simplistic and can be easily cracked. Such simplistic encryption methods and algorithms are not used, of course, because they are not safe or secure. Thankfully, cryptography these days uses methods and algorithms more complex than just mere substitution or transposition and not very easy to solve even by computers.

Encryption of digital data comes in various shapes, sizes, and flavors. You can encrypt whole disks (e.g., hard disk drives, USB drives, SD cards), individual files or folders, network traffic, emails, and databases. It is a great way to “hide” or “disguise” your data from unauthorized people.

Although not all Android users feel the need to encrypt their phones and tablets to add an extra layer of security, Android does come with built-in ability to encrypt your phone or tablet. But, is encryption for you and do you really need it?


Why do it at all?

Foremost of all, you will want to encrypt your phone to further protect the data that it holds. A mere PIN or password may suffice for keeping your little ones or friends from tampering with your files — even the less-secure pattern lock could do the trick — but it may not be enough to keep a knowledgeable thief from accessing your data. Although, arguably, the difficulty of access will increase if the data are encrypted. While no security method or system is completely foolproof, you can use a combination of methods to help increase security.

You will want to encrypt your phone not as much to preserve your data as to prevent the finder (e.g., a phone thief) from being able to use your data. Provided you’ve PIN- or password-protected your device, an unsophisticated thief will most likely only go as far as booting the device into recovery mode and doing a factory reset from there — before selling the gadget.


If you’re a casual or average Android user, you can probably get by without encrypting your phone or tablet. For as long as you follow the tenets of basic protection for Android, you’ll most likely be fine. Most petty thieves of phones or tablets simply don’t care as much about what’s on the stolen phone as how much they could sell the stolen gadget for.

But, if you work for the government, you worry about corporate espionage, and/or you simply want to increase the security of your data, you’ll want to encrypt your device to protect your data against people who might be interested more in the data that you lug around in your mobile device than in the device itself.

Knowledgeable thieves who know their way around stuff like custom recoveries, bootloaders, or Android Debug Bridge (ADB), can easily extract data from your phone — even if it is PIN- or password-protected. German researchers, for example, have found a technique known as FROST (Forensic Recovery of Scrambled Telephones), which uses cold booting to extract phone data even if the phone is protected by a PIN or is encrypted.

Competent data thieves can easily access your data. Having a rooted phone and/or an unlocked bootloader can also make data access easier for such folks.


But, still, encrypting your phone data makes the data harder to access by most knowledgeable thieves. Ensuring that your phone’s bootloader is secure and that your phone is not rooted also adds protection. Encryption is not altogether perfect and has its own sets of flaws. Nevertheless, encryption adds an additional layer of protection to your device, making it more secure than one with unencrypted data.

Some considerations

Before deciding whether or not to encrypt your Android, take note of the following:

  • The process of encrypting and decrypting adds an additional load to and uses resources on your Android device. This can take a hit at your device’s performance and can result in lag. On slower devices, the lag can be noticeable. But, generally and in most cases, the delay is negligible. Your mileage may vary, though.
  • The initial encryption process usually takes about an hour to finish — or more, depending on the amount of data to be encrypted.
  • Do not interrupt the encryption process. Doing so could lead to permanent loss of data.
  • Encryption is irreversible. You cannot toggle encryption on or off. The only way to remove it is to perform a factory reset, which also wipes your device’s data.
  • To use an encrypted Android device, you’ll need to enter your password or PIN at boot time. This allows the device to decrypt the data so that you can use the device as you normally would.
  • Pattern and swipe lock screens will be disabled when you encrypt your device. These aren’t as secure as a PIN or password anyway.
  • You can’t encrypt Android tablets with existing multiple user accounts. Delete the additional accounts first before you encrypt your tablet.

If you’re all good with these conditions, go ahead and encrypt your Android device.

Encrypting your Android

Android encryption is a straightforward procedure. Take note that the menu locations may vary from device to device. Certain custom Android UIs and skins (e.g., Samsung TouchWiz UX) may also include other requirements. The steps below will guide you through the process.

First, set a PIN or password as screen lock for your Android device. The PIN or password that you assign will also be the decryption key and is, therefore, needed before encryption can proceed.


Some device manufacturers impose additional security lock requirements, such as this on the Galaxy S3 and Galaxy S4.


After setting a PIN or password, head to the Security submenu under the Settings menu and select Encrypt Phone or Encrypt Tablet. The encryption menu may be in a different location on some devices. On the HTC One, for instance, it’s under the Storage submenu in Settings.


The Encryption menu will look something like the following:


A short reminder will be shown on the screen. Encryption takes some time, so it is important to have enough power to last through the whole process. If your device has little power left, you will be notified before encryption can proceed. You will also need to plug your device to its charger before you can encrypt your device.


If you’re all set, tap the Encrypt Phone or Encrypt Tablet button at the bottom. Your device will ask for your PIN or password. Enter your PIN or password to confirm. You will see a warning message. Tap the Encrypt Phone or Encrypt Tablet button again to begin the encryption process.


Your device will reboot and will start the encryption. You’ll see a progress indicator of the encryption process. Encryption time varies and will depend on the amount of data on your device.

While encryption is ongoing, do not use or play with your device. If you interrupt the encryption process, you could lose all or part of your data permanently.


Once encryption is complete, your Android device will reboot, and your phone will ask you to type the password to decrypt storage. Type your PIN or password. Your device will decrypt your data and will boot back to Android.

You will know that your device has been encrypted when you find the label “Encrypted” in the Security submenu, or when at boot time your device asks for your password to decrypt the storage.

Encrypting external SD card

Some devices with external storage (e.g., Galaxy S3 and Galaxy S4) allow encrypting the data on the external SD card.

Usually, you can choose which files from your external SD card to encrypt. You can encrypt the entire external storage, or include/exclude multimedia files, or encrypt only new files (without encrypting the existing ones). So, in a sense, you have several encryption options for your SD card data.


The encrypted data on your external SD card won’t be accessible if you use the SD card on another Android device that wasn’t used for encrypting the SD card. Some devices will even report the encrypted SD card as either blank or having an unsupported file system.

External SD card encryption can also be undone. Unlike full-disk encryption of your phone’s internal storage. You can decrypt your external microSD card. On the Galaxy S3 and Galaxy S4, for instance, you can decrypt your external microSD card through the Encrypt External SD Card menu. The specific steps may vary depending on device or the firmware version.

Also be careful when you decide to encrypt or decrypt your external microSD card because some Android devices will erase all existing content when encrypting or decrypting your external storage.

Encrypting Android tablets with multiple-user accounts

In my experience with the only tablet that I have, the Nexus 7, encryption is impossible when other user accounts besides the primary account exist on the tablet. When I attempted to encrypt my Nexus 7, it just rebooted but did not go through the encryption process.


Only after I deleted all other user accounts did the encryption proceed. I suspect that this behavior is also the same on other tablets that have Android’s multiuser feature. So, if you run into the same road bump when trying to encrypt your Android tablet, try removing the other user accounts first.

After encryption, I was able to add new users. However, only the primary owner’s PIN or password can be used as the decrypt key. The primary user can’t use Swipe or Pattern for the lockscreen, but the other users can.

Encrypting through an Android app

Android’s built-in encryption function is for the whole of your internal storage, but what if you want to encrypt only some of your files and directories/folders? That’s what encryption apps are for. With the help of encryption apps, you can choose which files to encrypt rather than choose to encrypt everything on disk. You can even permanently decrypt your encrypted data without having to wipe your device.

There is more than a handful of encryption apps on the Google Play Store, but here I’ll tell you a bit of two of my favorite ones: SSE – Universal Encryption App and Encryption Manager.

SSE – Universal Encryption App

The no-cost and ads-free SSE – Universal Encryption App is a simple encryption app that lets you encrypt and decrypt files on your Android device.


To encrypt your files, launch the app and select File/Dir Encryptor. Locate your desired file or long tap on a folder and select Encrypt. You will then need to enter a password that will serve as your decrypt key. Afterwards, the app will then begin the encryption process.

By default, the app will keep a copy of the unencrypted original and create a new, encrypted copy which will have *.enc as filename extension. For security’s sake, of course, you’ll want to delete the source or original copy. Or, simply enable the Wipe Source After Encryption function in the app’s settings menu; it will cause the app to automatically delete the original file after encrypting it.

To decrypt a file or folder, simply tap on the encrypted file and select Decrypt. Enter your password for that file and the app will produce a separate decrypted copy of that file.

Aside from encrypting files, SSE – Universal Encryption App also features a Password Vault and a Text Encryptor.

Password Vault allows you to store your personal passwords of different accounts. While the Text Encryptor app allows you to encrypt and decrypt texts such as confidential notes or personal messages that you want to keep from prying eyes. Both features also need a password to access them.

Encryption Manager

Another encryption and decryption app that you can use on your mobile device is Encryption Manager.


First time you run the app, you will need to set a PIN. This will serve as your master key to be able to access all the features of the app. You will need to enter your PIN every time you use the app to be able encrypt and decrypt files within the app. Make sure to remember your PIN. If you entered the wrong PIN, you will only have 6 attempts to enter the correct PIN before the app deletes all encrypted data within the app.

To encrypt a file or folder, just tap the Add button on the app’s main menu and locate the desired file or folder. Long-tap on the file and select Manage Encrypted.

Before you begin encryption, you can set the app to delete the original files after encryption. If you have selected a folder, you can choose to encrypt files and subfolders and to delete empty folders after encryption. You can also choose which encryption algorithm to use before encrypting a file.

What I like best about this app is that you can easily decrypt a file when you want to use it, and the app deletes the decrypted file after use. Just tap on an encrypted file on the list of encrypted files and the app will decrypt it. Once you’re done using the file, the app will ask you if you want to delete the decrypted file.

The free version of the app, called Encryption Manager Lite, lets you encrypt up to only five files. To remove the limit, you can go for the premium version which costs about US$4.00.

These two apps are just sample of encryption apps available on the Google Play Store. There are other encryption apps that you can use to protect your messages, photos, call logs, and other sensitive data on your Android handset.

Final thoughts

Our Android devices are filled with all sorts of confidential data that we don’t want unwanted people to mess with — messages, contact information, credit accounts, and other more. That’s why we need to safeguard not just our Android devices but also the data that they contain. For the latter, encryption is a reliable way of securing your mobile digital data. On Android, this is easily achieved through its built-in encryption feature.

Although encryption can’t give full protection to your sensitive data, you’ll sleep much more soundly at night knowing that potential data thieves won’t easily be able to use your confidential information because of encryption.

What do you think of encrypting your Android device? Do you or do you not encrypt your Android data? If you use encryption apps, what do you use? Tell us what you think. Share your thoughts in a comment below.

(with contributions from Alvin Ybañez)


  • Allen M. (2011, March 27). Encryption – types of encryption and key concepts. Retrieved from
  • Are there actually any advantages to Android full-disk encryption? (2012, January 9). Retrieved from
  • Greenberg, A. (2013, February 14). “Frost” attack unlocks Android phones’ data by chilling their memory in a freezer. Retrieved from
  • Hoffman, C. (2013, March 30). How to encrypt your Android phone and why you might want to. Retrieved from
  • Hoffman, C. (2013, March 27). HTG explains: How encryption can be bypassed with a freezer. Retrieved from
  • Office of Information Technology University of Colorado Boulder. (2012, October 19). Types of encryption. Retrieved from
  • Proffitt, B. (2013, September 5). Encrypting your data? The NSA may see it anyway. Retrieved from
  • Rouse, M. (2008, June). Asymmetric cryptography (public-key cryptography). Retrieved from
  • Tyson, J. (2011, April 6). How encryption works. Retrieved from
  • nzerf

    Very good article.

    A couple notes:
    – Most Sony phones didn’t have encryption feature.
    – Encrypted SDcard tied to phone that encrypt it. Contents of SDcard can only be read through phone usb mass storage mode. Backup often. If phone broken or got reset, your encrypted sdcard might be unreadable forever.
    – Android SDcard encryption is storage-based, it includes underlying filesystem. If enrypted sdcard is corrupt, you will need to reformat it. Be extra careful. You can’t just fix the filesystem because it got encrypted too.

  • cizzlen

    Great article. Also why this site is leagues ahead of others.

  • Tiến Bùi

    Nice Post ! But I think 90% of users do not need to use this

  • MasterMuffin

    Do you have more details on the encryption type that Android uses (and bits and blocks and stuff)?

  • Brian Dong Min Kim

    I’m good with Samsung Knox.

    • Yesiree

      Knox is the Devil incarnated. It’s a system that takes away the customers right to its purchased product. If you want to hack your newer Samsung device, Knox will risk your warranty, even though this isn’t legal in Europe.

      • Brian Dong Min Kim

        Well the thing is, I only use it to make transactions and use the incognito mode on it, no serious business. I just like that you get two separate launchers. I had no problems with knox. Its more secure for one, and I saw files on knox encrypted, compared to regular files.

  • teotsi21

    Lol, I just use AVG’s screammyphone command. Having a skrillex song as alarm, it is guaranteed that the thief will actually throw it in the sea.

  • infernalx

    nice , i will try it :D

  • Guest

    I think Apple hardware lock for stolen device is much better.
    The thief can not use your device right away because it has passcode.
    The thief can not restore or reset the device with iTunes without

  • Hoang Cao Nghia

    I like Apple approach, hardware lock down that render the device useless is the way to go, thieves can only selling parts from stolen device, not the device itself, let alone touching your data inside the device. But their iCloud is a lame joke in security matter.

    Hope to see something like that from Motorola or Microsoft so I will have nothing to worry about device get stolen anymore.

    • Guest

      Yea , its so lame that Google Gmail accounts get hacked more than any other accounts, this is a fact. Second we all know that 5+ million account were leaked all ready lol. Good try sheep.

  • mrjayviper

    how much of a penalty is involved if encryption is enabled? thanks

  • Rahul Agarwal

    I own a Sony Ericsson Arc S. Its updated to Android 4.0.4.. I didn’t find any option to encrpt the device. Is it available for my phone?

  • Aditya Waghmare

    I once used it on my brand new micromax A110 1 year ago… But one fine day the same old encyption password I entered didn’t work?! God only knows (or experts know!) what happened but I tried it many times after reboot etc but in the end had to factory reset. Any idea what might have happened? And yeah nobody knew my password since i gave it to no one.

  • Torsten Meyer

    What about updating / flashing / sideloading when the device is encrypted? Is it still possible to boot to the recovery and flash a new rom or update? Or is it only possible to do a factory reset?

  • Balraj

    Small doubt
    If I encrypt the internal storage & try content later or install app
    Will that be auto encrypted?
    Will I be able to send files via WiFi direct Bluetooth etc
    What happens when I get software update after encryption?
    Can anyone answer me? Thank you

  • kyeongwoo nam

    does it effect on performance of rom manager or rooting? as you may know, rom manager is designed to back up the current rom you are using. if i encrypt my phone, the app may not able to back up the rom because its encrypted. or encrypytion may take root permission from me. i dont know man, i just don’t want to mess my phone up cuz i have bad memory with google update (4.4 to 4.42), it factory reset my phone. i don”t want my phone be Brand new again :P

  • kris90

    If i want to sell my device then how does encrypting my data will help?? Mostly we factory reset our phn and sell it..please reply thanks

    • Brian Gentles

      Factory reset doesn’t actually remove the bits from memory just removes the references to the file, pretty much the same way deleting a file on your computer works. If the device is encrypted first then although the bits are still there it’s impossible to decrypt them to read the content.

  • cherry

    i have a question, can you make your boot process secure with pin, which means, every time you want to shutdown or reboot, the system ask you for pin to confirm. this will be helpful if someone steels your phone and shut it down, so you cannot track using lookout or other apps. because once they stole the phone, depending on how excrypted your phone is, they can still try to mess with your phone.

  • david johnson

    On my polaroid 4.2 tab there is no encryption button. Also cannot sign in to Google play. Reply to hhtreborpegss@yahoo. Thanks

  • Boris Androidanov

    ES File Explorer file Manager (Free from Play Store) also allows you to encrypt individual files and whole folders. Adds another layer of protection for highly sensitive stuff if phone is encrypted, or first line if not. I use it also to protect any sensitive backups on my external SD Card.

  • Moving Back To Apple

    Android encryption is worthless since Google has the capability to bypass it. Apple iOS 8 does it right.

  • Xavier

    I use a pattern lock for my screen and was able to encrypt my Nexus 5

  • Naresh Landam

    Encrypt your confidential data: This powerful option will let you encrypt your accounts, settings, downloaded apps and their data, media and other files. Once you encrypt your phone or tablet, you need to type a numeric PIN or password to decrypt it each time you power it on. Remember that you cannot decrypt your device except by performing a factory data reset which erases all your data.This process of encryption takes an hour or more.So you must keep your device plugged in until encryption is complete or else there is a chance of losing some or all of your valuable data. To encrypt your smartphone or tablet: Settings > Security > Encrypt. I found out in here, give it a look,

  • sal quattrochi

    when you encrypt the android s4, are all calls and texts now encrypted?

  • Sam J

    Is there any way to pull photos from Google+ back to a Samsung S4 with an encrypted SD card—once the phone has been wiped?

  • Joe

    Don’t do it!!!! After a full day of blank screen I powered off the phone. That caused it to factory reset. What a waste of time and lost data!