There’s little doubt that keeping your personal data secure these days is pretty important, so it is fortunate that Android gives you the tools you need to secure your device right out of the box. If you have been wondering how to get started, this guide will walk you through how to encrypt your Android device.
What is device encryption and what does it do?
Before we go through how to enable it, it is probably best to understand what exactly encryption is and what the pros and cons are.
Device encryption is not a one-stop solution for protecting all of your data and information from prying eyes, especially when you are sending data over the internet. Instead, device encryption converts all of the data stored on your phone into a form that can only be read with the correct credentials. This goes above and beyond a regular lock screen password, as data can still be accessed from behind this screen with some specialized knowledge and use of recoveries, bootloaders, or the Android Debug Bridge.
Once encrypted, your music, photos, apps, and account data can’t be read without first unjumbling the information using a unique key. There’s a fair bit of stuff going on behind the scenes, where a user password is converted into a key that is stored in a “Trusted Execution Environment” to keep it secure from software attacks. This key is then required to encrypt and decrypt files, sort of like those alphabet cypher puzzles that scramble up letters.
With Android, this is very simple from a user’s viewpoint. You just enter your passcode whenever you boot up or unlock the device and all of your files will be accessible. This means that if your handset falls into the wrong hands, no-one else will be able to make sense of any of the data on your phone without knowing your password.
Before you leap in, there are a couple of points to consider. Firstly, opening up encrypted files requires additional processing power, so this will take a slight toll on the performance of your handset. Memory reading speeds can be a lot slower on older devices, but the performance hit in the vast majority of regular tasks is only very minor, if even noticeable at all.
Secondly, only some smartphones will offer an option to remove encryption from your handset. Encryption is a one way only process for most smartphones and tablets. If your handset doesn’t offer an option to decrypt the entire phone, the only option is to perform a complete factory reset that removed all of your personal data from the device. So check this out with your manufacturer beforehand.
With that out of the way, let’s explore how to turn encryption on.
How to encrypt my Android device?
Device encryption works in the much the same way across all Android devices, but the methods for enabling it have changed ever so slightly over the years. Most devices come with encryption enabled by default these days, particularly those running newer versions of Android. If your phone doesn’t have it enabled, you can do it manually with just a few taps.
Android 5.0 or higher
For Android handsets and tablets running Android 5.0 Lollipop or newer, you can navigate straight to the “Security” menu under settings. Getting here might be slightly different depending on your OEM, but with stock Android, this can be found under Settings > Personal > Security.
Here you should see an option to “Encrypt phone” or “Encrypt tablet”. You’ll be asked to plug your phone in to charge while the process takes place, just to make sure that your phone doesn’t shut off and cause errors. If you haven’t done so already, you will be prompted to set a lock screen PIN or password, which you will need to enter when you turn your phone on or unlock it in order to access your newly encrypted files. Be sure to remember this password!
Android 4.4 or lower
If you’re running a handset with Android 4.4 KitKat or lower, you will have to set up a PIN or password before starting up the encryption process. Fortunately, this is simple enough. Head on over to Settings > Security > Screen Lock and either pick a pattern, numbered PIN, or mixed password for your lock screen. This will be the same password used after encryption, so make a note of it.
Once that’s done, you can go back to the Security menu and hit “Encrypt phone” or “Encrypt tablet.” You’ll need to have your phone plugged in and read through the warning messages, and you will almost certainly have to confirm your PIN or password one last time before the encryption process starts.
Encrypting your phone can take an hour or more, depending on how powerful your handset is and the amount of data that you have saved on the device. Once the process is finally finished, you can enter your PIN and start using your newly encrypted device.
Back in the Security menu, you will also likely spot an option to encrypt files on your microSD card as well. This is a recommended step if you want to keep all of your data secure, but it isn’t really necessary if you’re just using your microSD card to save music or films that aren’t particularly personal.
There are a few caveats here too. Firstly, you will no longer be able to use your microSD card with other devices without completely removing the encryption first, as other phones or computers won’t know the key. Although an encrypted microSD card is still completely transparent to move files to and from over USB, just so long as you access the encrypted files from the phone used to encrypt it. Furthermore, if you reset your device before selecting decrypt, then the encryption key will be lost and you won’t be able to gain access to the secure files on your microSD card. So think about this one carefully.
And you’re done
That’s it. It really is that simple to encrypt Android devices and is a great way to keep your data a lot more secure. There are minimal trade-offs in terms of performance, but any differences should be very hard to notice on modern handsets.
Extra options with third-party apps
If you don’t fancy committing yourself to full device encryption, there are a small number of Encrypt Android apps in the Play Store that offer up a section of different features, including single file, text, and folder encryption options.
SSE – Universal Encryption App
The app also features a text encryptor and a password vault. The text editor can be used for keeping encrypted notes and these can be shared across platforms. The vault is designed to store and manage all of your passwords, PINs, and notes in one secure place protected by one master password. Sort of like an encrypted LastPass on your device.
Crypto Ghost – File Encryption
It’s not possible to encrypt files to share using the default Android method, as they are decrypted on the device first and you can’t reproduce keys for use on other devices. So this is a handy solution for sharing files that you might not want others to see.
Safe Camera – Photo Encryption
Once you’ve taken your pictures, you can share them using your master password for the app, a unique password, or even decrypt them if you want to. There’s an option to import and secure existing photos, and the app also supports GIFs.
Speaking of communication, there are also a number of apps that offer encrypted communications over both the web and text. Although these apps require you to set-up and share keys with your partners, so there’s a fair bit more work involved here.
New Android security and encryption features
As mentioned, most new Android smartphones have device encryption turned on automatically. A big change that was introduced a couple of years ago with Android 7.0 Nougat was Direct Boot. Before Direct Boot, your entire encrypted phone would be locked down until you enter the password. Since Nougat, the system allows a small selection of software to run as soon as you turn on your phone. This means that phone calls, alarms, and the like can right away from boot, while apps that you download and more personal data won’t work until you enter the password.
This was a part of Google’s revised approach to encryption, which saw the old entire partition encryption method replaced by file-level encryption. File-level encryption is faster on older devices because the system doesn’t have to decrypt huge chunks of data all at once. This method has the added benefit of granting apps much finer control over the data that is and isn’t decrypted, which can significantly improve security in the event that a system is compromised.
Google continued to further improve its security features with Android 8.0 Oreo with more granular control over app permissions, additions to the Verified Boot feature, native two-factor authentication support, and more. More importantly, Oreo also introduced enhanced encryption for the enterprise. All devices are able to utilize separate encryption keys for personal and work profiles. Device administrators are also given the ability to activate work profile keys remotely to ensure complete data protection. Oreo also brought Project Treble with it, which was another big step to ensure faster delivery of software and security updates.
Android 9.0 Pie introduced some key privacy and encryption features as well. Apps running in the background no longer have access to the mic and camera and other sensors (other than GPS). Also huge is the addition of client-side encryption.
While all data backed up from your Android device to Google’s servers is encrypted, it is encrypted by Google for Google. In other words, Google can still technically access it. With Android Pie, backups are encrypted with a client-side secret. As before, your data travels over a secure, encrypted connection to Google’s servers, but the actual data is encrypted using a password that only you know. This also means your PIN, pattern, or password is required to restore data from the backups.
All Android 10 devices have to be encrypted by default, including entry-level ones.
With Android 10, Google took things a step further. All phones running the latest version of Android have to be encrypted by default, including entry-level devices. These were previously exempt since they lack the hardware required for advanced encryption. Not anymore. With Android 10, Google introduced Adiantum, which is a new method of encryption that works on the most budget of budget phones (including Android Go phones) and can even work on things like smartwatches and smart TVs.
Android 10 also adopts TLS 1.3, which encrypts and secures the traffic from your phone to whatever internet-based service you are connecting to. In other words, that purchase you want to make while surfing the Wi-Fi at Starbucks is now forcibly protected.
Additionally, Google introduced several other privacy features with Android 10. You no longer have to give an app full permission to things like location and microphone. Instead, you can give the app permission to use that stuff only while it’s active. Apps can also no longer access device information like the serial and IMEI number.
Given the amount of sensitive personal information that we keep on our mobile devices these days, including banking details, encrypting your Android device is a very sensible decision. There are quite a few options out there offering various levels of security, from system-wide Android encryption to apps dedicated to protecting more specific files. Keep in mind though, encryption won’t give you complete protection from everything, but it offers excellent protection in the case of stolen devices.