If you look at it from a security perspective, your Android smartphone is a compact box overflowing with important personal information, and you would hardly want it to fall into the wrong hands of others. To get a more realistic picture of the situation, think about your email, SMS messages, saved credit card numbers, personal photos and other sensitive data.
I think no one would want to be in a situation where a stranger took possession of this data, because it’s scary to even think about the consequences of this. And this is the main reason why we come to different methods for organizing the protection of our phone or tablet, and data encryption is the main means of protecting data.
What is encryption?
Encryption is the reversible process of converting data into an unreadable form for all persons except those who know how to decrypt it. The only way to get the data back into readable form is to decrypt it back using the correct key.
It’s easier to understand such things using simple examples, let’s say you lost your diary, and someone who finds it and knows Russian can easily read and find out your innermost secrets, but if you kept a diary in some kind of secret code, or a language that only you understand, then no one else could read it.
A similar approach can be applied to data stored on your Android device. A thief can take over your smartphone or tablet and gain access to personal data, but if the data is encrypted, then it will be just a bunch of useless gobbledygook that he cannot read.
We encrypt your Android
Android encryption is a very simple procedure. Please note that the menus for data encryption may be located in different places on different devices. In addition, custom firmware and UI, for example Samsung TouchWiz UX, may have different requirements.
First of all, set a password or PIN code to lock the screen. This password or PIN will form part of the key to decrypt the data, so it is important to set it before you begin encryption.
Some device manufacturers impose additional security requirements, such as the Galaxy S3 and Galaxy S4.
After setting a PIN or password, go to the “Security” subsection of the main menu and select “Encrypt Phone” or “Encrypt Tablet”. On different devices, the menu for data encryption may be located in different places; for example, on HTC One it is located in the “Memory” section in the main menu.
The encryption menu will look something like this:
The encryption process takes a long time, so it is important that your battery is fully charged. If there is insufficient battery power, you will receive a notification before encryption begins.
If everything is ready, click the button at the bottom of the “Encrypt Phone” or “Encrypt Tablet” screen. Here your phone will ask for a password or PIN code, enter it to confirm. A warning message will appear again, click the “Encrypt phone” button.
Your device will reboot and only after that the encryption will begin. You will see an encryption progress indicator on the screen. While the encryption process is running, do not play with your phone or try to perform any actions; if you interrupt the encryption process, you may lose all or part of the data.
Once encryption is complete, the phone (tablet) will reboot and you will have to enter your password or PIN to decrypt all data. After entering the password, all data will be decrypted and normal Android will boot.
Encrypting an external SD card
Some devices, such as the Galaxy S3 and Galaxy S4, allow you to encrypt data even on external storage devices - SD memory cards.
The recent debate in the US between law enforcement and tech giants over smartphone encryption has once again brought this issue into the spotlight. No one will argue that protecting your personal data is an important topic, so we're happy to tell you that Android offers the necessary tools to encrypt your smartphone right out of the box. If you're interested and want to know where to start, this guide will tell you how to encrypt your Android smartphone or tablet.
Device encryption and what does it do?
Before you encrypt your device, it makes sense to understand what encryption is and what the pros and cons of this solution are.
Device encryption is not a one-size-fits-all solution for protecting all of your data or information from prying eyes, especially when sent over the Internet. Instead, device encryption converts all data stored on the phone into a form that can only be read by the correct credentials. This solution provides better security than a password lock because data can be obtained without going through the lock screen using recovery programs, bootloaders or Android Debug Bridge.
Encrypted music, photos, apps, and credentials cannot be read without first decrypting the information, which requires a unique key. Thus, part of the procedure happens behind the scenes, where the user's password is converted into a key, which is stored in the "Trusted Environment" to remain inaccessible to third-party users in the event of a software attack. This key will be required to encrypt and decrypt files.
Android makes encryption simple from a user's perspective, as you enter your passcode whenever you unlock your device, making your files accessible. This means that if your phone falls into the wrong hands, no one else will be able to figure out the data on your phone without knowing the password.
And before you dive headfirst into encryption, there are a few things you should consider. First, opening encrypted files requires additional processing power, so encryption will impact your phone's performance. Memory read speeds may become significantly slower on older devices, but the performance hit for the vast majority of regular tasks remains very small, if noticeable at all.
Secondly, only some smartphones will offer the option to remove encryption from your smartphone. Encryption is a one-way solution for most smartphones and tablets. If your phone does not offer the ability to decrypt your phone data, the only option to perform a full rollback is to return to factory settings, which will erase all of your personal data. Check this point in advance.
Having understood the situation, let's see how to enable encryption.
Encrypting my device
Device encryption works the same on all Android devices, although the methods used to implement it may change slightly over time. Some devices come with active encryption out of the box, including the Nexus 6 and Nexus 9, and if your device isn't encrypted, it's very easy to do so using Android.
Android 5.0 or higher...
For Android smartphones and tablets running Android 5.0 or later, you can go to the Security menu under Settings. The path here may vary slightly depending on your OEM, but with stock Android you'll find encryption under Settings > Personal > Security.
Here you should see an option to Encrypt Phone or Encrypt Tablet. You'll be prompted to plug your device into a charger while encryption is happening to make sure your phone doesn't turn off during the process, causing errors. If you haven't already done so, you'll be prompted to set a screen lock PIN or password, which you'll need to enter when you turn on your smartphone to access your encrypted files. Be sure to remember your password!
Android 4.4 and older...
If you are using a smartphone running Android 4.4 KitKat or older, you must set a PIN or password before starting the encryption process. Fortunately, this is not difficult, go to Settings - Security - Screen Lock. Here you can either choose a pattern, enter a PIN or a mixed password to lock the screen. You will use the same password after encryption, so pay attention to it.
Once you're done with this, you can return to the Security menu and click "Encrypt phone." You'll need to plug your device into a charger and read warning messages, and you'll almost always have to confirm your PIN or password one last time for the encryption process to begin.
Encrypting your phone may take an hour or more, depending on how powerful your smartphone is and the large amount of data stored on the device. Once the process is finally completed, you can enter your PIN and continue working with your encrypted device as if nothing had happened.
Once you return to the Security menu, you'll also likely learn about the ability to encrypt files on your MicroSD card. This is a recommended step if you want to keep all your data safe, but not really necessary if you only use MicroSD to store music or movies that have no personal value.
With this decision comes several caveats. Firstly, you will no longer be able to use MicroSD cards with other devices without completely deleting the encrypted data, since other computers/devices will not know the encryption key. And while an encrypted MicroSD card can still be used to move files, this will only last as long as you access the encrypted files from the phone used to encrypt them. Additionally, if you reset your device before decrypting your files, the key will be lost and you will not be able to access the protected files on your MicroSD card. So think through the situation carefully.
When you've finished...
That's all you really need to encrypt your Android device. This is a great way to protect your data much more securely. There is a minor trade-off in terms of performance, but any differences should be very difficult to notice on modern mobile phones.
Additional options with third party applications
If you don't want to go through the encryption wringer on all of your device's data, there are a small number of Android apps in the Google Play store that offer a variety of selective features, including encrypting a single file, text, or folder.
SSE – Universal Encryption Application
version: 1.7.0 (Pro) (downloads: 163)
SSE has been in this market for quite a long time and still seems to be receiving small updates. Instead of implementing bulk encryption of your phone, SSE can be used to protect and decrypt individual files or directories that you need if you want to protect a few items selectively. You can set a password that will serve as a decryption key, and you can also create encrypted copies of files or completely replace them.
The app also has a text encryptor and password storage. A text editor can be used to store encrypted notes that can be shared across platforms. The vault is designed to store and manage all your passwords, PINs, and notes in one secure place, protected by a master password. The feature works similar to LastPass.
Final Thoughts
Considering the amount of sensitive personal information we contain on our mobile devices today, including banking details, encrypting Android devices becomes a smart decision. There are quite a few options that provide varying levels of security, from Android's broad encryption system to apps dedicated to encrypting specific files. Keep in mind, encryption doesn't provide complete protection against everything, but it does offer excellent protection in case your device is stolen.
Smartphones have firmly taken their place in our lives. We trust them with our personal data, sometimes very confidential, without thinking about the cases when the device falls into the wrong hands. Sometimes such short-sightedness can lead to disaster. Currently, smartphones on the Android platform are leading in sales worldwide. The advantages of Android are the use of open technologies, ease of use, and the ability to encrypt data.
Having become the proud owner of an Android smartphone, I became interested in how securely the smartphone encrypts my data? I devoted several October evenings and this article to this fascinating topic. For clarity, I presented in graphical form the architecture of the Cryptfs module and the Android encryption algorithm.
Android encryption security
Full disk encryption allows you to maximize the security of your data on devices running Android OS. Data encryption was added to Android 3.0 Honeycomb, this version of Android was aimed at tablets. For the first time for smartphone owners, the ability to encrypt appeared in version 4.0. I will consider the mechanisms for implementing the data encryption system using the example of new versions of Android.
Full disk encryption protects sensitive data if the device is lost, stolen, or confiscated for any reason. For intelligence officers, obtaining data on encrypted devices is very difficult and depends on a number of conditions. If the device was turned off during transportation or the battery was simply discharged, the process of obtaining data becomes more difficult. The fact is that full encryption is vulnerable to a “cold boot” attack, which can be used to read information from RAM by physically freezing the device. This is achieved due to the fact that when there is a loss of power, the RAM is cleared within a certain amount of time, and when frozen, the cleaning process slows down and can last from several seconds to several minutes. AES keys can be extracted from the RAM of Android devices, but disk decryption is only possible with an unlocked bootloader. You can resort to the bootloader unlocking procedure only if unlocking does not lead to the destruction of all user data (which depends on the specific device model). But even if the bootloader is locked, contact lists, visited websites, photos, etc. can be extracted from RAM. For the first time, this type of attack on smartphones was demonstrated by German researchers, who called their method FROST. They demonstrated an attack on a Samsung Galaxy Nexus, but on a Samsung Galaxy SII smartphone they were unable to decrypt the disk; they explained this by the fact that the encryption on this device differs from the encryption in the official Android release.
Today encryption is enabled almost everywhere, often even where it is not needed or would interfere. One of these places is our Android mobile gadgets. Google insists that we encrypt data on our devices. But experts say it's better to think twice before enabling cryptography on your mobile phone.
Current situation
IN The Wall Street Journal It is estimated that today about 10% of Android devices are encrypted. At the same time, there are 1.4 billion of them in the world. At the same time, iOS-based devices use cryptography in almost 95% of cases. This is because in modern versions of iOS it is enabled by default.
Historically, Google has had trouble getting manufacturers to encrypt their devices. The company even had to renege on its promise to make all Android 5.0 devices encrypted due to performance issues. Although the search giant still has a requirement for encrypted storage for all devices running Android 6.0. Today, only 2.3% of gadgets run on this version of the OS, and the requirement itself applies only to new mobile phones that run Marshmallow “from the factory.” Others can set encryption as desired.
Most users adhere to the standard settings set by the device manufacturer. That is why, although almost all Android smartphones support encryption, only a few use it. Unless people start encrypting their devices en masse or Google changes its rules, it could be several years before encryption is used on most mobile phones.
Free access or security
However, it is much more important for us, ordinary users, to know whether encryption should be enabled at all. For example, on an old Android phone that works well now and there is no point in changing it. If privacy and security are your top priority, then there is no alternative to encryption.
But it is worth remembering that using cryptography requires additional processor power and memory. In practice, this can slow you down when working with the gadget. This is because when reading data and writing to the device’s disk, work must be done twice: decrypting the data, processing it, and encrypting it again. For older ARM processors this can be quite challenging.
If you have a relatively new device with a 64-bit ARM processor, then there will be fewer problems. Even if your phone is running 64-bit Android, such chips have the ARMv8 instruction set. They reduce the cost of the constant decryption and encryption process.
Here is a comparative speed test with active encryption on mobile phones with and without ARMv8 instructions in the processor. These phones are Moto E (ARMv8) and Moto G. The bars in the graph represent megabytes per second of read (orange) and write (blue) data. As you can see, the presence of ARMv8 instructions makes the device almost twice as fast with active encryption.
You can find out whether your gadget's processor is equipped with ARMv8 instructions using programs such as CPU-Z or AIDA64. In them you can read the name and model of the processor, its architecture. For example, ARMv8 is found in Qualcomm Snapdragon 410, Snapdragon 610, Snapdragon 808/810, Samsung Exynos 7 and 8 chips. In general, if the program gives you the name of the Cortex A72, A57 or A53 architecture, then your smartphone or tablet has ARMv8.
AIDA64 also goes a little further and shows what types of encryption the processor supports. These could be, for example, the popular algorithms AES, SHA1, SHA2. AES is an encryption standard, and the other two names stand for hashing algorithms. If the program indicates that they are supported by the processor, then encryption can be enabled without significantly reducing the performance of the device.
Do you use your Android smartphone (tablet) to save personal photos, read important emails, make online purchases with your credit card, edit and transfer important documents? If your answer is yes, then you should think about encrypting your device.
Unlike iPhones, Android devices don't automatically encrypt data stored on them, even if you use a passcode to unlock the device, but if you're running Android Gingerbread 2.3.4 or higher, it's easy to enable encryption.
Encrypting your phone means that if the phone is locked, the files are encrypted. Any files sent and received from your phone will not be encrypted unless you use additional methods.
The only difference between an unencrypted and an encrypted phone from a user's perspective is that you will now have to use a password to unlock the phone (tablet).
If your phone is not encrypted, then the password is just a screen lock. In fact, in this case, the password simply locks the screen - that is, it does nothing to protect the files stored on the device. So, if attackers find a way to bypass the lock screen, then they gain full access to your files.
If the phone is encrypted, the password is the key that decrypts the encrypted files.
That is, when the phone is locked, all data is encrypted, and even if attackers find a way to bypass the lock screen, then all they find is encrypted data.
How to enable encryption on an Android device?
1. Open the Settings menu.
2. In Settings, select Security > Encryption (Encrypt device).
3. As required, you must enter a password of at least six characters, at least one of which is a number.
As soon as you set a password, the process of encrypting your files will begin. Encryption may take an hour or more, so you must turn on the charger before encryption begins.
Once the encryption process is complete, you're done! Make sure to save your password in a safe place because you will now need it every time you want to access your phone. Please note that if you forget your password, there is currently no way to recover it.
In fact, encryption of Android devices, along with obvious advantages, also has significant disadvantages:
- Imagine having to dial a complex password every time you want to make a call. I wonder how long it will take for you to get tired of it?
- You will not be able to decrypt an encrypted device; this is simply not provided. To decrypt, there is only one way - to reset the phone to factory settings. In this case, of course, all your data will be lost. This will look especially interesting if you forget to make a backup copy first.
Thus, today there is a difficult choice - either you encrypt your device and put up with huge inconveniences, or you get ease of use, but at the expense of security. Which path will you choose? I don't know. Which path would I choose? I can’t answer either. I just do not know.
Vladimir BEZMALY , MVP Consumer Security, Microsoft Security Trusted Advisor
Devices
