Related
Hi, there!
Like many others, I have only recently switched from WM6.5 to Android (with my new HTC Desire).
WM 6 introduced the possibility to encrypt the SD Card, making it only readable in the PPC it was originally encrypted in. I found this a very helpful tool and had bought a respective app from Spritesoft. Unfortunately, their Android software is still in the beginning status, and therefore, I bought yesterday the app from WaveSecure.
I was surprised, however, that they do not offer an encryption for the SD card as I know it from my old TyTN II.
Is anybody here who can advice - tweak, app, or whatever?
I mean, it's nice to secure the phone - but the sensible data are being stored in files on the SD card in the end. And if you lose your device, it may well be broke, but the SD card lives and cannot be wyped in a broken device either.
I couldn't agree more. There are a few applications that either offer individual file passwords, which is not very secure, or just offer encryption of its own text files, like OI Safe. I used to use a commercial application on Windows Mobile, Sentry 2020, which allowed you to create a an encrypted volume within your storage, internal or external. This was ideal, as it allowed you to store any kind of files in this. After a timeout period, the volume was automatically closed and your files were secure. It is a shame that the last activity in Sentry's website is in 2007.
I should be receiving a desire very shortly and am very concerned by the current lack of device level encryption.
Does anyone know if there are any products in development that will soon allow device encryption?
Is the hardware and OS itself capable of supporting full device encryption?
hi, i want to reopen this issue because today i asked myself the same question.
i have tested several apps but most of them are not useable for a large number of files or folders.... what we really need is a secret partition and something like truecrypt.... i didn´t find anything in the net... so if somebody has an idea or solution for that, i would be happy...
thank you!
htclerman said:
hi, i want to reopen this issue because today i asked myself the same question.
i have tested several apps but most of them are not useable for a large number of files or folders.... what we really need is a secret partition and something like truecrypt.... i didn´t find anything in the net... so if somebody has an idea or solution for that, i would be happy...
thank you!
Click to expand...
Click to collapse
did you encounter anything using AES/Rijndael or at least Blowfish or Twofish algorithm? I need something to encrypt single files/folders only. TIA!
wizja said:
did you encounter anything using AES/Rijndael or at least Blowfish or Twofish algorithm? I npartitioneed something to encrypt single files/folders only. TIA!
Click to expand...
Click to collapse
Do you speak about apps?
If yes, there is nothing out there
I know that is working fast with a big number of files. There must be an option to encrypt a whole partition,
That's the only thing that would make sense.
Sent from my HTC Desire using XDA App
http://tasker.dinglisch.net/tour.html
Claims to support encryption, kind of complicated through.
htclerman said:
Do you speak about apps?
If yes, there is nothing out there
I know that is working fast with a big number of files. There must be an option to encrypt a whole partition,
That's the only thing that would make sense.
Sent from my HTC Desire using XDA App
Click to expand...
Click to collapse
With the ability to put apps on the SDCard this is going to be an unlikely feature to work well....
Your best bet is looking for something with a good remote wipe/lock feature.
If you have a partition formatted with ext2/3/4, it's only a matter of copying over static binaries of lvm, device-mapper and cryptsetup, and creating a script called via initrc or controlled via /etc/init.d
I've posted about a similar solution for /data. Search for it.
Push for implementating it in Android:
Using dm-crypt to Encrypt the SD Card...? - xda-developers
Using dm-crypt to Encrypt the SD Card...? - CyanogenMod Forum
Issue 11211 - android - Android too insecure - Encryption of the SDcard is crucial - Project Hosting on Google Code
Issue 3748 - android - Add support for partition/block device encryption - Project Hosting on Google Code
At least one user would like to be able to encrypt their phone's filesystem.
I know that Android 3.0 and later have native encryption.
Has anyone successfully used it, or knows what needs to be done to enable it?
jeffsf said:
At least one user would like to be able to encrypt their phone's filesystem.
I know that Android 3.0 and later have native encryption.
Has anyone successfully used it, or knows what needs to be done to enable it?
Click to expand...
Click to collapse
Here are some research results from me:
NATIVE ENCRYPTION.
The native encryption works as specified here: http://source.android.com/tech/encryption/android_crypto_implementation.html
It will not work on AOKP because "cryptfs enablecrypto inplace" command will not find which device is /data . I went through some source code, and couldn't really find how this device is defined. I think, there is supposed to be an fstab somewhere which would have MF_CRYPT flag on that filesystem, but I could not find it. Maybe someone more fluent in kernel code could go through http://mirror.yongbok.net/pub/linux/android/repository/system/core/fs_mgr/fs_mgr.c (search for MF_CRYPT) and figure out. It might be as easy as to define a proper mount string in init.
EncFS ENCRYPTION
I found that EncFS will provide a reasonably working encryption. It is possible to encrypt storage per-application by encrypting /data/data/application folder, and if permissions are set right, it will run.
EncFS also allows timeout and external app to feed the password. It could be quite useful if you want folders to self-unmount, and so that you could provide some sort of a quick-unlock feature (such as: long password on boot, then allow short PIN or pattern lock to "remember" the long password). I am not sure at this time how to use this feature, because it must be a console program with GUI access, and I have no clue how to write one.
Another benefits of EncFS is that it would let selectively encrypt folders on a SD card. For example: you could keep all the music non-encrypted so that phone battery does not drain when you listen to music, but encrypt DCIM folder, so that all the photos are secure.
Just a FYI: Here is a patch to allow you to shrink the filesystem, so native encryption can work again after performing a recovery wipe.
Question: Is there a way (e.g. an app) that allows for PORTABLE encryption of the COMPLETE sdcard and/or specific directories on the sdcard while providing CROSS-COMPATABILITY with Truecrypt/Veracrypt on a Computer? The solution should best be proven to work (no implementational bugs).
--------------------------------------------
Background: In Android M (and I think N) you have the option to either us your sdcard as portable storage or as extended internal. While the first option provides no security what so ever, the latter does render the sdcard useless in case you loose your smartphone (e.g. stolen) or simply want to work with it on a computer from time to time.
For me, neither having a useless sdcard without my smartphone or not being able to save the encryption-container headers myself (like with truecrypt) is an option. Cause if desaster strikes all your data is gone, even if being safeguarded.
As I am sure that there a many security aware users I cannot be the only one looking for this? I've found several apps that offer encryption like sse, crypto ghost etc.... but they do not offer cross-compatibility with a computer.
Thanks.
TheAKAlias said:
Question: Is there a way (e.g. an app) that allows for PORTABLE encryption of the COMPLETE sdcard and/or specific directories on the sdcard while providing CROSS-COMPATABILITY with Truecrypt/Veracrypt on a Computer? The solution should best be proven to work (no implementational bugs).
--------------------------------------------
Background: In Android M (and I think N) you have the option to either us your sdcard as portable storage or as extended internal. While the first option provides no security what so ever, the latter does render the sdcard useless in case you loose your smartphone (e.g. stolen) or simply want to work with it on a computer from time to time.
For me, neither having a useless sdcard without my smartphone or not being able to save the encryption-container headers myself (like with truecrypt) is an option. Cause if desaster strikes all your data is gone, even if being safeguarded.
As I am sure that there a many security aware users I cannot be the only one looking for this? I've found several apps that offer encryption like sse, crypto ghost etc.... but they do not offer cross-compatibility with a computer.
Thanks.
Click to expand...
Click to collapse
Hi,
Try posting your query in:
> General discussion > Security Discussion
Experts there may be able to help you.
Good luck
Hello,
I have a rather interesting question, if someone (expert only please) can help, it would be very much appreciated
I have bought a new phone (Huawei Mate 10 Lite) which already has the preinstalled Android 7 OS.
After I turned it on, I've upgraded it to Android 8 (and EMUI 8) via the Software Updater.
So now, I am running Android 8 on Huawei Mate 10 Lite.
Until here, everything works like charm
The problem starts here: I'm used to having my ENTIRE user data partition (phone/device, call it as you wish) ENCRYPTED.
I am using my phone very much in different environments and if I accidentally loose it or it gets stolen, I want to ensure that nobody can access my private data by any possible means.
So, when I go to the classical place for encrypting phones: Settings -> Security & Privacy, I noticed that the "Encrypt Phone" option is MISSING.
I have only "Encrypt SD Card", but I do not have an SD Card, nor do I use one. I use only the internal flashdisk memory.
I even turned on the Developer mode and searched for that specific setting, but I cannot find it.
I googled about this problem and what I found even deepens the mystery, as there are some contradicting information and it doesn't paint a clear picture on how the hell encryption works on Android 7/8...
- In one place, it says that starting with Android 6 phones, the option of encrypting the entire phone is no longer available, as all phones with Android 6+ preinstalled are already encrypted !
Bump ! Really ?
- Somewhere else, someone says that the Full Disk Encryption (FDE) has been replaced with File Encryption and Google is slowly marking full disk encryption as obsolete...
I found the File Encryption on my phone and I have the possibility to create a file encryption "folder" or "vault" or what is that, but I do NOT want that, as I want the entire partition to be encrypted !
I am using VPNs, SSH keys, Pictures, E-mail accounts, Web browsers with stored passwords, basically the entire user partition contains secrets ! I cannot move everything to a secure container... maybe I forget something, and that something remains unencrypted ?
I cannot move everything to a secure SD Card or to put it in that encrypted "folder", because some secrets are files, some secrets are particular app settings or credentials.
Yes, I read about the fact that in Full Disk Encryption mode, a PIN is required for startup (as I had with my previous phone, which was great for me, by the way), and that PIN can prevent the booting of some basic functions of the device or the functioning alarms or something like that.
To tell you honestly, I don't care about those functions. I only want ENTIRE device encryption with one single PIN code.
I have already changed my SIM PIN (which is another thing, it doesn't relate to this), and I generated a phone PIN & Fingerprint on my phone, and set my phone to Lock after 15 seconds.
For everyday usage, the PIN/Fingerprint is enough to keep others from accessing my content, but what about plain disk access (using some other tools that read the flash disk) if I loose my phone or if my phone gets stolen ?
I liked the previous encryption method.
So, basically, I want to encrypt ENTIRE partition (FDE encryption) with one PIN, not SD Card encryption, not other file encryption solutions, not special vaults, not other stuff... I want my classic encryption back !
Please explain me:
1. Are all the new phones starting from Android 6 already encrypted ?
1.1. If so, why is there a file encryption tool to further encrypt particular files if the user partition is already encrypted ?
1.2. If so, what is the encryption key ? or what kind of encryption is that which does not require a PIN or something ? that means that the key is stored in plain text ? (if I don't offer it a PIN, it means that it must read the key from other places in order to decrypt the data (key that can be read by a thief, too?))
2. If Android 6+ phones are not encrypted, how can I implement full device encryption, and why the hell does Google abandon this kind of full, quick and not-giving-extra-security-thoughts encryption ?
I would kindly ask only experts to reply me.
If you are an expert or you know these things for sure, please reply.
I need a correct, documented (if possible), answer, because the security of my phone depends on it !
Thank you !
Well... anyone ??? Is this really such a hard question ???
I was getting so excited when I read your question, because I am looking for the exact same answer. But then I saw there aren't any answers.
Please can someone who knows about this answer this for us?
Mar0615 said:
I was getting so excited when I read your question, because I am looking for the exact same answer. But then I saw there aren't any answers.
Please can someone who knows about this answer this for us?
Click to expand...
Click to collapse
I'm not an "expert" but I can tell you your data is safe & encrypted by default, that is why you can't find an encryption setting.
As I understand it
1. Yes (Google makes manufacturers sign agreement)
1.1 The data is encrypted on phone but you may choose not to lock it. Also you may allow some other people access to your phone even if you set screen lock or it's possible somebody may get your phone before it automatically locks, that is why here is a separate encryption system that some people may want ho use to encrypt certain files. (I'm assuming this is what you are referring to as I have never used Huawei)
1.2 Yes the system can generate it's own key from it's internal information automatically (note also, if you put in a simple passcode it is just one element the phone will use to generate a long key, so hackers can't crack a simple passkey to get into your phone as it also uses it's internal data to generate the key)
2, All your data is encrypted, ok maybe not all eg if you consider an alarm time your data, as some apps may be able to access limited data eg alarm times.
A quick search produced these two articles that are not overly technical & also show the numerous security improvements that all go to make your phone more secure. I hope it puts your mind at rest (though of course nothing can be guaranteed 100% secure if a well resourced group has physical access to your phone eg a government)
https://m.androidcentral.com/how-android-n-addresses-security
https://www.computerworld.com/article/3220446/android/android-8-oreo-security.html
Hello friends,
I have a Galaxy Note 5 from Verizon; Over the years, I've used this phone extensively for sending SMS messages ("texting") and now would like to gain access to the data files/database backing Verizon's Message+ app. As far as I can tell, none of the App binaries and their associated data are accessible via the standard [non-rooted] Phone-->USB-->PC interface?
A couple questions:
1) Can you confirm that Rooting a Galaxy Note 5 WILL NOT wipe the data that is currently on the device?
(I assume the Root process will not require the device to revert to a factory state, wiping the data files I seek to preserve?)
2) Can you confirm that rooting the device is necessary to access the App binaries & their associated data files?
3) Years ago I read that rooting the Galaxy Note 5 would permanently break the "KNOX" security mechanism as some type of tamper fuse would be blown. I assume this is still the case?
(This phone is no longer my primary phone so while I seek not to damage the phone any more than I have to, I'm now willing to bulldoze the KNOX functionality, if it means I can access the data I want)
(I'm aware the messaging data is likely stored in a proprietary data format, though I have heard rumors Sqlite is used. Regardless, the data format is not a concern provided I can access it)
Thank you in advance for your help!
bump
bump
Bump
SMS Backup & Restore – Apps on Google Play
A simple app that backs up and restores SMS & MMS messages and call logs.
play.google.com
Whoa, there is life out there! Thanks for the response
I'll definitely check out the app, but would definitely be interested in gaining access to a low-level filesystem copy of the messaging data directly from my device.
Can you confirm whether rooting an Android device generally leaves pre-exisisting data (before the root) in place?
it depends what root method you use
if you use magisk or supersu via twrp, you need to unlock bootloader which when you unlock bootlaoder it wipes all data (bootloader is safekeeper to phone partitions, so they can be edited)
but if you use some one clikck root (like kingroot) you wont lose data.
and with root, even if you do access database in /data folder, it will be in sqlite database, and a lot, and completely unsorted.
you can copy it to pc, and create app which can read and sort from database, but otherwise is not usable other than archive, you cant use it in any other app again
but with app without root, you gain same thing, even if you cant use in any app again, you can keep it as archive, as it exctracts (without root)
but with app i think you would be able to recover and use again, depends on device, (like, you wont be able to use those messages from samsung to lg messagess app)
Awesome, thank you for the info. At some point, I would like to explore all of the various ways to root a device, but in this particular case where I want to backup all SMS conversation data (text, pictures, etc.) from the existing (non-rooted) device, it sounds like the one click approach is definitely what I need (vs. unlocking the bootloader)
Your comments about using an App (without root) are also very intriguing. Is there an Android app that can give me access to all the data (or at least all the data that the SMS app would have access to) on the phone without rooting it? (Can you recommend one?) The SMS Backup & Restore App you mentioned earlier seems interesting, but I'd like to get something that will generally allow me to get data from the internal filesystem.
Ideally, I just need some way (ssh/ftp/other) to transfer data from the phone to my PC. I'm fully expecting that I'll have to do some reverse engineering on the database/data files that I copy from the device and alsi do some custom coding to extract the messages (including embedded pictures/ movies) that I wish to preserve.
Thank you again for any other advice or suggestions you can offer!