I am wanting to encrypt my phone and sd card. I have been reading around about it all week and still don't understand a few things. I though that the encryption was like blackberry encryption, where you put the password in every time you turn the phone on to the screen lock. After a bit of reading, I understand that the "decryption" is only done at boot up by putting the password in once. After that, you have to put the same password in at the screen lock simply because of a limitation of Android not allowing two different passwords. I do know that there are new ways to use a different password on the screen lock, and even a pattern lock, that's not my issue.
Here are my questions....
1) If the device is technically decrypted after boot up, is the screen lock the only security on the phone once it's turned on?
2) Does the screen lock of an encrypted device have any stronger security than that of an unencrypted device? If not, it seems like the phone is still very vulnerable as long as it's turned on.
3) Finally, on a Blackberry, a wipe is performed by erasing the encryption key. This makes an almost instant wipe of the whole phone and sd card. I know an encrypted device has to be wiped the same as an unencrypted device, but is Android programmed in a way that the encryption ket is wiped first, in case someone pulls a battery or forces a phone off during a wipe? I know that's far-fetched, just curious about how it works.
Hey guys
I flashed the factory images last night effectively wiping my Nexus 5 and starting from scratch. I did not restore apps and settings either. After I manually installed a bunch of my apps back and changed around a few settings, I decided to enable encryption. However, I don't think it enabled properly.
First, I had not set a PIN lock on my phone yet at the time.
When I decided to enable encryption and go through the process, it didn't ask me to enter a PIN.
It seemingly completed encrypting the phone. When I go back to the security menu, it says "Encrypted".
However, I am not prompted to enter a PIN upon booting the phone (not talking about the lock screen PIN).
So, it seems like it didn't work but I'm not sure. Has anyone else enabled encryption yet?
and yes, I saw the performance degradation that comes with enabling encryption but I'd rather have the security.
definitely sounds like there's an issue there. Do you have a custom recovery? If so, you could boot into that, pull some data and see if it opens. If it does, yeah its not encrypted.
Not worth mentioning degradation. All encryption always has and always will have performance degradation. It's par for the course
That sounds like a good idea. If it's not encrypted, then I guess the only method is to wipe and reinstall again.
mattkroeder said:
That sounds like a good idea. If it's not encrypted, then I guess the only method is to wipe and reinstall again.
Click to expand...
Click to collapse
I think so. You can't reverse the encryption flag without a wipe I dont think
mattkroeder said:
Hey guys
I flashed the factory images last night effectively wiping my Nexus 5 and starting from scratch. I did not restore apps and settings either. After I manually installed a bunch of my apps back and changed around a few settings, I decided to enable encryption. However, I don't think it enabled properly.
First, I had not set a PIN lock on my phone yet at the time.
When I decided to enable encryption and go through the process, it didn't ask me to enter a PIN.
It seemingly completed encrypting the phone. When I go back to the security menu, it says "Encrypted".
However, I am not prompted to enter a PIN upon booting the phone (not talking about the lock screen PIN).
So, it seems like it didn't work but I'm not sure. Has anyone else enabled encryption yet?
and yes, I saw the performance degradation that comes with enabling encryption but I'd rather have the security.
Click to expand...
Click to collapse
Not sure, but i think it's designed to works just like that, the encryption key is not the PIN anymore but something (random?) that is stored somewhere on the phone.
that would protect the data in case someone tries to read it directly from the phone's memory, but useless if you don;t have a PIN/PASSWORD.
I avoided encryption before for exactly that reason (requiring a password to boot). If I lose the phone I want the person that found/stole it to be able to at least boot it. if the person is not a thief there's a contact number so they can call me to give it back. if he/she's a thief well, as long as it's on I can call it, track it, wipe it. even brick it.
by not being able to boot it, the chances of getting it back are 0 if the battery dies or is dead!
http://readwrite.com/2014/10/28/google-android-lollipop-encryption-issues
there isn't much info out there about it.
kenshin33 said:
Not sure, but i think it's designed to works just like that, the encryption key is not the PIN anymore but something (random?) that is stored somewhere on the phone.
that would protect the data in case someone tries to read it directly from the phone's memory, but useless if you don;t have a PIN/PASSWORD.
I avoided encryption before for exactly that reason (requiring a password to boot). If I lose the phone I want the person that found/stole it to be able to at least boot it. if the person is not a thief there's a contact number so they can call me to give it back. if he/she's a thief well, as long as it's on I can call it, track it, wipe it. even brick it.
by not being able to boot it, the chances of getting it back are 0 if the battery dies or is dead!
http://readwrite.com/2014/10/28/google-android-lollipop-encryption-issues
there isn't much info out there about it.
Click to expand...
Click to collapse
I went ahead and wiped the phone again. I reinstalled lollipop and made sure to enable a lockscreen PIN before I enabled encryption. It seems to have encrypted properly. It prompts me for my PIN at boot up now.
You make a good point about encryption making it more difficult for someone to get a hold of me if I lose the phone though.
Same problem here, with Nexus 5 and Android v5
My work Exchange server enforces a security policy to the phone which forces you to enable encryption. So I went ahead and did that, and the email app is still saying that encryption needs to be enabled. When I reboot the phone I never get prompted for a PIN to decrypt the device, yet in the settings screen it says it is encrypted.
I'm going to have to re-flash. Is it possible the issue is caused by leaving the bootloader unlocked? or is this is a bug?
EDIT: Update. Reflashed, but first thing I did was relock the bootloader and enable a security screenlock PIN, *then* encrypted the phone. Now it's prompting me for a PIN on boot and looks like it's worked. Hope the Exchange email policy stays happy this time, as it worked before for about a day before it complained about the lack of encryption
this worked for me also
I did what was stated below and it worked....
1. reflashed,
2. locked bootloader
3. created lock pin
4. encrypted, THEN
5. added MDM control (MAAS360) and exchange email.
It seems to work OK now.
Thanks!
JoyrexJ9 said:
Same problem here, with Nexus 5 and Android v5
My work Exchange server enforces a security policy to the phone which forces you to enable encryption. So I went ahead and did that, and the email app is still saying that encryption needs to be enabled. When I reboot the phone I never get prompted for a PIN to decrypt the device, yet in the settings screen it says it is encrypted.
I'm going to have to re-flash. Is it possible the issue is caused by leaving the bootloader unlocked? or is this is a bug?
EDIT: Update. Reflashed, but first thing I did was relock the bootloader and enable a security screenlock PIN, *then* encrypted the phone. Now it's prompting me for a PIN on boot and looks like it's worked. Hope the Exchange email policy stays happy this time, as it worked before for about a day before it complained about the lack of encryption
Click to expand...
Click to collapse
mattkroeder said:
Hey guys
I flashed the factory images last night effectively wiping my Nexus 5 and starting from scratch. I did not restore apps and settings either. After I manually installed a bunch of my apps back and changed around a few settings, I decided to enable encryption. However, I don't think it enabled properly.
First, I had not set a PIN lock on my phone yet at the time.
When I decided to enable encryption and go through the process, it didn't ask me to enter a PIN.
It seemingly completed encrypting the phone. When I go back to the security menu, it says "Encrypted".
However, I am not prompted to enter a PIN upon booting the phone (not talking about the lock screen PIN).
So, it seems like it didn't work but I'm not sure. Has anyone else enabled encryption yet?
and yes, I saw the performance degradation that comes with enabling encryption but I'd rather have the security.
Click to expand...
Click to collapse
If you set up a screen lock pin the phone will ask you then if you would like the PIN to be enabled or not at boot.
kenshin33 said:
Not sure, but i think it's designed to works just like that, the encryption key is not the PIN anymore but something (random?) that is stored somewhere on the phone.
that would protect the data in case someone tries to read it directly from the phone's memory, but useless if you don;t have a PIN/PASSWORD.
I avoided encryption before for exactly that reason (requiring a password to boot). If I lose the phone I want the person that found/stole it to be able to at least boot it. if the person is not a thief there's a contact number so they can call me to give it back. if he/she's a thief well, as long as it's on I can call it, track it, wipe it. even brick it.
by not being able to boot it, the chances of getting it back are 0 if the battery dies or is dead!
http://readwrite.com/2014/10/28/google-android-lollipop-encryption-issues
there isn't much info out there about it.
Click to expand...
Click to collapse
Sorry for OT, but how can you remotely brick your phone? Just curious in case I ever need to. Don't live in the best of neighborhoods. I can remote wipe, track, take pics. The normal lost/stolen stuff, but I haven't heard of remotely bricking a phone ever.
Nexus 5 still looking to be encrypted
Only a temp fix---Both my Nexus 7, and Nexus 5 just started asked to be encrypted again....
This is still a problem with Lollipop
thegasmaster said:
I did what was stated below and it worked....
1. reflashed,
2. locked bootloader
3. created lock pin
4. encrypted, THEN
5. added MDM control (MAAS360) and exchange email.
It seems to work OK now.
Thanks!
Click to expand...
Click to collapse
wipe efs partition (I do have a backup on my computer) and the phone is no longer a phone.
Just to be clear, you can enable encryption on Android 5.0, and it will not force you to lock the phone. (Like the PIN screen and boot lock). When you buy a Nexus 6/9 the data partition is encrypted but there's no lock set. The following is from this article;
First, the encryption doesn't help much if you haven't set a passcode. Ludwig said studies have shown that roughly have of users don't set passcodes on their devices, largely because they find it inconvenient to keep entering them dozens of times a day. Lollipop will still encrypt your data, but it will also automatically decrypt it in normal use. So if you don't have a passcode, much of your information will be available to anyone who picks up your phone.
Click to expand...
Click to collapse
So if you've enabled encryption, and gone through the process, you're phone data partition is encrypted. It's just not locked down until you use some kind of phone lock too. BTW, the article goes on to describe the limited usefulness of having an encrypted data partition and no phone lock;
Lollipop's encryption still offers some limited protection even under those circumstances—for instance, by protecting stored data against anyone who tries to read it directly from the phone's memory. That could shield user passwords and other sensitive data from attackers.
Click to expand...
Click to collapse
As to why Exchange policies don't see the phone as encrypted is probably due to another issue.
Setting PIN to be required at startup after encryption possible fix
I now have my Nexus 5 & 7 working with exchange on Lollipop using this-
1. Reflashed Lollipop
2. Let phone reinstall all my apps
3. Locked bootloader.
4. Set a screen lock PIN
5. Encrypt phone
6. Set screen lock PIN to be required on start up (this was missing before!)
7. Installed MDM control via Mass360-all policies look to be met, including encryption
8. Installed my exchange account via Gmail
//code.google.com/p/android/issues/detail?id=79342
Updated thread with solution
---
* It used to be that when I did a reboot or shutdown and restart, I would have to enter a password before the system fully started.
* But now the phone boots into the phone without putting in my password. I can reboot the phone and it will boot all the way to the Lock screen, and I can unlock the lock screen with my fingerprint or my backup password.
* I am concerned that somehow my device is either no longer encrypted or that there is some setting which has stored the boot password.
--
Solution :
For those of you who find they have this problem and have not solved it, I found a solution that works, related to a bug (feature?) in Accessibility.
Apologies if this was suggested further in the thread, and that I'm replying to an old post. But I recently had this problem and figured out a solution.
- Accessibility was enabled and for some reason this cached the boot password. So- when I removed the app (rights) and turned off accessibility, and changed (reset/reentered) the password in security settings... On next boot the phone correctly asked me for password.
YMMV.
subs said:
I posted this elsewhere... But I'm having the same problem. Any thoughts? I can post more details, but don't want to repost this everywhere that I see people having the same unresolved problem.
---
* It used to be that when I did a reboot or shutdown and restart, I would have to enter a password before the system fully started.
* But now the phone boots into the phone without putting in my password. I can reboot the phone and it will boot all the way to the Lock screen, and I can unlock the lock screen with my fingerprint or my backup password.
* I am concerned that somehow my device is either no longer encrypted or that there is some setting which has stored the boot password.
Click to expand...
Click to collapse
Hi, please try not to bump threads almost a year old. I realise that it might have taken you a while to actually reach this thread, but hear me out.
Opening a new thread is always better, since software versions, features and devices are most likely different, along with different device usage habits/users.
You say you're having "the same problem"... as.. who exactly? There's a bunch of different specific "issues" that relate to encryption. Be specific.
For instance, you mentioning fingerprint sensor leads me to presume that you are not using a Nexus 5.
Sent from my Nexus 10 using Tapatalk
I updated my OnePlus One via OTA to Lollipop, however experienced some issues afterwards, why I factory reset the phone (still being Lollipop, however in a clean state).
First thing I wanted to do was to enable full disk encryption.
Having nothing configured so far - not even the lock screen (hence I didn't configure any PIN/pattern/passhrase so far) - I activated encryption.
I didn't get asked for any PIN/pattern/passphrase. After "encryption" finished, the phone rebooted as usual, however *not* showing me any prompt (what should I've entered anyway?) but Settings -> Security -> Encryption now prints "Encrypted".
Since Encryption can't be undone without a factory reset I'm now having a phone which says it is encrypted, but not asking me for anything when powering it on.
My assumption is - although I don't know for sure - that several people configure the Lock screen before and then switching to full disk encryption - let them believe their phone got encrypted.
I hope I'm totally mistaken here, but right now it feels like full disk encryption on my OnePlus One with the official firmware is completly bogus!
Any comment on this is highly appreciated!
[email protected] said:
I updated my OnePlus One via OTA to Lollipop, however experienced some issues afterwards, why I factory reset the phone (still being Lollipop, however in a clean state).
First thing I wanted to do was to enable full disk encryption.
Having nothing configured so far - not even the lock screen (hence I didn't configure any PIN/pattern/passhrase so far) - I activated encryption.
I didn't get asked for any PIN/pattern/passphrase. After "encryption" finished, the phone rebooted as usual, however *not* showing me any prompt (what should I've entered anyway?) but Settings -> Security -> Encryption now prints "Encrypted".
Since Encryption can't be undone without a factory reset I'm now having a phone which says it is encrypted, but not asking me for anything when powering it on.
My assumption is - although I don't know for sure - that several people configure the Lock screen before and then switching to full disk encryption - let them believe their phone got encrypted.
I hope I'm totally mistaken here, but right now it feels like full disk encryption on my OnePlus One with the official firmware is completly bogus!
Any comment on this is highly appreciated!
Click to expand...
Click to collapse
Your phone is encrypted although without a pin or password set it isn't much use. Perhaps a flaw that your phone doesn't ask you to set one up when going through the process (I thought it did). Although initially it was enabled out of the box (with 5.0 - see Nexus 6) but that would mean maybe asking to set up one to when a person first goes through the set up on their phone, which it didn't do (to my knowledge). Also not everyone wants to use a pin/pass to unlock. The security for certain things is enhanced with fde without a pin pass but obviously if it's protected with a password with fde then it should be well secured.
http://readwrite.com/2014/10/28/google-android-lollipop-encryption-issues
I already posted here about an issue where both my wife's and my GS7E's had a login issue where our pin/password would not be accepted, but with new info thought this should stand alone. It happened again this morning. I awoke to a request for my password to "protect" my fingerprints. The password like the pin in the previous 2 incidents is not accepted. My phone is locked and it seems after contacting both Sprint and Samsung? The only option is a factory reset. I spoke to a rep at Sprint and she said this is a known bug and they are receiving many calls about it. Sometimes, after rejecting the password/pin repeatedly it will suddenly work, but I'm already at the 1hr between tries point. I even tried to use the google dashboard but it will not replace the password because the phone is already locked with a password. I have removed security from my wife's phone to prevent this. I will do the same with my phone when I gain access. After loving the phone, I'm now at a point where I'm considering returning both for either G5's or holding out for the HTC 10 which should be released within my 30 day window. I don't know if this is specifically fingerprint related or pin/password? If you don't want to face a factory reset? You may want to consider turning off login security till a fix is found. Waking up with a locked device and no way of fixing without completely wiping the same is not conducive to a good day.
Why not just use Fingerprint with pattern backup?
its the update APC thats warned about in this forum
it breaks all kinds of stuff
(I posted this in the other topic but will post it here as well to help further discussion)
Yeah, it's the strangest thing. This happened to me as well only it was a password and not a pin. I honestly thought it was a mistake on my part. About a day after initially getting the device and setting up the fingerprint and password, my phone died ( I was using Gear VR and it didn't alert me that battery was even low), and when I rebooted it said something like " enter password for storage encryption" or something of the sort. I assumed it was my unlock password but it wasn't working....
So I looked all over the internet and all I could find were recommendations to try your normal unlock password. I tried and tried until I got the dreaded "you have 9 attempts remaining before factory reset" popped up. That's when I thought back to when I first set up the password and how I wasn't used to the edge of the screen yet. So I kept accidentally hitting keys on the edge while I was typing (because normally you can rest your hand on the edge, but on this if you do that you're pressing the edge of the screen). So I tried my exact password with one of the characters as a common "typo" that I kept making for that letter. And voila! It worked! Now the weirdness continues.
At this point I'm happy I figured it out but found it SO odd that I typed that password so many times and input a typo.... I must had used that password at least 15 times over that day....the odds of me doing a typo every time..slim. So the whole thing felt extremely sketch so I immediately went to change the password (and just turn off security in general, don't need it, just was playing around with fingerprint and needed password) after it booted up. And, of course, even with the typo the pass no longer worked. I tried it until the wait time between each try was an hour, heh. I tried all sorts of typo variations of the password, but to no avail. But, at least the phone was now ON. So I was able to backup my SMS, Apps, Settings, Themes, etc and prepare for the factory reset. What a wild ride.
I have no idea why it even happened in the first place. I never turned on any encryption and I never turned on "require password on boot up." Those settings were even toggled off when I checked while the phone was still on. (couldn't see all settings without password though).
Even weirder, I have no idea why the password with the typo even worked that one time to get it to boot. That same password never worked again.
IDK how widespread this is, but be CAUTIOUS and back up the things that you need to. Also, sign up for a Find My Mobile type service to unlock your phone and give you remote access should happen to you. Or just disable the security altogether until they announce a bug fix for this issue. I thought I was the only one with this issue and chalked it up to a weird freak occurrence. So thanks for the topic as I now know it wasn't just me.
corey52 said:
(I posted this in the other topic but will post it here as well to help further discussion)
Yeah, it's the strangest thing. This happened to me as well only it was a password and not a pin. I honestly thought it was a mistake on my part. About a day after initially getting the device and setting up the fingerprint and password, my phone died ( I was using Gear VR and it didn't alert me that battery was even low), and when I rebooted it said something like " enter password for storage encryption" or something of the sort. I assumed it was my unlock password but it wasn't working....
So I looked all over the internet and all I could find were recommendations to try your normal unlock password. I tried and tried until I got the dreaded "you have 9 attempts remaining before factory reset" popped up. That's when I thought back to when I first set up the password and how I wasn't used to the edge of the screen yet. So I kept accidentally hitting keys on the edge while I was typing (because normally you can rest your hand on the edge, but on this if you do that you're pressing the edge of the screen). So I tried my exact password with one of the characters as a common "typo" that I kept making for that letter. And voila! It worked! Now the weirdness continues.
At this point I'm happy I figured it out but found it SO odd that I typed that password so many times and input a typo.... I must had used that password at least 15 times over that day....the odds of me doing a typo every time..slim. So the whole thing felt extremely sketch so I immediately went to change the password (and just turn off security in general, don't need it, just was playing around with fingerprint and needed password) after it booted up. And, of course, even with the typo the pass no longer worked. I tried it until the wait time between each try was an hour, heh. I tried all sorts of typo variations of the password, but to no avail. But, at least the phone was now ON. So I was able to backup my SMS, Apps, Settings, Themes, etc and prepare for the factory reset. What a wild ride.
I have no idea why it even happened in the first place. I never turned on any encryption and I never turned on "require password on boot up." Those settings were even toggled off when I checked while the phone was still on. (couldn't see all settings without password though).
Even weirder, I have no idea why the password with the typo even worked that one time to get it to boot. That same password never worked again.
IDK how widespread this is, but be CAUTIOUS and back up the things that you need to. Also, sign up for a Find My Mobile type service to unlock your phone and give you remote access should happen to you. Or just disable the security altogether until they announce a bug fix for this issue. I thought I was the only one with this issue and chalked it up to a weird freak occurrence. So thanks for the topic as I now know it wasn't just me.
Click to expand...
Click to collapse
FYI, find my mobile services will allow you to lock an unlocked device with a new password, but will not allow you to lock an already locked device. So far, it appears that using a pattern as the fingerprint backup is immune to the issue, pin and password are not. ALSO, the issue can go away and your pin/password is accepted, even after many tries. The worst case scenario is when this happens after a restart, when you must use your backup method (pin, password or pattern) instead of a fingerprint.
TL;DR - Phone will not accept correct encrypt password. Need to dump data partition to computer and decrypt from there, or something like that.
So I have a Nokia 6.1 from 2018 that I used for just about a year. I upgraded to a nicer phone during summer 2019, at which point I transferred all the data I thought I needed, turned the power off, put the phone on a shelf and forgot about it for many months. I remember when I last powered it down, the battery was fully charged. Quite some time later I realized I needed to retrieve some important data written down in an old OneNote account that was synced with that phone and nothing else. Upon logging in, I discovered Microsoft had wiped the account clean due to an extended period of inactivity, meaning the only copy of that data now exists on that phone and nowhere else.
When I dug out the phone and tried to power it up, the battery was completely flat. I plugged it in and it booted up okay, but it would not accept the passphrase to unlock. I can only assume this is due to some sort of bug in Android (I believe it is running 9 Pie, but I don't remember for certain), as I know for a fact the password is correct. I've been putting off trying to unlock this thing for over a year now, but it needs to be done. I've noticed over my several attempts to enter the password that the phone has been behaving somewhat erratically. For example, it doesn't always respond to the power button right away. I'll try to press it again, and the screen will blink on and off several times. Also, when I first tried to unlock the phone, I could enter the passphrase as many times as I wanted, but now when I try, it locks me out for 30 seconds after each attempt, and also notifies me of the total number of failed attempts. When I reboot the phone, the failed attempt counter resets to zero.
Do I have any recourse here? Since I know the passphrase, is it possible to dump the encrypted data partition to my computer and decrypt it from there? The phone is not rooted, nor does it have any custom ROMs or anything like that. I appreciate any help anyone can give.
Quick addendum, I attempted to sideload the final OTA update sourced from the Nokia OTA Repository on Telegram onto the phone via recovery mode. It is running Android 10 now but still no luck unlocking. Interestingly, however, the failed attempt counter now appears to be working correctly, indicating I have entered the incorrect passphrase 31 times now. I'm not sure how many more times I can do that before it wipes everything.