[Q] Encrypt phone and removing the screen password - General Questions and Answers

Hi,
I think this 'encrypt phone' resource really handy but according to google, that password SHOULD be exactly the same password used for the lock screen (or pin).
In my case I have a password already set up to lock screen but I use Llama to remove that password when at home.
So my question is.. once encrypt is setup and later I remove the Lock screen password (as Llama does), will it mess up? Or cause any harm?
Thanks!

To answer you
rodhash said:
Hi,
I think this 'encrypt phone' resource really handy but according to google, that password SHOULD be exactly the same password used for the lock screen (or pin).
In my case I have a password already set up to lock screen but I use Llama to remove that password when at home.
So my question is.. once encrypt is setup and later I remove the Lock screen password (as Llama does), will it mess up? Or cause any harm?
Thanks!
Click to expand...
Click to collapse
Ive done a very similar thing with my device and when I removed the password it completely locked me out of my phone. I had to hard reset to get back in I wouldnt advise removing the password. Unless your 100% sure you wont be locked out

Related

Security, screen locking

First I'd better cover myself - yes I have searched first and not got the answers!
I'd like to be able to lock my phone so that someone who comes along to try and use it is prompted with a password. Sounds simple, doesn't it?
However, I don't want to be prompted to enter a password every time I turn it on. This means I need to be able to choose to lock it or not when I feel like it. Having to set a password and unset it each time is a real pain.
The old solutions to make this easier - Picture Password, Kai's lock tool etc don't work at all on WM6.
The new, great slidy tool that looks like iPhone doesn't do it either.
Does anyone else have this feature or a workaround? It sounds so simple and it's what I do with my PC all the time. Thanks.
some older pda's had fingerprint readers for that purpos

[GUIDE] Pattern Unlock with Exchange Server Security Policy for 2.1 & 2.2

This actually maybe more of a bug than a setting.
1) Do not setup your exchange account settings yet
2) go to menu > setting > security and set a screen unlock pattern
3) set up your exchange account settings and sync
3a) if your server security requires a pin unlock it will ask you now
3b) go ahead and setup a pin
4) now you'll notice when you turn on the screen you have to swipe down with the htc lock screen then a pin then a pattern unlock.
5) install lockpicker and disable the exchange screen password requirement
6) Now you will swipe down then do the pattern unlock
I hated typing in a pin every time i used my phone when i was on WM and find this is a decent alternative.
To change your lock pattern once you have everything set:
"to reset the unlock pattern, simply enter the wrong pattern 5 times, and then login with your google account. As soon as you've done that, then you are prompted for a new pattern." -- kitstable (Thanks!)
Also here's a nice widget to toggle your lock pattern
http://www.appbrain.com/app/com.curvefish.widgets.lockpatternonoff
Hope it helps.
----------------
Updates for 2.2:
Look at this thread here:
http://forum.xda-developers.com/showthread.php?t=655649
Follow the instructions as you will have to run the script to edit the mail.apk or email.apk depending on whether you are using ASOP or Sense client.
I am running this using the vael rom and it works very well.
Exactly what I was looking for thank you.
Thanks for that, just what I was looking for.
I started with a easy pattern, so found this out trying to change it - to reset the unlock pattern, simply enter the wrong pattern 5 times, and then login with your google account.
As soon as you've done that you're prompted for a new pattern.
Thank you.
You can grab Quick Settings off the market, this will allow you to toggle the pattern on and off, and change the pattern.
cant seem to change the unlock pattern with quick settings but putting in the wrong pattern 5 times then changing seems to work. Also found a cool widget called lockpattern onoff that allows you to toggle whether you want your lock pattern or not.
http://www.appbrain.com/app/com.curvefish.widgets.lockpatternonoff
Very helpful. Thank you.
I followed the directions here and entered the password for Exchange when prompted. I let the screen go and went to unlock, but I didn't have the pattern unlock. I just typed in the password and that is it. Looking at the security settings I now see options for the password and not the visible pattern.
Do have to use a pin for this trick to work? Or did the latest OTA improve security?
You sure you set the patern unlock and verified it worked prior to setting up your exchange account?
With Froyo, I think this functionality is built-in (i.e, you can use pattern unlock for Exchange) without having to go through all the steps mentioned.
I remember being able to do this with one of the CM6 nightly builds.
regulator207 said:
You sure you set the patern unlock and verified it worked prior to setting up your exchange account?
Click to expand...
Click to collapse
Yes, I did verify it before syncing with Exchange. I also created a NAND backup before syncing and after verifying pattern unlock. And if I restore I will go back and it will prompt me to pattern unlock before going into phone.
So even though the Exchange guy told me its just a pin, it appears the policy on the mail server is requiring a password, something strong than just a pin. So I think that is why I am unable to make use of this.
webs05 said:
So even though the Exchange guy told me its just a pin, it appears the policy on the mail server is requiring a password, something strong than just a pin. So I think that is why I am unable to make use of this.
Click to expand...
Click to collapse
are you running 2.1 or 2.2?
I have not tried this, but I am unable to use a pattern unlock by default because of the security requirements. I am only able to use pin/password. I'm on 2.2 rooted now.
What sucks since GOING to 2.2 is that I can't use Swype to unlock the phone. I didn't mind the password since I could draw it with Swype. I hate the password/pin stuff . . . WITHOUT Swype.
Anyway to reenable Swype's use for password entry on 2.2?
lockpicker says its not supported by 2.2. it worked great on 2.1, but i guess the new build really messed it up.
if the dev of lockpicker would make the app work with 2.2, I, and many other would donate pretty good, Im sure.
Or if another dev could make an optionin teh security tab to lock screen after , say, 24 hours of no activity, instead of 15 at teh longest, that would be great...
Just updated first post to reflect some development regarding this feature on 2.2
LAYGO said:
I have not tried this, but I am unable to use a pattern unlock by default because of the security requirements. I am only able to use pin/password. I'm on 2.2 rooted now.
What sucks since GOING to 2.2 is that I can't use Swype to unlock the phone. I didn't mind the password since I could draw it with Swype. I hate the password/pin stuff . . . WITHOUT Swype.
Anyway to reenable Swype's use for password entry on 2.2?
Click to expand...
Click to collapse
Swype works fine for me on 2.2. Just this method doesn't seem to work at all for me. I think the requirements from our Exchange policy are on the strict side.
There was a post on xda forums that used adb to go in and change the settings on the phone to force it to do what lockpicker did but this didn't require an app or even a background service to be running. I am unable to find that post now but I wonder if those same adb commands would work on 2.2. If so we wouldn't have to wait for lock picker to be updated and we could get rid of that background service and save some battery life. I can't remember what section it was in and searching returns too many duplicate posts making it very time consuming to look through that mess to find what I am looking for. If i ever find it I will link it in here.
I have this saved at work, I'll test and post it to see if it works.
strongsad said:
There was a post on xda forums that used adb to go in and change the settings on the phone to force it to do what lockpicker did but this didn't require an app or even a background service to be running. I am unable to find that post now but I wonder if those same adb commands would work on 2.2. If so we wouldn't have to wait for lock picker to be updated and we could get rid of that background service and save some battery life. I can't remember what section it was in and searching returns too many duplicate posts making it very time consuming to look through that mess to find what I am looking for. If i ever find it I will link it in here.
Click to expand...
Click to collapse
Sent from my PC36100 using XDA App
EXCHANGE PASSWORD BYPASS
0. BACKUP settings.db
1. adb shell
2. cd /data/data/com.android.providers.settings/databases
3. sqlite3 settings.db
4. update system set value=0 where name='lockscreen.lockexchange.enable';
5. .exit
I am testing this now, and will let you know.

[Q] Encryption: startup PIN without screen lock

I've just encrypted my Nexus 5 under Android 5.0 and I was hoping I could set a decryption PIN just for the startup boot process, and not every time I unlock my phone. I haven't managed to find a way to do this, though: it's possible to enable a startup PIN if you enable the lock screen PIN, but I don't see a way to simply enable a startup PIN.
My goal is simple: to secure my phone when it's powered off, while making it comfortable to use when it's powered on. Can this be done?
Thank you!
Not by standard. Not sure what affects using apps that turn the secure lock on and off will have. You can test them.
rootSU said:
Not by standard. Not sure what affects using apps that turn the secure lock on and off will have. You can test them.
Click to expand...
Click to collapse
OK, I will, thank you for your response.
jpabloae said:
My goal is simple: to secure my phone when it's powered off
Click to expand...
Click to collapse
When its off its already secure since no electrons flow through it...
jpabloae said:
I've just encrypted my Nexus 5 under Android 5.0 and I was hoping I could set a decryption PIN just for the startup boot process, and not every time I unlock my phone. I haven't managed to find a way to do this, though: it's possible to enable a startup PIN if you enable the lock screen PIN, but I don't see a way to simply enable a startup PIN.
My goal is simple: to secure my phone when it's powered off, while making it comfortable to use when it's powered on. Can this be done?
Thank you!
Click to expand...
Click to collapse
i'd say you want your phone to boot if you loose it (so you can track it), don't you think?
kenshin33 said:
i'd say you want your phone to boot if you loose it (so you can track it), don't you think?
Click to expand...
Click to collapse
That's reasonable in most cases. But there are situations and circumstances in which the data privacy has a higher priority than the ability to track the phone. Anyway the question can be considered independently from its motivations: can I separate the encryption key from the lock screen key? According to issue 29468 and this discussion, it seems it's still not possible.
jpabloae said:
That's reasonable in most cases. But there are situations and circumstances in which the data privacy has a higher priority than the ability to track the phone. Anyway the question can be considered independently from its motivations: can I separate the encryption key from the lock screen key? According to issue 29468 and this discussion, it seems it's still not possible.
Click to expand...
Click to collapse
according to this:
http://source.android.com/devices/tech/encryption/
out of the box, no because the lock screen password/PIN/ is used to encrypt the actual encryption key (randomly generated)
thank you very much b/c indirectly you answered the question I had (the reason I was browsing this thread), namely the boot password thinggy (as I said I'd like the phone to boot, baring an exploit, it's well protected: bootloader relocked, long password, impossible to flash anything without wiping - I sign my builds cm-12 with my own keys, and I crippled the recovery to allow only signed zips-, and no adb -even in recovery- connection outside my own computer, I installed cerberus in the system partition without a backup script, the only way to get rid of it is to explicitly format the system partition, and above all I don't trust the phone ).
that said, it should be possible may be to fiddle with vold's sources to make it so (separate passwords, it shouldn't be too hard ) the only problem in the absence of an "official" solution (be it in AOSP or the flavor du jour Android) the user is backed into a corner : build his own ROM from sources.

Performance with encyrption enabled

Has anyone encrypted their device and if so, how is the performance afterwards? I'm asking because I know the performance on older phones nearly halved after encrypting.
supernova_00 said:
Has anyone encrypted their device and if so, how is the performance afterwards? I'm asking because I know the performance on older phones nearly halved after encrypting.
Click to expand...
Click to collapse
It should come encrypted by default out of the box. In fact, I haven't seen any option to DECRYPT it. So, any benchmarks you see are for an encrypted device.
garyd9 said:
It should come encrypted by default out of the box. In fact, I haven't seen any option to DECRYPT it. So, any benchmarks you see are for an encrypted device.
Click to expand...
Click to collapse
Hmmm seems it is. I searched the settings for encrypt and there is a setting for "Protect encrypted data" the description says "Device is encrypted. Protect your encrypted data by selecting Require screen lock when device turns on. This helps protect data on lost or stolen devices." There are two options "Require screen lock to decrypt data when devices turns on" and "Do not require".
I already have a lock screen set so I'm guessing the encryption doesn't work all the time without selecting the first option? Or would this force a lock screen no matter what, regardless of smart lock settings and/how long after screen turns off that the device locks?
supernova_00 said:
I already have a lock screen set so I'm guessing the encryption doesn't work all the time without selecting the first option? Or would this force a lock screen no matter what, regardless of smart lock settings and/how long after screen turns off that the device locks?
Click to expand...
Click to collapse
My Best Guess on this option is that it controls when data is able to be read. "Do not require" allows the phone to read the data before the screen is unlocked, while the other option requires the screen to be unlocked first.
Why would it need to read the data before unlocking? Well, it my guess is correct, then the device would be mostly useless until that first unlock - unable to get new email, unable to know what wifi AP's it can connect to, etc.
Sadly, my interpretation might be way off on what this option does. It's not documented very well... I'm also not certain how the option relates in regards to "turning on" the device. Does that mean turning it on after a full reset, or after each time the device goes into standby (screen off)?
I can tell you that it does NOT decrypt the device and write decrypted data. It's function relates to the reading only. (In order to "read" encrypted data, it must be decrypted in memory.)
(Obviously, I haven't had a chance to play with the option to explore what it does and how it works...)
supernova_00 said:
Hmmm seems it is. I searched the settings for encrypt and there is a setting for "Protect encrypted data" the description says "Device is encrypted. Protect your encrypted data by selecting Require screen lock when device turns on. This helps protect data on lost or stolen devices." There are two options "Require screen lock to decrypt data when devices turns on" and "Do not require".
I already have a lock screen set so I'm guessing the encryption doesn't work all the time without selecting the first option? Or would this force a lock screen no matter what, regardless of smart lock settings and/how long after screen turns off that the device locks?
Click to expand...
Click to collapse
I think of "Protect encrypted data" as the pre-boot BitLocker password on Windows. When enabled, immediately after the bootloader completes, you're prompted for your unlock pattern. Only after the pattern is given will Android OS boot. It's kinda like a "keep the authorities off my phone" setting. Once powered off, even access to the filesystem from things like ADB is impossible until the pattern is supplied.
- Dave
Lets hope its better than in 5.0 lollipop:
http://www.anandtech.com/show/8725/encryption-and-storage-performance-in-android-50-lollipop
IIRC it uses two pieces of data for the encryption, one is your password and the other is in hardware identifier on the device. Any Lollipop or higher device will typically be encrypted (with some exceptions because some devices lack the hardware for fast encrypting/decrypting) out of the box with just the hardware identifier and once you set the passcode lock will require that to decrypt the user data partition (IIRC this is the only partition encrypted). The settings toggle you mention adds a prompt on reboots to require the passcode on boot but afaik samsung doesn't change the actual android scheme of luks-like encryption. That said I may be full of it and Samsung Knox may invalidate everything I've said
I just played around with the settings...
It only impacts a boot or reboot (which is powering the device off and back on again, or selecting "restart" from the shutdown menu) (which is NOT standby/resume or screen off/on)
Assuming you have a fingerprint and password set up (if you have a fingerprint and pin, replace "password" with "pin):
If configured as "Do not require", it works as you expect.
If configured as "Require screen lock to decrypt data when devices turns on", it appears that the data partition is NOT decrypted on bootup. Nothing on the phone works until the password is entered. It doesn't allow fingerprints, has no notification shade, and doesn't even show the lockscreen wallpaper. (No email or other notifications seem to come through. I didn't test with phone calls.) Once the password is entered initially, the phone spends a couple minutes claiming that it's decrypting, and eventually it goes to the normal lock screen.
---
Be aware that smartphones (especially phones with Samsung Incompetent Engineering software) have been known to reboot at seemingly random times. It could be very frustrating to not get that important notification or phone call... and then realize it was all because the phone rebooted and is locked down until you enter a password. If you are aware of that risk, then by all means go ahead and lock it down. It certainly seems more secure.

My pattern lock is fubar

Hi XDA, I have a Galaxy s8+.
My pattern lock is acting goofy, won't recognise the correct pattern. Fingerprint works fine so I can get into my phone. But entering security settings to disable pattern requires pattern.
Kind of scared to turn off my device.
I have all lost device software enabled and signed into Google. What can I do?
Edit: OK while I have both Samsung and Google Find My Device enabled, in my android settings apparently I didn't give permission to remote unlock. Turn it on? Requires pattern.
Thank you kindly ilu

Categories

Resources