Reversing Pattern/Password/PIN encryption on Lollipop - Nexus 5 Q&A, Help & Troubleshooting

Hi all,
Everywhere I looked online said that the only way to reverse encryption is to factory wipe. Yet, today, when I went to change my lock screen pattern, I was offered the option to choose whether I still wanted to encrypt my phone with this pattern. I chose no, for the heck of it, and on reboot, it didn't take me to the decryption screen. Went straight to Android.
I'm guessing that the encryption is still there, but it's somehow just bypassing it. Any ideas on how to verify that it's still encrypted?
This is on Stock Lollipop 5.0.1 with no root
EDIT : My phone's encryption status still says "Encrypted" even though it doesn't ask me for a pattern

First, take a pencil and draw an outline of your phone on a plain piece of cardboard paper. Second, this isn't helpful goodnight.

Wrong section dude, you wont get answers here. Go to the Q&A section.

Thank You, bor3d2damax for pointing out the incorrect section! Now that it's in the right section and NolenUmar has shown how childish he can really be - Any ideas as to how to verify that it's still encrypted?

xyancompgeek said:
Any ideas as to how to verify that it's still encrypted?
Click to expand...
Click to collapse
In Lollipop it lets you encrypt without a security method (its even enabled by default on a Nexus 6). A little pointless since it'll just slow down read/write and hardly provide any security, as well as having the usual encryption issues, but whatever.

Lethargy said:
In Lollipop it lets you encrypt without a security method (its even enabled by default on a Nexus 6). A little pointless since it'll just slow down read/write and hardly provide any security, as well as having the usual encryption issues, but whatever.
Click to expand...
Click to collapse
I see. So it simply goes back to that method. Thank You for clearing that up.

Settings>Security>[encrypted]-[encrypt phone]

Related

[Q] Hard Baking in Security?

Does anyone know if it would be possible to bake in security like Wave Secure type of thing in to custom ROMs? I've always thought Wave Secure is a bit pointless if a simple factory reset would clear it and therefore leave the phone ready for the thief or new owner to use as they see fit.
Another layer, not perfect, but still another layer that a thief or finder may not be immediately aware of would be to bake in some security features like tracing or locking in to a custom ROM so even a factory reset wouldn't remove it, possibly something in to the boot loader itself?
Has anyone thought of this?
DroidBois said:
Does anyone know if it would be possible to bake in security like Wave Secure type of thing in to custom ROMs? I've always thought Wave Secure is a bit pointless if a simple factory reset would clear it and therefore leave the phone ready for the thief or new owner to use as they see fit.
Another layer, not perfect, but still another layer that a thief or finder may not be immediately aware of would be to bake in some security features like tracing or locking in to a custom ROM so even a factory reset wouldn't remove it, possibly something in to the boot loader itself?
Has anyone thought of this?
Click to expand...
Click to collapse
People do and have bundled things into roms - often dropping them into /system/app directory, though I don't think anyones gone as deep as into the bootloader?
Though, if your phone is rooted, and your installed the app to /system/app, then a thief could in theory just flash your phone faster than if your phone WASNT rooted. They don't even need to root your phone at that point.
An interest aspect of hardening this, might be to compile your on recovery/bootloader that would require a password to get into.
I think what he's saying is to add the wave secure or similar app into the ROM so that if the thief does a quick "reset to factory settings" after lifting the phone, the security app would survive, perhaps long enough to recover it.
Most thieves would just wipe the phone (if that) to flip it and might not take the time to flash a new ROM.
The tough pay as I see it would be everyone would need their own custom ROM.
Sent from my SPH-D700 using XDA App
Xerloq said:
I think what he's saying is to add the wave secure or similar app into the ROM so that if the thief does a quick "reset to factory settings" after lifting the phone, the security app would survive, perhaps long enough to recover it.
Most thieves would just wipe the phone (if that) to flip it and might not take the time to flash a new ROM.
Click to expand...
Click to collapse
Yep, that's it. I'm assuming most thieves would not recognise a custom ROM or know what to do with it. At least buy some time to try and locate and recover the phone. Only time I'd want a front facing camera.
So what happens if they replace the SIM though? Sending SMS's is nice, but only if your number is still working with that phone. A hard baked security system would send an SMS when the SIM was changed at least.
You shouldn't make a ROM to put an apk into /system/app. You can simply push it through ADB or via terminal emulator. That will atleast survive a factory reset. I don't think many thieves actually take the time to flash a new image
So this is all we need to do? Use the ADB method? So I push through WaveSecure, that could survive a factory reset with settings intact?
Something baked in to recovery would be awesome too.
as far as I know when pushing an apk via adb into system/app then only the app itself is stored there, not the settings. the settings are gone after a system wipe. there needs to be some logic in the app to connect to a site and retrieve your settings from there... using your phone's ID or something.
RAMMANN said:
as far as I know when pushing an apk via adb into system/app then only the app itself is stored there, not the settings. the settings are gone after a system wipe. there needs to be some logic in the app to connect to a site and retrieve your settings from there... using your phone's ID or something.
Click to expand...
Click to collapse
The application itself will survive - but wouldn't all it's data, which still resides in /data/data be wiped?
So yes... the app survived... But it no longer knows who you are, or whose phone it is.
I think the just release CDMA/GSM Droid Pro may have the security you are looking for?
tbaker077 said:
I think the just release CDMA/GSM Droid Pro may have the security you are looking for?
Click to expand...
Click to collapse
It's a bit extreme to fork out another $700 on a new phone just for this. The whole point is to avoid spending money in case of theft or loss
Well part of my unspoke point is this is XDA-Developers, I sure there is a ways(one the rom comes out) to port some of those security files to other Android devices.
tbaker077 said:
Well part of my unspoke point is this is XDA-Developers, I sure there is a ways(one the rom comes out) to port some of those security files to other Android devices.
Click to expand...
Click to collapse
Didn't quite understand you, are saying it is possible to bake in some security?
I think once the Droid Pro, which has it baked in, is either rom dumped and extracted, or rooted then I think it could be possible.
tbaker077 said:
I think once the Droid Pro, which has it baked in, is either rom dumped and extracted, or rooted then I think it could be possible.
Click to expand...
Click to collapse
So something *is* possible via software, not requiring special hardware?
Once some gimboid puts in their own SIM you'd think that you can't send an SMS to control the phone although WaveSecure seems to cover that too.
I'd like something as subtle and as invisible as a good virus. Bootloader would be ideal. Theoretically then a full factory wipe wouldn't clear it.
I couldn't tel you. All I know is the Droid Pro is a 3G CDMA. GSM device with some special enterprise security features/software aimed at the BB users.
Doesn't really help us then if that's only available on the Droid Pro.. For the rest of us we still need to work out how to bake in WaveSecure or, ideally, something very subtle. If someone takes my phone I want to nail the little turd, or at least embarrass him when the phone siren goes off or he gets a loud spoken message or something.
Another point, with IMEI numbers, is this of any use if you bought your phone outright? I.e. if my phone is stolen, I can't get the IMEI blocked can I? And can IMEI numbers be changed?
This may meet your needs/requirements. It is called lookout mobile.
https://www.mylookout.com/
I know Paul at Modaco bakes wavesecure into his roms.. not sure if the data would survive a wipe but then whats the point of baking it in system if it doesn't right? Check it out:
Version R9: (requires membership)
http://android.modaco.com/content/h...-rom-for-htc-desire-online-kitchen-2-2-froyo/
R8: (Free for all)
http://android.modaco.com/content/h...for-htc-desire-with-online-kitchen-2-2-froyo/
Okay.. Just found out. This explains everything!
https://www.wavesecure.com/blog/how-to-make-wavesecure-hard-reset-proof.aspx

Is it possible to lock CWM and Download Mode?

Just wondering, is it possible to password lock CWM and Download Mode, so that a thief or anyone else who doesn't know the password cannot flash another rom?
elevul said:
Just wondering, is it possible to password lock CWM and Download Mode, so that a thief or anyone else who doesn't know the password cannot flash another rom?
Click to expand...
Click to collapse
No, it's not possible.
Theonew said:
No, it's not possible.
Click to expand...
Click to collapse
So if someone steals it he can easily remove all security stuff put into it, by simply reflashing another rom...
What's the ****ing point.
elevul said:
So if someone steals it he can easily remove all security stuff put into it, by simply reflashing another rom...
What's the ****ing point.
Click to expand...
Click to collapse
Even if you could, there would always be a way around it, and if not, i doubt you'd see the phone again anyway. That is unless you have tracking software enabled, but if they know enough about android to know about the recovery and download mode, chances are they'd take the sim card out and go somewhere without gps coverage to give themselves time to get around that.
Bottom line, it would be pointless, if they wanted to get into it badly enough, they would
maxib123 said:
Even if you could, there would always be a way around it, and if not, i doubt you'd see the phone again anyway. That is unless you have tracking software enabled, but if they know enough about android to know about the recovery and download mode, chances are they'd take the sim card out and go somewhere without gps coverage to give themselves time to get around that.
Bottom line, it would be pointless, if they wanted to get into it badly enough, they would
Click to expand...
Click to collapse
Hmm, I don't really care about seeing the phone again, what I want is for them to have a useless brick on their hands, so that stealing it would become pointless.
Have a look on vodafone.it, There are instructions on how to get your phone blocked when it is stolen.
The english language version can be found here: http://www.vodafone.it/engl/services/theft_loss.html
elevul said:
So if someone steals it he can easily remove all security stuff put into it, by simply reflashing another rom...
What's the ****ing point.
Click to expand...
Click to collapse
Yes, it's very sad. I worry a lot about the security of my personal info, data, pictures, etc.. Before using Android I have a BlackBerry 2 years before.. And, that it was hard until without first erasing ALL data and internal memory. In android it is not, the files like pictures, videos, docs.. remain despite a wipe in CWM!! and the lockscreen its gone like factory reset... that's unacceptable . I think that is the main reason Im gonna switch to the hated iphone 5 from an S3... that phone with Encryption+PIN its very tough to unlock, confirmed by a forensic expert. The S3 encryption its useless due to the android recovery and download...
Honchay said:
In android it is not, the files like pictures, videos, docs.. remain despite a wipe in CWM!!
Click to expand...
Click to collapse
Just to clarify, this is only if they are stored on the (internal/external) sdcard and are not wiped.
Sent from my Nexus 4
elevul said:
So if someone steals it he can easily remove all security stuff put into it, by simply reflashing another rom...
What's the ****ing point.
Click to expand...
Click to collapse
I know this is an old post but someone else might find it useful, Avast! Anti-Theft is an awesome tool as it support root installation, so you can do a through wipe of your sd card (premium feature) also if your phone is stolen, it can automatically take a pic n upload it, even if they do a factory reset, the app is still there.
geminixx said:
I know this is an old post but someone else might find it useful, Avast! Anti-Theft is an awesome tool as it support root installation, so you can do a through wipe of your sd card (premium feature) also if your phone is stolen, it can automatically take a pic n upload it, even if they do a factory reset, the app is still there.
Click to expand...
Click to collapse
Cerberus does the same, is cheaper and much more reliable.
It should be possible somehow, even doing some hardware mods like bridging some pins to avoid download mode, actually recovery is lockable
philz touch recowery have a lock recovery by password. But i need close or lock Download Mode in Samsung S4

[Q] Data Wipe After 10 Failed Attempts

As you may know, if you are using a secured lock screen and you enter the password/code/pin incorrectly 10 times in a row, it automatically wipes all data.
As I'm "new", I can't post a link to it, but Phandroid wrote an article on this (and made a video doing it)
I'm looking for a way to disable this.
I rooted using jcase's method. Any ideas?
Dwight Caffery said:
As you may know, if you are using a secured lock screen and you enter the password/code/pin incorrectly 10 times in a row, it automatically wipes all data.
As I'm "new", I can't post a link to it, but Phandroid wrote an article on this (and made a video doing it)
I'm looking for a way to disable this.
I rooted using jcase's method. Any ideas?
Click to expand...
Click to collapse
I think you need /system write access, I am not sure it will work because you can fake write to /system but not really, so I don't think you can fix it without s-off.
here you go
http://phandroid.com/2014/03/31/htc-one-m8-security-video/
I'm just wondering what you're doing to get your passcode/pattern wrong 10x in a row...
sfreemanoh said:
I'm just wondering what you're doing to get your passcode/pattern wrong 10x in a row...
Click to expand...
Click to collapse
It's probably more of an issue with someone else playing with your phone or taking it. I know I don't find it useful at all and would only have a chance to cause problems for me.
Sent from my HTC6525LVW using xda app-developers app
Keithn said:
It's probably more of an issue with someone else playing with your phone or taking it. I know I don't find it useful at all and would only have a chance to cause problems for me.
Sent from my HTC6525LVW using xda app-developers app
Click to expand...
Click to collapse
Yeah, I guess that makes sense. Give it to your kid to play with, only to get it back all fresh and wiped... Thank god I don't have kids!
This annoyed the crap out of me. I travel constantly with my phone and if it gets wiped during travel (and losing pictures and documents), that would equal me being fired from my job. My companies exchange server enforces security, which is good. On other devices, I can simply turn off this absolutely retarded option.
I had the same problem on the HTC M7. Luckily it can be disabled with root.
Anyway, once we get a proper root, you can set the failed attempts = 0 in an system xml file and then you will be good to go.
EDIT:
Edit this file:
/system/customize/ACC/default.xml
change this:
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">10</item>
to this
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">0</item>
Reboot and its disabled.
MultiDev said:
This annoyed the crap out of me. I travel constantly with my phone and if it gets wiped during travel (and losing pictures and documents), that would equal me being fired from my job. My companies exchange server enforces security, which is good. On other devices, I can simply turn off this absolutely retarded option.
Click to expand...
Click to collapse
It isn't a retarded option if you're primary concern is data security. For some it's better to wipe the data clean than have it stolen by an attacker. Unfortunately the people who want this option are in the minority. There should be a toggle for everyone else who would rather keep the device from self destructing.
MultiDev said:
I had the same problem on the HTC M7. Luckily it can be disabled with root.
Anyway, once we get a proper root, you can set the failed attempts = 0 in an system xml file and then you will be good to go.
EDIT:
Edit this file:
/system/customize/ACC/default.xml
change this:
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">10</item>
to this
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">0</item>
Reboot and its disabled.
Click to expand...
Click to collapse
I believe this can be done with the temp root method. I was able to enable writing to the external sd card by modifying the /system/etc/permissions/platform.xml file. I'm guessing it will persist until a hard reboot. I might try to edit the default.xml later.Big fail.
l7777 said:
It isn't a retarded option if you're primary concern is data security. For some it's better to wipe the data clean than have it stolen by an attacker. Unfortunately the people who want this option are in the minority. There should be a toggle for everyone else who would rather keep the device from self destructing.
I believe this can be done with the temp root method. I was able to enable writing to the external sd card by modifying the /system/etc/permissions/platform.xml file. I'm guessing it will persist until a hard reboot. I might try to edit the default.xml later.
Click to expand...
Click to collapse
Don't defend this "feature". Its undefendable. Its a completely retarded option if you can't turn it off. You have no idea how much it worries me when I travel that I could have my device wiped due to 10 in correct entries; I am currently traveling with a company iPhone, because I am that paranoid of it wiping on me. This little "feature" has completely ruined this device for me. Completely and utterly. I would call that a retarded option.
As for data security, I enable encryption and use a strong password. I also have remote wipe options. This feature should be an optional feature, not a mandatory feature. If I'm such a minority, why does no other phone OS mandates this? Not iOS, WP8, blackberry, or even stock android. I've used many phones. Only recent HTC's have mandated this. The HTC One with original 4.2 firmware didn't mandate it.
This feature is completely retarded. Period. End of discussion. BTW, not trying to be mean-spirited or anything, but its just such a dumb move on HTC's part.
With temp root, I might be able to change it, but don't you need a reboot to complete any changes to the system xml?
EDIT:
So I attempted to change it, but the changes didn't stick. Tried a second time, but the phone crashed and rebooted on me.
MultiDev said:
Don't defend this "feature". Its undefendable. Its a completely retarded option if you can't turn it off. You have no idea how much it worries me when I travel that I could have my device wiped due to 10 in correct entries; I am currently traveling with a company iPhone, because I am that paranoid of it wiping on me. This little "feature" has completely ruined this device for me. Completely and utterly. I would call that a retarded option.
Click to expand...
Click to collapse
While the feature should be a user option, it is a good feature for those that need that type of security. As I said before, those are the minority. Most of us are happy with the security you mentioned and would rather the device did not self destruct, myself included.
FYI for anyone using a pattern, it seems you have to touch four dots before it considers it an attempt. I was able to touch any combination of 3 or less dots without lowering the counter.
MultiDev said:
EDIT:
So I attempted to change it, but the changes didn't stick. Tried a second time, but the phone crashed and rebooted on me.
Click to expand...
Click to collapse
Current state of the exploit doesn't allow any changes to /system. Anything that looks like it got changed, really didn't, and even if it seems like it's working now, will revert upon your next reboot.
Dwight Caffery said:
As you may know, if you are using a secured lock screen and you enter the password/code/pin incorrectly 10 times in a row, it automatically wipes all data.
As I'm "new", I can't post a link to it, but Phandroid wrote an article on this (and made a video doing it)
I'm looking for a way to disable this.
I rooted using jcase's method. Any ideas?
Click to expand...
Click to collapse
Same as this thread.....
http://forum.xda-developers.com/showthread.php?t=2700662
Sent from my HTC6525LVW using Tapatalk
This worries me because I have kids. I don't want them wiping my phone by accident.
replica9000 said:
This worries me because I have kids. I don't want them wiping my phone by accident.
Click to expand...
Click to collapse
It will still make you wait between attempts if you get it wrong too many times. As long as they don't get it for a long period of time and don't get bored of trying you'll probably be okay
Sent from my HTC6525LVW using xda app-developers app
This is one of my biggest annoyances with HTC's lock screen. Give me an option to just have a pattern lock. the wiping should be a check box.
why it isn't an option I just don't know. Sure it should be a feature, it shouldn't be a forced one though.
Check out the new app called "nine" its an exchange mail client. You can apply the security settings to the app rather than the phone and also set it to wipe the email account rather than the phone if you reach the max failed attempts.
The client is actually the best i've found yet for email...great interface and options with a two week trial
Gator Brah said:
Check out the new app called "nine" its an exchange mail client. You can apply the security settings to the app rather than the phone and also set it to wipe the email account rather than the phone if you reach the max failed attempts.
The client is actually the best i've found yet for email...great interface and options with a two week trial
Click to expand...
Click to collapse
That is irrelevent for this discussion, exchange can only force a screen lock. HTC has baked in the 10 failure self destruct on any screen lock whether forced by exchange or simply turned on by the user.
l7777 said:
That is irrelevent for this discussion, exchange can only force a screen lock. HTC has baked in the 10 failure self destruct on any screen lock whether forced by exchange or simply turned on by the user.
Click to expand...
Click to collapse
negative ghostrider. I've tested it personally and the exchange securities are only applied to the app itself...not the phone. The exchange account is not even a device administrator which it would need to be to set the lock screen as well as wipe the device.
Gator Brah said:
negative ghostrider. I've tested it personally and the exchange securities are only applied to the app itself...not the phone. The exchange account is not even a device administrator which it would need to be to set the lock screen as well as wipe the device.
Click to expand...
Click to collapse
Ummm, afirmative ghostrider. HTC baked in the 10 time and wipe. regardless if I push a lock screen from my exchange security policies or not, if I turn on the pattern lock or other lock screen it will wipe after 10 times.
Just because you have a specific app that doesn't allow the exchange service to be admin doesn't change the fact that the 10 time wipe IS indeed baked into the lock screen.
I must be the only paranoia type on XDA, since no one has any idea about this, this is surprising...
I run my own Exchange server, and I voluntarily turn these policies on the moment I connect my account with my Android phone (in addition to device encryption).
The policy IS also configurable if you connect via Exchange. By doing so, you delegate it as a device administrator to your phone. Check in "device administrator" settings under the security and see if there are one or more enabled, and see if you can disable the one you're annoyed with.
Seriously though it's not that terrible. I have my phone to self destruct after 5 attempts. My company issued Blackberry has it trigger after 6. The more times you get it wrong, it keeps warning you, and eventually it will actually make you do stuff like type words in to ensure you aren't fat fingering your phone in your pants to give you another unlock attempt. If your company has the audacity that they will fire you because the phone was wiped and you can't read your correspondence, show them the figurative finger and demand a company issued device.
Technically I don't own an M8 phone yet since I'm waiting for the S-OFF before I buy, but I still have a mutated version of Sense running on my Rezound...so this should match up with what you're seeing.

Lollipop - Enabled encryption. Not sure if it worked

Hey guys
I flashed the factory images last night effectively wiping my Nexus 5 and starting from scratch. I did not restore apps and settings either. After I manually installed a bunch of my apps back and changed around a few settings, I decided to enable encryption. However, I don't think it enabled properly.
First, I had not set a PIN lock on my phone yet at the time.
When I decided to enable encryption and go through the process, it didn't ask me to enter a PIN.
It seemingly completed encrypting the phone. When I go back to the security menu, it says "Encrypted".
However, I am not prompted to enter a PIN upon booting the phone (not talking about the lock screen PIN).
So, it seems like it didn't work but I'm not sure. Has anyone else enabled encryption yet?
and yes, I saw the performance degradation that comes with enabling encryption but I'd rather have the security.
definitely sounds like there's an issue there. Do you have a custom recovery? If so, you could boot into that, pull some data and see if it opens. If it does, yeah its not encrypted.
Not worth mentioning degradation. All encryption always has and always will have performance degradation. It's par for the course
That sounds like a good idea. If it's not encrypted, then I guess the only method is to wipe and reinstall again.
mattkroeder said:
That sounds like a good idea. If it's not encrypted, then I guess the only method is to wipe and reinstall again.
Click to expand...
Click to collapse
I think so. You can't reverse the encryption flag without a wipe I dont think
mattkroeder said:
Hey guys
I flashed the factory images last night effectively wiping my Nexus 5 and starting from scratch. I did not restore apps and settings either. After I manually installed a bunch of my apps back and changed around a few settings, I decided to enable encryption. However, I don't think it enabled properly.
First, I had not set a PIN lock on my phone yet at the time.
When I decided to enable encryption and go through the process, it didn't ask me to enter a PIN.
It seemingly completed encrypting the phone. When I go back to the security menu, it says "Encrypted".
However, I am not prompted to enter a PIN upon booting the phone (not talking about the lock screen PIN).
So, it seems like it didn't work but I'm not sure. Has anyone else enabled encryption yet?
and yes, I saw the performance degradation that comes with enabling encryption but I'd rather have the security.
Click to expand...
Click to collapse
Not sure, but i think it's designed to works just like that, the encryption key is not the PIN anymore but something (random?) that is stored somewhere on the phone.
that would protect the data in case someone tries to read it directly from the phone's memory, but useless if you don;t have a PIN/PASSWORD.
I avoided encryption before for exactly that reason (requiring a password to boot). If I lose the phone I want the person that found/stole it to be able to at least boot it. if the person is not a thief there's a contact number so they can call me to give it back. if he/she's a thief well, as long as it's on I can call it, track it, wipe it. even brick it.
by not being able to boot it, the chances of getting it back are 0 if the battery dies or is dead!
http://readwrite.com/2014/10/28/google-android-lollipop-encryption-issues
there isn't much info out there about it.
kenshin33 said:
Not sure, but i think it's designed to works just like that, the encryption key is not the PIN anymore but something (random?) that is stored somewhere on the phone.
that would protect the data in case someone tries to read it directly from the phone's memory, but useless if you don;t have a PIN/PASSWORD.
I avoided encryption before for exactly that reason (requiring a password to boot). If I lose the phone I want the person that found/stole it to be able to at least boot it. if the person is not a thief there's a contact number so they can call me to give it back. if he/she's a thief well, as long as it's on I can call it, track it, wipe it. even brick it.
by not being able to boot it, the chances of getting it back are 0 if the battery dies or is dead!
http://readwrite.com/2014/10/28/google-android-lollipop-encryption-issues
there isn't much info out there about it.
Click to expand...
Click to collapse
I went ahead and wiped the phone again. I reinstalled lollipop and made sure to enable a lockscreen PIN before I enabled encryption. It seems to have encrypted properly. It prompts me for my PIN at boot up now.
You make a good point about encryption making it more difficult for someone to get a hold of me if I lose the phone though.
Same problem here, with Nexus 5 and Android v5
My work Exchange server enforces a security policy to the phone which forces you to enable encryption. So I went ahead and did that, and the email app is still saying that encryption needs to be enabled. When I reboot the phone I never get prompted for a PIN to decrypt the device, yet in the settings screen it says it is encrypted.
I'm going to have to re-flash. Is it possible the issue is caused by leaving the bootloader unlocked? or is this is a bug?
EDIT: Update. Reflashed, but first thing I did was relock the bootloader and enable a security screenlock PIN, *then* encrypted the phone. Now it's prompting me for a PIN on boot and looks like it's worked. Hope the Exchange email policy stays happy this time, as it worked before for about a day before it complained about the lack of encryption
this worked for me also
I did what was stated below and it worked....
1. reflashed,
2. locked bootloader
3. created lock pin
4. encrypted, THEN
5. added MDM control (MAAS360) and exchange email.
It seems to work OK now.
Thanks!
JoyrexJ9 said:
Same problem here, with Nexus 5 and Android v5
My work Exchange server enforces a security policy to the phone which forces you to enable encryption. So I went ahead and did that, and the email app is still saying that encryption needs to be enabled. When I reboot the phone I never get prompted for a PIN to decrypt the device, yet in the settings screen it says it is encrypted.
I'm going to have to re-flash. Is it possible the issue is caused by leaving the bootloader unlocked? or is this is a bug?
EDIT: Update. Reflashed, but first thing I did was relock the bootloader and enable a security screenlock PIN, *then* encrypted the phone. Now it's prompting me for a PIN on boot and looks like it's worked. Hope the Exchange email policy stays happy this time, as it worked before for about a day before it complained about the lack of encryption
Click to expand...
Click to collapse
mattkroeder said:
Hey guys
I flashed the factory images last night effectively wiping my Nexus 5 and starting from scratch. I did not restore apps and settings either. After I manually installed a bunch of my apps back and changed around a few settings, I decided to enable encryption. However, I don't think it enabled properly.
First, I had not set a PIN lock on my phone yet at the time.
When I decided to enable encryption and go through the process, it didn't ask me to enter a PIN.
It seemingly completed encrypting the phone. When I go back to the security menu, it says "Encrypted".
However, I am not prompted to enter a PIN upon booting the phone (not talking about the lock screen PIN).
So, it seems like it didn't work but I'm not sure. Has anyone else enabled encryption yet?
and yes, I saw the performance degradation that comes with enabling encryption but I'd rather have the security.
Click to expand...
Click to collapse
If you set up a screen lock pin the phone will ask you then if you would like the PIN to be enabled or not at boot.
kenshin33 said:
Not sure, but i think it's designed to works just like that, the encryption key is not the PIN anymore but something (random?) that is stored somewhere on the phone.
that would protect the data in case someone tries to read it directly from the phone's memory, but useless if you don;t have a PIN/PASSWORD.
I avoided encryption before for exactly that reason (requiring a password to boot). If I lose the phone I want the person that found/stole it to be able to at least boot it. if the person is not a thief there's a contact number so they can call me to give it back. if he/she's a thief well, as long as it's on I can call it, track it, wipe it. even brick it.
by not being able to boot it, the chances of getting it back are 0 if the battery dies or is dead!
http://readwrite.com/2014/10/28/google-android-lollipop-encryption-issues
there isn't much info out there about it.
Click to expand...
Click to collapse
Sorry for OT, but how can you remotely brick your phone? Just curious in case I ever need to. Don't live in the best of neighborhoods. I can remote wipe, track, take pics. The normal lost/stolen stuff, but I haven't heard of remotely bricking a phone ever.
Nexus 5 still looking to be encrypted
Only a temp fix---Both my Nexus 7, and Nexus 5 just started asked to be encrypted again....
This is still a problem with Lollipop
thegasmaster said:
I did what was stated below and it worked....
1. reflashed,
2. locked bootloader
3. created lock pin
4. encrypted, THEN
5. added MDM control (MAAS360) and exchange email.
It seems to work OK now.
Thanks!
Click to expand...
Click to collapse
wipe efs partition (I do have a backup on my computer) and the phone is no longer a phone.
Just to be clear, you can enable encryption on Android 5.0, and it will not force you to lock the phone. (Like the PIN screen and boot lock). When you buy a Nexus 6/9 the data partition is encrypted but there's no lock set. The following is from this article;
First, the encryption doesn't help much if you haven't set a passcode. Ludwig said studies have shown that roughly have of users don't set passcodes on their devices, largely because they find it inconvenient to keep entering them dozens of times a day. Lollipop will still encrypt your data, but it will also automatically decrypt it in normal use. So if you don't have a passcode, much of your information will be available to anyone who picks up your phone.
Click to expand...
Click to collapse
So if you've enabled encryption, and gone through the process, you're phone data partition is encrypted. It's just not locked down until you use some kind of phone lock too. BTW, the article goes on to describe the limited usefulness of having an encrypted data partition and no phone lock;
Lollipop's encryption still offers some limited protection even under those circumstances—for instance, by protecting stored data against anyone who tries to read it directly from the phone's memory. That could shield user passwords and other sensitive data from attackers.
Click to expand...
Click to collapse
As to why Exchange policies don't see the phone as encrypted is probably due to another issue.
Setting PIN to be required at startup after encryption possible fix
I now have my Nexus 5 & 7 working with exchange on Lollipop using this-
1. Reflashed Lollipop
2. Let phone reinstall all my apps
3. Locked bootloader.
4. Set a screen lock PIN
5. Encrypt phone
6. Set screen lock PIN to be required on start up (this was missing before!)
7. Installed MDM control via Mass360-all policies look to be met, including encryption
8. Installed my exchange account via Gmail
//code.google.com/p/android/issues/detail?id=79342
Updated thread with solution
---
* It used to be that when I did a reboot or shutdown and restart, I would have to enter a password before the system fully started.
* But now the phone boots into the phone without putting in my password. I can reboot the phone and it will boot all the way to the Lock screen, and I can unlock the lock screen with my fingerprint or my backup password.
* I am concerned that somehow my device is either no longer encrypted or that there is some setting which has stored the boot password.
--
Solution :
For those of you who find they have this problem and have not solved it, I found a solution that works, related to a bug (feature?) in Accessibility.
Apologies if this was suggested further in the thread, and that I'm replying to an old post. But I recently had this problem and figured out a solution.
- Accessibility was enabled and for some reason this cached the boot password. So- when I removed the app (rights) and turned off accessibility, and changed (reset/reentered) the password in security settings... On next boot the phone correctly asked me for password.
YMMV.
subs said:
I posted this elsewhere... But I'm having the same problem. Any thoughts? I can post more details, but don't want to repost this everywhere that I see people having the same unresolved problem.
---
* It used to be that when I did a reboot or shutdown and restart, I would have to enter a password before the system fully started.
* But now the phone boots into the phone without putting in my password. I can reboot the phone and it will boot all the way to the Lock screen, and I can unlock the lock screen with my fingerprint or my backup password.
* I am concerned that somehow my device is either no longer encrypted or that there is some setting which has stored the boot password.
Click to expand...
Click to collapse
Hi, please try not to bump threads almost a year old. I realise that it might have taken you a while to actually reach this thread, but hear me out.
Opening a new thread is always better, since software versions, features and devices are most likely different, along with different device usage habits/users.
You say you're having "the same problem"... as.. who exactly? There's a bunch of different specific "issues" that relate to encryption. Be specific.
For instance, you mentioning fingerprint sensor leads me to presume that you are not using a Nexus 5.
Sent from my Nexus 10 using Tapatalk

Making the S8+ completely theft proof

Hey!
It's my first post here so it this isn't the best place for such a question then by all means mods pls move the thread to where it should be
Basically, where I'm currently living (Brazil), things tend to get pretty violent and phone thefts are very common. Now the thing is, if it's an iPhone usually the thieves just throw it away, as once it's locked it becomes useless. When it comes to Android though, some of them will dig deep trying to access your info like pictures, passwords, bank information, among other things. They even manage to break IMEI locks and stuff. I got my S5 stolen recently and the information theft part put me through hell. Yet, I'd much rather have an S8+ then any other iPhone currently, so my question is how could I completely theft proof it?
I'm not really worried about them restoring the phone and reselling it, more about them accessing the data inside of it. I know the SD card can be protected through cryptography (although would accept "stronger" tips if there are any). When it comes to apps, aside from the basics of trusting what you install and stuff, are apps like Cerberus, Knox 2.0, or other Samsung features I'm not aware of, any good against someone who knows what they're doing? Is there a way to disable airplane mode or power offs? Also what is probably my strongest concern: is there a way to completely not allow system changes through a computer, like the one that removes the lock screen?
Being a programmer and computer science undergrad student (although not specializing in security nor mobile), I'd have no problem if the solutions would involve some coding or tweaking, just as long as they prove to be effective.
So, would you guys have any tips on how to completely secure the data given those concerns?
The sd card can be Encrypted and if you have a password lock (fingerprint irsi etc...) then it will ask for that before it will unlock the phone.
Also they have a remote wipe. You can log i to google and remote wipe your phone when you found out its been stolen.
You can set the phone to require a password to decrypt it when it's restarted. You can encrypt the SD card too. You can set it to lock instantly when the screen turns off. And you can use only a password to unlock it (no biometrics), which is the most secure option (if you use a suitable password). Finally, you can set the phone so that you can wipe it remotely, or to wipe itself after a number of consecutive incorrect password attempts. But even without the last two measures, your data will be unreadable without your password.
Unfortunately, though, if thieves are violent enough, they may be able to coerce you into divulging the password. If they succeed, they have full access to your phone.
Gary02468 said:
You can set the phone to require a password to decrypt it when it's restarted. You can encrypt the SD card too. You can set it to lock instantly when the screen turns off. And you can use only a password to unlock it (no biometrics), which is the most secure option (if you use a suitable password). Finally, you can set the phone so that you can wipe it remotely, or to wipe itself after a number of consecutive incorrect password attempts. But even without the last two measures, your data will be unreadable without your password.
Unfortunately, though, if thieves are violent enough, they may be able to coerce you into divulging the password. If they succeed, they have full access to your phone.
Click to expand...
Click to collapse
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
xile6 said:
The sd card can be Encrypted and if you have a password lock (fingerprint irsi etc...) then it will ask for that before it will unlock the phone.
Also they have a remote wipe. You can log i to google and remote wipe your phone when you found out its been stolen.
Click to expand...
Click to collapse
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such
I use smart Lockscreen protector to prevent somebody putting my phone to airline mode or shutting it down ( It won't help phones with removable battery)
If you have the phone encrypted and have the require pin on boot set. And you have the Qualcomm version that is locked down you have nothing to worry about.
Even the iPhone 7 has been jail broken or rooted the S8 with the Qualcomm chip is one of only a few phones that have not been hacked. It's actually WAY more secure than an iPhone.
lvrma said:
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
Click to expand...
Click to collapse
The phone is completely encrypted, so if you set it to require a password to restart and to turn the screen back on, then its contents are unreadable without the password regardless of how you connect to it.
lvrma said:
...
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
If you have a lock screen set you can lock the status of your phone(wifi state, airplane mode, power settings). This way you have to unlock it to toggle these modes.
I just ran across this, some good advice.
http://thedroidguy.com/2017/04/setu...security-features-tutorials-1071462#Tutorial1
lvrma said:
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
Click to expand...
Click to collapse
Like you, I'm interested with this topic, but unlike you, I would like the theief to have a useless phone if they cant unlock it. So that they would think twice the next time they want to steal an android. Else they would just continue stealing since you just put the phone on download mode, connect to a computer and root it.
About your question. Isnt disabling usb debugging mode on developer option block that risk? Also in my note 4, enabling knox will prevent your device from being rooted, at least thats what i understand from the description. i wonder where it is in s8.
speaking of knox, s8 has "Secure folder". its like a secured environment within a phone. Everything you put in here will be protected by knox. Apps, accounts, files, etc. And it would ask for another security to access it(pattern/pin/password).
lvrma said:
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
you mentioned cerberus app, it has a function than can wipe device memory and wipe sd card via SMS command. so if you are fast enough, while the thief is running away and before he pulls out your sim card from the phone, you can send an sms command to wipe data.
Since you mentioned you are a programmer, this may be interesting to you, locking download mode and recovery mode on android to prevent thief from flashing hack to your phone. but this require a bit of patience if android isnt your forte.
https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
BratPAQ said:
Like you, I'm interested with this topic, but unlike you, I would like the theief to have a useless phone if they cant unlock it. So that they would think twice the next time they want to steal an android. Else they would just continue stealing since you just put the phone on download mode, connect to a computer and root it.
About your question. Isnt disabling usb debugging mode on developer option block that risk? Also in my note 4, enabling knox will prevent your device from being rooted, at least thats what i understand from the description. i wonder where it is in s8.
speaking of knox, s8 has "Secure folder". its like a secured environment within a phone. Everything you put in here will be protected by knox. Apps, accounts, files, etc. And it would ask for another security to access it(pattern/pin/password).
you mentioned cerberus app, it has a function than can wipe device memory and wipe sd card via SMS command. so if you are fast enough, while the thief is running away and before he pulls out your sim card from the phone, you can send an sms command to wipe data.
Since you mentioned you are a programmer, this may be interesting to you, locking download mode and recovery mode on android to prevent thief from flashing hack to your phone. but this require a bit of patience if android isnt your forte.
https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
Click to expand...
Click to collapse
Don't put your phone anywhere besides your pocket. Get a cover that makes it look like as different phone with a cracked screen.
the easiest way to encrypt sd and phone, enable adoptable storage.
cantenna said:
the easiest way to encrypt sd and phone, enable adoptable storage.
Click to expand...
Click to collapse
How is that easier than just selecting the Settings options to encrypt the SD card and to require a password to unlock upon restart?
---------- Post added at 06:08 AM ---------- Previous post was at 05:11 AM ----------
lvrma said:
Usually they just put it on airplane mode though, so google remote wipe is useless[.] Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
Yes, and even without airplane mode, they can physically enclose the phone to block all electronic signals. Encrypting the phone (and SD card), using a secure password as the sole unlock method, affords the strongest protection against all attacks (except coercing the password from you).
Gary02468 said:
How is that easier than just selecting the Settings options to encrypt the SD card and to require a password to unlock upon restart?
---------- Post added at 06:08 AM ---------- Previous post was at 05:11 AM ----------
Yes, and even without airplane mode, they can physically enclose the phone to block all electronic signals. Encrypting the phone (and SD card), using a secure password as the sole unlock method, affords the strongest protection against all attacks (except coercing the password from you).
Click to expand...
Click to collapse
oh yea, may bad, i often assume everyone on xda is here because there interested in unlocked boot loaders, root and custom kernels. My recomindation applies only to people who have unlocked pandor's box only.
the method of encyption you suggested the isnt availble for users like me but we can enable adoptable storage which does encrypt the system by other means and it is compatible with root, etc
dynospectrum said:
Don't put your phone anywhere besides your pocket. Get a cover that makes it look like as different phone with a cracked screen.
Click to expand...
Click to collapse
Where can you get/ how can you make such a cover?
Also sometimes when I'm in bad Areas, I go to developer options and turn on some of the screen update stuff, so it flashes the screen purple a lot and make it look messed up.

Categories

Resources