Has anyone encrypted their device and if so, how is the performance afterwards? I'm asking because I know the performance on older phones nearly halved after encrypting.
supernova_00 said:
Has anyone encrypted their device and if so, how is the performance afterwards? I'm asking because I know the performance on older phones nearly halved after encrypting.
Click to expand...
Click to collapse
It should come encrypted by default out of the box. In fact, I haven't seen any option to DECRYPT it. So, any benchmarks you see are for an encrypted device.
garyd9 said:
It should come encrypted by default out of the box. In fact, I haven't seen any option to DECRYPT it. So, any benchmarks you see are for an encrypted device.
Click to expand...
Click to collapse
Hmmm seems it is. I searched the settings for encrypt and there is a setting for "Protect encrypted data" the description says "Device is encrypted. Protect your encrypted data by selecting Require screen lock when device turns on. This helps protect data on lost or stolen devices." There are two options "Require screen lock to decrypt data when devices turns on" and "Do not require".
I already have a lock screen set so I'm guessing the encryption doesn't work all the time without selecting the first option? Or would this force a lock screen no matter what, regardless of smart lock settings and/how long after screen turns off that the device locks?
supernova_00 said:
I already have a lock screen set so I'm guessing the encryption doesn't work all the time without selecting the first option? Or would this force a lock screen no matter what, regardless of smart lock settings and/how long after screen turns off that the device locks?
Click to expand...
Click to collapse
My Best Guess on this option is that it controls when data is able to be read. "Do not require" allows the phone to read the data before the screen is unlocked, while the other option requires the screen to be unlocked first.
Why would it need to read the data before unlocking? Well, it my guess is correct, then the device would be mostly useless until that first unlock - unable to get new email, unable to know what wifi AP's it can connect to, etc.
Sadly, my interpretation might be way off on what this option does. It's not documented very well... I'm also not certain how the option relates in regards to "turning on" the device. Does that mean turning it on after a full reset, or after each time the device goes into standby (screen off)?
I can tell you that it does NOT decrypt the device and write decrypted data. It's function relates to the reading only. (In order to "read" encrypted data, it must be decrypted in memory.)
(Obviously, I haven't had a chance to play with the option to explore what it does and how it works...)
supernova_00 said:
Hmmm seems it is. I searched the settings for encrypt and there is a setting for "Protect encrypted data" the description says "Device is encrypted. Protect your encrypted data by selecting Require screen lock when device turns on. This helps protect data on lost or stolen devices." There are two options "Require screen lock to decrypt data when devices turns on" and "Do not require".
I already have a lock screen set so I'm guessing the encryption doesn't work all the time without selecting the first option? Or would this force a lock screen no matter what, regardless of smart lock settings and/how long after screen turns off that the device locks?
Click to expand...
Click to collapse
I think of "Protect encrypted data" as the pre-boot BitLocker password on Windows. When enabled, immediately after the bootloader completes, you're prompted for your unlock pattern. Only after the pattern is given will Android OS boot. It's kinda like a "keep the authorities off my phone" setting. Once powered off, even access to the filesystem from things like ADB is impossible until the pattern is supplied.
- Dave
Lets hope its better than in 5.0 lollipop:
http://www.anandtech.com/show/8725/encryption-and-storage-performance-in-android-50-lollipop
IIRC it uses two pieces of data for the encryption, one is your password and the other is in hardware identifier on the device. Any Lollipop or higher device will typically be encrypted (with some exceptions because some devices lack the hardware for fast encrypting/decrypting) out of the box with just the hardware identifier and once you set the passcode lock will require that to decrypt the user data partition (IIRC this is the only partition encrypted). The settings toggle you mention adds a prompt on reboots to require the passcode on boot but afaik samsung doesn't change the actual android scheme of luks-like encryption. That said I may be full of it and Samsung Knox may invalidate everything I've said
I just played around with the settings...
It only impacts a boot or reboot (which is powering the device off and back on again, or selecting "restart" from the shutdown menu) (which is NOT standby/resume or screen off/on)
Assuming you have a fingerprint and password set up (if you have a fingerprint and pin, replace "password" with "pin):
If configured as "Do not require", it works as you expect.
If configured as "Require screen lock to decrypt data when devices turns on", it appears that the data partition is NOT decrypted on bootup. Nothing on the phone works until the password is entered. It doesn't allow fingerprints, has no notification shade, and doesn't even show the lockscreen wallpaper. (No email or other notifications seem to come through. I didn't test with phone calls.) Once the password is entered initially, the phone spends a couple minutes claiming that it's decrypting, and eventually it goes to the normal lock screen.
---
Be aware that smartphones (especially phones with Samsung Incompetent Engineering software) have been known to reboot at seemingly random times. It could be very frustrating to not get that important notification or phone call... and then realize it was all because the phone rebooted and is locked down until you enter a password. If you are aware of that risk, then by all means go ahead and lock it down. It certainly seems more secure.
Related
This is for the US Cellular Galaxy S3.
Recently I had encrypted my phone and the Galaxy forced me to use a password for my lock screen, which is fine; I wouldn't expect it to allow any less secure method, but I have since unencrypted the device and still find myself unable to change my lock screen preferences. When I go into Settings>Security>Screen Lock I am prompted to confirm my password and then I am presented with the alternative screen lock options. The problem is that everything is greyed out except for the Password option. Every other screen lock method is greyed and says 'Disabled by administrator, encryption policy, or credential storage' and I can't select anything.
I just want to change back to a PIN but it won't let me
I have tried going into 'Device Administrators' to clear something out or just see what I could do in there and there are no device administrators available. Also, I have tried the 'Clear credentials' option, to no avail.
I'm running stock 4.0.4 ROM, rooted.
rpdmatt said:
This is for the US Cellular Galaxy S3.
Recently I had encrypted my phone and the Galaxy forced me to use a password for my lock screen, which is fine; I wouldn't expect it to allow any less secure method, but I have since unencrypted the device and still find myself unable to change my lock screen preferences. When I go into Settings>Security>Screen Lock I am prompted to confirm my password and then I am presented with the alternative screen lock options. The problem is that everything is greyed out except for the Password option. Every other screen lock method is greyed and says 'Disabled by administrator, encryption policy, or credential storage' and I can't select anything.
I just want to change back to a PIN but it won't let me
I have tried going into 'Device Administrators' to clear something out or just see what I could do in there and there are no device administrators available. Also, I have tried the 'Clear credentials' option, to no avail.
I'm running stock 4.0.4 ROM, rooted.
Click to expand...
Click to collapse
I had that issue before, but clearing the credentials fixed it for me. It happened after i installed a VPN. You may want to just wipe your phone and go fresh.
There's an option to encrypt the contents of your phone (under Security, I think). If that's enabled for some reason, it might force you to use the most secure option.
Sycobob said:
There's an option to encrypt the contents of your phone (under Security, I think). If that's enabled for some reason, it might force you to use the most secure option.
Click to expand...
Click to collapse
The phone had already been decrypted by the time I was trying to change the screen lock.
Interestingly the options came available after I decrypted the SD card that I had in the phone. The only reason I didn't do this before was because I had initially taken the SD card out of the phone thinking that would alleviate me of any restrictions that it might be causing regarding the lock screen, or anything else for that matter.
XInSaNeFartX said:
I had that issue before, but clearing the credentials fixed it for me. It happened after i installed a VPN. You may want to just wipe your phone and go fresh.
Click to expand...
Click to collapse
I had this issue as well after installing a VPN on a different device and clearing the credentials fixed it for me as well.
lock screen options greyed out
rpdmatt said:
This is for the US Cellular Galaxy S3.
Recently I had encrypted my phone and the Galaxy forced me to use a password for my lock screen, which is fine; I wouldn't expect it to allow any less secure method, but I have since unencrypted the device and still find myself unable to change my lock screen preferences. When I go into Settings>Security>Screen Lock I am prompted to confirm my password and then I am presented with the alternative screen lock options. The problem is that everything is greyed out except for the Password option. Every other screen lock method is greyed and says 'Disabled by administrator, encryption policy, or credential storage' and I can't select anything.
I just want to change back to a PIN but it won't let me
I have tried going into 'Device Administrators' to clear something out or just see what I could do in there and there are no device administrators available. Also, I have tried the 'Clear credentials' option, to no avail.
I'm running stock 4.0.4 ROM, rooted.
Click to expand...
Click to collapse
ANSWER
I had this problem on my S3 (firmware ver 4.4.2) recently when I set up a VPN connection and I was forced to change from a pattern screen lock to a 4-digit pin lock. After testing and removing the VPN connection I could not change my screen lock back to pattern because nearly all screen lock options were greyed out. After hours of calls to Verizon and Samsung I found a solution that worked for me.
Go to Settings\Application Manager.
Slide the column headings to view ALL.
Scroll down to the apps that start with S, and look for the app SECURITY POLICY UPDATES. Tap it to open its settings. Then tap CLEAR CACHE. Next tap CLEAR DATA.
Restart your device.
Go to Settings/Lock Screen and all the previously greyed out lock screen options should no longer be greyed out.
go setting === security ==> install from device storage==> press over the registered email and download
it will be fixed :good:
Hi,
I think this 'encrypt phone' resource really handy but according to google, that password SHOULD be exactly the same password used for the lock screen (or pin).
In my case I have a password already set up to lock screen but I use Llama to remove that password when at home.
So my question is.. once encrypt is setup and later I remove the Lock screen password (as Llama does), will it mess up? Or cause any harm?
Thanks!
To answer you
rodhash said:
Hi,
I think this 'encrypt phone' resource really handy but according to google, that password SHOULD be exactly the same password used for the lock screen (or pin).
In my case I have a password already set up to lock screen but I use Llama to remove that password when at home.
So my question is.. once encrypt is setup and later I remove the Lock screen password (as Llama does), will it mess up? Or cause any harm?
Thanks!
Click to expand...
Click to collapse
Ive done a very similar thing with my device and when I removed the password it completely locked me out of my phone. I had to hard reset to get back in I wouldnt advise removing the password. Unless your 100% sure you wont be locked out
I've just encrypted my Nexus 5 under Android 5.0 and I was hoping I could set a decryption PIN just for the startup boot process, and not every time I unlock my phone. I haven't managed to find a way to do this, though: it's possible to enable a startup PIN if you enable the lock screen PIN, but I don't see a way to simply enable a startup PIN.
My goal is simple: to secure my phone when it's powered off, while making it comfortable to use when it's powered on. Can this be done?
Thank you!
Not by standard. Not sure what affects using apps that turn the secure lock on and off will have. You can test them.
rootSU said:
Not by standard. Not sure what affects using apps that turn the secure lock on and off will have. You can test them.
Click to expand...
Click to collapse
OK, I will, thank you for your response.
jpabloae said:
My goal is simple: to secure my phone when it's powered off
Click to expand...
Click to collapse
When its off its already secure since no electrons flow through it...
jpabloae said:
I've just encrypted my Nexus 5 under Android 5.0 and I was hoping I could set a decryption PIN just for the startup boot process, and not every time I unlock my phone. I haven't managed to find a way to do this, though: it's possible to enable a startup PIN if you enable the lock screen PIN, but I don't see a way to simply enable a startup PIN.
My goal is simple: to secure my phone when it's powered off, while making it comfortable to use when it's powered on. Can this be done?
Thank you!
Click to expand...
Click to collapse
i'd say you want your phone to boot if you loose it (so you can track it), don't you think?
kenshin33 said:
i'd say you want your phone to boot if you loose it (so you can track it), don't you think?
Click to expand...
Click to collapse
That's reasonable in most cases. But there are situations and circumstances in which the data privacy has a higher priority than the ability to track the phone. Anyway the question can be considered independently from its motivations: can I separate the encryption key from the lock screen key? According to issue 29468 and this discussion, it seems it's still not possible.
jpabloae said:
That's reasonable in most cases. But there are situations and circumstances in which the data privacy has a higher priority than the ability to track the phone. Anyway the question can be considered independently from its motivations: can I separate the encryption key from the lock screen key? According to issue 29468 and this discussion, it seems it's still not possible.
Click to expand...
Click to collapse
according to this:
http://source.android.com/devices/tech/encryption/
out of the box, no because the lock screen password/PIN/ is used to encrypt the actual encryption key (randomly generated)
thank you very much b/c indirectly you answered the question I had (the reason I was browsing this thread), namely the boot password thinggy (as I said I'd like the phone to boot, baring an exploit, it's well protected: bootloader relocked, long password, impossible to flash anything without wiping - I sign my builds cm-12 with my own keys, and I crippled the recovery to allow only signed zips-, and no adb -even in recovery- connection outside my own computer, I installed cerberus in the system partition without a backup script, the only way to get rid of it is to explicitly format the system partition, and above all I don't trust the phone ).
that said, it should be possible may be to fiddle with vold's sources to make it so (separate passwords, it shouldn't be too hard ) the only problem in the absence of an "official" solution (be it in AOSP or the flavor du jour Android) the user is backed into a corner : build his own ROM from sources.
Hi, I am trying improve the security on my phone, There has been a recent report about a guy who was forced to enter his unlock screen password to border officials at the airport (although he didn't comply). This is a HUGE abuse of power and an even bigger violation of privacy.
I hope never to be in that situation, but if i am i want an easy way out so i am looking for the following solutions:
Entering a secret code / Pattern on the lockscreen that would trigger a factory reset
And / Or
A secret code / Pattern on the lockscreen that would load a "dummy" home Lanucher
as far as i can tell neither exist. Any help/Advice would be great, thanks
Just enter into the guest mode?
HOW??
aniketpatil87 said:
Just enter into the guest mode?
Click to expand...
Click to collapse
How? I mean suppose that official is infront of you , how will you switch to gusest mode wihout letting him know .... i mean in power off option ?? or any other way?
What you are describing is similar to the plausible deniability mode of Truecrypt. However Android doesn't have this function natively, and I don't see how you can implement it without doing some major modification to the system.
What about bringing a secondary phone as a distraction instead?
There is already one major bug in Google Play services 7.0.97 reported by Android Police which alllows attackers to unlock the phone without any password since it takes around 15 ~ 20 seconds to re-apply the lock. Another hole seems that attackers could steal your phone if your phone just gets into the standby mode with disabled sceen. There are general known attacks with such smart-lock enabled function which allows to bypass the pin.
not sure if this is relevant , but on any phone i've owned with a 'swipe-down-status-bar' when phone is showing lock screen all i have to do is swipe the status bar down and can click on any icon to bypass lockscreen then back out of that setting , i.e. settings , apps , wifi , etc. and will be on home screen.
"all I can really do , is stay out of my own way and let the will of heaven be done"
mrrocketdog said:
not sure if this is relevant , but on any phone i've owned with a 'swipe-down-status-bar' when phone is showing lock screen all i have to do is swipe the status bar down and can click on any icon to bypass lockscreen then back out of that setting , i.e. settings , apps , wifi , etc. and will be on home screen.
"all I can really do , is stay out of my own way and let the will of heaven be done"
Click to expand...
Click to collapse
That only works if you didn't set any password lock.
I have es file manager, and i zip and password protect files or folders wich i need but dont want people finding if my phone ever gets stolen. you can check that out.
Maybe there's gonna be something I oversee, but you could (easily) do this with Tasker.
You could use tasker to make an 'app' to login with a different profile on your android. By opening that app, you go into a self-defined stealth-mode, where you disable everything you want to hide and where you open a minimal homescreen.
Tasker + Secure Settings should have all the tools you need to set it up without destroying your real security.
Maybe dual booting to an empty ROM with sdcard access removed and only a small amount of fake information down on the device?
Would not help if they decided to copy your entire devices info for a close exam but should fool most guards into thinking you don't use your phone much.
Just reboot into that ROM at any time you think anyone would ever check.
Occasionally, while on call, or when I open my phone, I get this message (image below)
"Password required for additional security"
I have fingerprint unlock saved in the settings. Instead of allowing fingerprint unlock, it requires entering my password/pin. I use a long and secure password, so it takes time to enter it and make sure it's correct. I already enter this password everytime my phone boots, so this additional request is extremely annoying and unnecessary.
Does anyone know Why this additional request is made? What triggers it? Or How to disable it?
Any help is appreciated
I am also interested
I get this occasionally and I have a short pin. I think it is very much "backing" up fingerprint security since no security is perfect. Good security involves something you have "fingerprint" and something you know "pin" since it would be very unlikely an imposter would have both. I would be very surprised if there is a way to turn the random check of your pin off.
Sent from my ONEPLUS A6003 using Tapatalk
Unfortunately, this "security check" can make your device LESS secure, because it happens at random times. If you're in the grocery store, at someone's house, or anywhere with security camera's, then entering your Pin/Password can be recorded on video. More businesses and people are installing camera's everyday.
In these situations using Fingerprint (instead of Pin) is More Secure. It's for this reason I want to disable it randomly requiring pin/password
hate this
Yep I hate the one that programed this security feature without an obvious way to turn it off, we don't no one telling us what is good for our security. I want it to unlock everytime I touch the finger print scanner, even at startup, and if anything I want it to lock down if I use a certain finger and then require a password.
Mod edit: Removed unacceptable language.
I actually have a pretty simple PIN just because of this situation otherwise fingerprint is just fine :/
can this be disabled? everyone can see me type in my pin when this happens