Database Info

[Q] Encrypted performance

Hello there,
For all those of you that have encrypted their Xoom. Have you noticed any decrease in performance? I'd like to also encrypt mine, but not at the expense of performance.
Best,

A few seconds longer boot time but no performance lost in linpack or quadrant. Is you have auto time setup it will change on you after every reboot though. Very odd bug but for me nothing major.
James

I've been thinking of encrypting mine as well but the concern I have is whether this could lead to incompatibilities or issues that are not known to date. Also while it may not be measurable, there will be a performance hit due to the nature of encryption.
Quick question, if you encrypt do you only have to decrypt via passcode at power on or after sleep? Reason is I hardly ever power mine off so if someone found it or figured out how to unlock it, at that point it'd be decrypted. Not seeing the advantage of this as opposed to a regular passcode/security at the lock screen.

The difference is that while your Xoom is encrypted & locked, you can't access data from a PC. This means that if you lose it no-one can access your data. A major plus if you ask me.

burden010 said:
The difference is that while your Xoom is encrypted & locked, you can't access data from a PC. This means that if you lose it no-one can access your data. A major plus if you ask me.
Click to expand...
Click to collapse
But I though the decryption only happens once at startup (after poweron) so while it's on it's decrypted right? Also I don't think USB works when the device is locked even if it's not encrypted.

I think we should have an official statement from Google about how this encryption works. For personal use it is not a big deal, but if someone is going to use his/her xoom at work, it is very important, specially when one has to deal with the computer and technical department.

mobilehavoc said:
But I though the decryption only happens once at startup (after poweron) so while it's on it's decrypted right? Also I don't think USB works when the device is locked even if it's not encrypted.
Click to expand...
Click to collapse
I'm not sure exactly. I should be getting my Xoom in the next couple of days so I'll test it before I customise it too much so I can factory reset easily enough.

[Q] Data Encryption feature in TF

HI All,
has anyone used the Data Encryption feature on the TF? Are there any known issues? I want to be able to secure my personal data and also my work data stored on my TF.

I was too afraid as every encryption software we have tried in my company has caused performance hits. It's probably the same with the TF.

Kilmar said:
I was too afraid as every encryption software we have tried in my company has caused performance hits. It's probably the same with the TF.
Click to expand...
Click to collapse
That's exactly what I was afraid of too... But there has to be another way to protect my private data and work data...
Mike

I don't think encryption should cause any performance issues. The storage should be decrypted upon boot and then behave normally. That's how laptop full disk encryption works anyway, no performance hit.
The only downside I can see is issues with recovery software etc...
I'm not sure what it encrypts exactly. Maybe just user data? Just the SD card? Full flash?
Sent from my Nexus S using XDA Premium App

csmall said:
I don't think encryption should cause any performance issues. The storage should be decrypted upon boot and then behave normally. That's how laptop full disk encryption works anyway, no performance hit.
The only downside I can see is issues with recovery software etc...
I'm not sure what it encrypts exactly. Maybe just user data? Just the SD card? Full flash?
Sent from my Nexus S using XDA Premium App
Click to expand...
Click to collapse
mind if i ask you where you got this information? it doesn't really make any sense. decrypting an entire drive would be incredibly slow.

finalhit said:
mind if i ask you where you got this information? it doesn't really make any sense. decrypting an entire drive would be incredibly slow.
Click to expand...
Click to collapse
You wouldn't decrypt the entire volume at once though, just what you were trying to access.

You don't actually have to decrypt the disk to access it. It has the key so it can just gain access. The drive is still encrypted, you just can access it. I may not be wording it properly.
Actually decrypting a disk will take time yes. But that isn't the case with accessing it.

that's how i understand encryption works. the password you use merely unlocks the key which is used to decrypt files on demand. of course, the decryption does take a toll on performance, especially on system files that get accessed often.
so it wouldn't be completely without a performance hit.
i do use full encryption on my ubuntu install (i believe including swap) and although it's not noticeable most of the time, i think when things get busy, i does add some overhead.

[Q] Data Wipe After 10 Failed Attempts

As you may know, if you are using a secured lock screen and you enter the password/code/pin incorrectly 10 times in a row, it automatically wipes all data.
As I'm "new", I can't post a link to it, but Phandroid wrote an article on this (and made a video doing it)
I'm looking for a way to disable this.
I rooted using jcase's method. Any ideas?

Dwight Caffery said:
As you may know, if you are using a secured lock screen and you enter the password/code/pin incorrectly 10 times in a row, it automatically wipes all data.
As I'm "new", I can't post a link to it, but Phandroid wrote an article on this (and made a video doing it)
I'm looking for a way to disable this.
I rooted using jcase's method. Any ideas?
Click to expand...
Click to collapse
I think you need /system write access, I am not sure it will work because you can fake write to /system but not really, so I don't think you can fix it without s-off.

here you go
http://phandroid.com/2014/03/31/htc-one-m8-security-video/

I'm just wondering what you're doing to get your passcode/pattern wrong 10x in a row...

sfreemanoh said:
I'm just wondering what you're doing to get your passcode/pattern wrong 10x in a row...
Click to expand...
Click to collapse
It's probably more of an issue with someone else playing with your phone or taking it. I know I don't find it useful at all and would only have a chance to cause problems for me.
Sent from my HTC6525LVW using xda app-developers app

Keithn said:
It's probably more of an issue with someone else playing with your phone or taking it. I know I don't find it useful at all and would only have a chance to cause problems for me.
Sent from my HTC6525LVW using xda app-developers app
Click to expand...
Click to collapse
Yeah, I guess that makes sense. Give it to your kid to play with, only to get it back all fresh and wiped... Thank god I don't have kids!

This annoyed the crap out of me. I travel constantly with my phone and if it gets wiped during travel (and losing pictures and documents), that would equal me being fired from my job. My companies exchange server enforces security, which is good. On other devices, I can simply turn off this absolutely retarded option.
I had the same problem on the HTC M7. Luckily it can be disabled with root.
Anyway, once we get a proper root, you can set the failed attempts = 0 in an system xml file and then you will be good to go.
EDIT:
Edit this file:
/system/customize/ACC/default.xml
change this:
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">10</item>
to this
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">0</item>
Reboot and its disabled.

MultiDev said:
This annoyed the crap out of me. I travel constantly with my phone and if it gets wiped during travel (and losing pictures and documents), that would equal me being fired from my job. My companies exchange server enforces security, which is good. On other devices, I can simply turn off this absolutely retarded option.
Click to expand...
Click to collapse
It isn't a retarded option if you're primary concern is data security. For some it's better to wipe the data clean than have it stolen by an attacker. Unfortunately the people who want this option are in the minority. There should be a toggle for everyone else who would rather keep the device from self destructing.
MultiDev said:
I had the same problem on the HTC M7. Luckily it can be disabled with root.
Anyway, once we get a proper root, you can set the failed attempts = 0 in an system xml file and then you will be good to go.
EDIT:
Edit this file:
/system/customize/ACC/default.xml
change this:
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">10</item>
to this
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">0</item>
Reboot and its disabled.
Click to expand...
Click to collapse
I believe this can be done with the temp root method. I was able to enable writing to the external sd card by modifying the /system/etc/permissions/platform.xml file. I'm guessing it will persist until a hard reboot. I might try to edit the default.xml later.Big fail.

l7777 said:
It isn't a retarded option if you're primary concern is data security. For some it's better to wipe the data clean than have it stolen by an attacker. Unfortunately the people who want this option are in the minority. There should be a toggle for everyone else who would rather keep the device from self destructing.
I believe this can be done with the temp root method. I was able to enable writing to the external sd card by modifying the /system/etc/permissions/platform.xml file. I'm guessing it will persist until a hard reboot. I might try to edit the default.xml later.
Click to expand...
Click to collapse
Don't defend this "feature". Its undefendable. Its a completely retarded option if you can't turn it off. You have no idea how much it worries me when I travel that I could have my device wiped due to 10 in correct entries; I am currently traveling with a company iPhone, because I am that paranoid of it wiping on me. This little "feature" has completely ruined this device for me. Completely and utterly. I would call that a retarded option.
As for data security, I enable encryption and use a strong password. I also have remote wipe options. This feature should be an optional feature, not a mandatory feature. If I'm such a minority, why does no other phone OS mandates this? Not iOS, WP8, blackberry, or even stock android. I've used many phones. Only recent HTC's have mandated this. The HTC One with original 4.2 firmware didn't mandate it.
This feature is completely retarded. Period. End of discussion. BTW, not trying to be mean-spirited or anything, but its just such a dumb move on HTC's part.
With temp root, I might be able to change it, but don't you need a reboot to complete any changes to the system xml?
EDIT:
So I attempted to change it, but the changes didn't stick. Tried a second time, but the phone crashed and rebooted on me.

MultiDev said:
Don't defend this "feature". Its undefendable. Its a completely retarded option if you can't turn it off. You have no idea how much it worries me when I travel that I could have my device wiped due to 10 in correct entries; I am currently traveling with a company iPhone, because I am that paranoid of it wiping on me. This little "feature" has completely ruined this device for me. Completely and utterly. I would call that a retarded option.
Click to expand...
Click to collapse
While the feature should be a user option, it is a good feature for those that need that type of security. As I said before, those are the minority. Most of us are happy with the security you mentioned and would rather the device did not self destruct, myself included.
FYI for anyone using a pattern, it seems you have to touch four dots before it considers it an attempt. I was able to touch any combination of 3 or less dots without lowering the counter.

MultiDev said:
EDIT:
So I attempted to change it, but the changes didn't stick. Tried a second time, but the phone crashed and rebooted on me.
Click to expand...
Click to collapse
Current state of the exploit doesn't allow any changes to /system. Anything that looks like it got changed, really didn't, and even if it seems like it's working now, will revert upon your next reboot.

Dwight Caffery said:
As you may know, if you are using a secured lock screen and you enter the password/code/pin incorrectly 10 times in a row, it automatically wipes all data.
As I'm "new", I can't post a link to it, but Phandroid wrote an article on this (and made a video doing it)
I'm looking for a way to disable this.
I rooted using jcase's method. Any ideas?
Click to expand...
Click to collapse
Same as this thread.....
http://forum.xda-developers.com/showthread.php?t=2700662
Sent from my HTC6525LVW using Tapatalk

This worries me because I have kids. I don't want them wiping my phone by accident.

replica9000 said:
This worries me because I have kids. I don't want them wiping my phone by accident.
Click to expand...
Click to collapse
It will still make you wait between attempts if you get it wrong too many times. As long as they don't get it for a long period of time and don't get bored of trying you'll probably be okay
Sent from my HTC6525LVW using xda app-developers app

This is one of my biggest annoyances with HTC's lock screen. Give me an option to just have a pattern lock. the wiping should be a check box.
why it isn't an option I just don't know. Sure it should be a feature, it shouldn't be a forced one though.

Check out the new app called "nine" its an exchange mail client. You can apply the security settings to the app rather than the phone and also set it to wipe the email account rather than the phone if you reach the max failed attempts.
The client is actually the best i've found yet for email...great interface and options with a two week trial

Gator Brah said:
Check out the new app called "nine" its an exchange mail client. You can apply the security settings to the app rather than the phone and also set it to wipe the email account rather than the phone if you reach the max failed attempts.
The client is actually the best i've found yet for email...great interface and options with a two week trial
Click to expand...
Click to collapse
That is irrelevent for this discussion, exchange can only force a screen lock. HTC has baked in the 10 failure self destruct on any screen lock whether forced by exchange or simply turned on by the user.

l7777 said:
That is irrelevent for this discussion, exchange can only force a screen lock. HTC has baked in the 10 failure self destruct on any screen lock whether forced by exchange or simply turned on by the user.
Click to expand...
Click to collapse
negative ghostrider. I've tested it personally and the exchange securities are only applied to the app itself...not the phone. The exchange account is not even a device administrator which it would need to be to set the lock screen as well as wipe the device.

Gator Brah said:
negative ghostrider. I've tested it personally and the exchange securities are only applied to the app itself...not the phone. The exchange account is not even a device administrator which it would need to be to set the lock screen as well as wipe the device.
Click to expand...
Click to collapse
Ummm, afirmative ghostrider. HTC baked in the 10 time and wipe. regardless if I push a lock screen from my exchange security policies or not, if I turn on the pattern lock or other lock screen it will wipe after 10 times.
Just because you have a specific app that doesn't allow the exchange service to be admin doesn't change the fact that the 10 time wipe IS indeed baked into the lock screen.

I must be the only paranoia type on XDA, since no one has any idea about this, this is surprising...
I run my own Exchange server, and I voluntarily turn these policies on the moment I connect my account with my Android phone (in addition to device encryption).
The policy IS also configurable if you connect via Exchange. By doing so, you delegate it as a device administrator to your phone. Check in "device administrator" settings under the security and see if there are one or more enabled, and see if you can disable the one you're annoyed with.
Seriously though it's not that terrible. I have my phone to self destruct after 5 attempts. My company issued Blackberry has it trigger after 6. The more times you get it wrong, it keeps warning you, and eventually it will actually make you do stuff like type words in to ensure you aren't fat fingering your phone in your pants to give you another unlock attempt. If your company has the audacity that they will fire you because the phone was wiped and you can't read your correspondence, show them the figurative finger and demand a company issued device.
Technically I don't own an M8 phone yet since I'm waiting for the S-OFF before I buy, but I still have a mutated version of Sense running on my Rezound...so this should match up with what you're seeing.

OnePLus stuck trying to encrypt

So I wanted to do the full encryption on my device. Let the device charge, and started the encryption process. The screen went blank, and then a green figure of the android came on the screen and has been there since. Its been almost three hours now? If my phone loses all its data thats ok, but I dont know if a bad encryption could brick the device?
Not sure if this is significant, but I have been on Facebook messenger since my phone was encrypting, and several msgs and text msgs have been showing on the screen?
Any ideas or advice would be great.

The encryption process may take quite a long time; it's not uncommon to see some phones take 6+ hours to encrypt, depending on the internal storage capacity.
AFAIK, Android will encrypt all of the internal storage, even the empty space. So if you have the 64GB version, that's a lot of storage space to encrypt at one go.
I would leave the phone plugged in and running the encryption for at least 24 hours if it's taking a while. It shouldn't take that long, and something might be broken, but better safe than sorry, I suppose.
Interrupting encryption will probably, if not definitely, result in data corruption or loss on the device. Depending on how far along the encryption was, you may end up with a bricked device, but it's pretty much impossible to say for certain what the outcome will be if you interrupt it.

There's a bug in CM11S 33R that broke full device encryption.
Normally, soon as you set a PIN and click encrypt, you will see a green bot, then you phone should restart into the Encryption Progress 1%, 2%, 3%, etc. screen.
As it is right now on CM11S, which is the stock software that the OnePlus One come in, you will see the green bot screen but the damn tying won't restart. OnePlus confirmed this is a bug that should be fixed in next OTA update.
In the mean time, if you unlock your bootloader, encryption will start. Or flash CM11 nightly.

Sorry, might be the wrong thread to ask, but what is the point of encryption, if there is no storage to be removed from this phone?
Send from OnePlus One using Tapatalk

Satras said:
Sorry, might be the wrong thread to ask, but what is the point of encryption, if there is no storage to be removed from this phone?
Click to expand...
Click to collapse
Someone could boot a stolen phone to boatloader, access the partitions (data, internal sd, etc) by adb and copy the contents of your device to an alternate location. One could also flash a custom recovery and create backups and push them over to a pc.
It also seems possible for some devices to unlock the bootloader without wiping data. So there are some unlocked doors, if device is not encrypted.
You can compare it to a WindowsPC -> Just boot from USB-Stick / CD and mount the Harddisk and you can access all of its contents, if device encryption isn't used.

Your should see a percentage indicator when it's encrypting. My 64gb took around an hour or so to finish

nsmart said:
Someone could boot a stolen phone to boatloader, access the partitions (data, internal sd, etc) by adb and copy the contents of your device to an alternate location. One could also flash a custom recovery and create backups and push them over to a pc.
It also seems possible for some devices to unlock the bootloader without wiping data. So there are some unlocked doors, if device is not encrypted.
You can compare it to a WindowsPC -> Just boot from USB-Stick / CD and mount the Harddisk and you can access all of its contents, if device encryption isn't used.
Click to expand...
Click to collapse
Fair Point.
So once they fixed the bug, can I do a nandroid Backup and simply test it. If it ain't my cup of tea, can I simply apply the nandroid Backup again and my phone is unencrypted again?
Send from OnePlus One using Tapatalk

No, nandroid wont apply over an encrypted partition. It requires the partition to be decrypted first.

Hm, so I need to move the Backups to my computer first.
Send from OnePlus One using Tapatalk

Yeh something like that. Worst comes to worst if you forget you can just boot the phone normally and copy SD contents across by USB. Then format and restore nandroid.
I haven't had any issues with encryption, TWRP 2801 fixed it.

Possibly off topic also, sorry, but what are the downsides to full device encryption? Reasons why every isn't doing it? Seems much more secure, although I'm not using it myself at the moment.
Sent via quantum entanglement, focused through my OnePlus One.

Lower performance, less battery life, harder to troubleshoot if it does not boot correctly.
Make sure to have off-site backups when starting the encryption
Send from OnePlus One using Tapatalk

As an addendum, on a fast device like our OPO, the performance penalty is negligible. The security benefits far outweigh the costs, as pin locks are easy to defeat and even without, data can be accessed from bootloader/recovery. Remote wipes are not always reliable and for others like me who keep sensitive emails, company info, SSH/GPG keys, it's peace of mind.
It's also rumored that Android 5 will bring by-default encryption.

Strange, you say pin locks are easy to defeat, but isn't this the default for unlocking your encrypted phone?
Send from OnePlus One using Tapatalk

I changed my decrypt password to 16+ characters, and screen unlock remains at 4 digits. That way inconvenience is minimized.
There is an app on Play Store to set separate screen unlock / decryption passwords.

SenK9 said:
I changed my decrypt password to 16+ characters, and screen unlock remains at 4 digits. That way inconvenience is minimized.
There is an app on Play Store to set separate screen unlock / decryption passwords.
Click to expand...
Click to collapse
Do you know if that app will work with TimePIN? I rather like the app, though it's currently removed from play store while developer works on ART issues, because it changes the screen unlock to the current time which enhances the security of the device. I've thought about doing full device encryption previously but that always made me hesitate with the amount of hassle to check it.

I dont know what TimePIN is, but it should be fine. Changing the decryption password doesn't affect the lockscreen pin/password, they are independent.
Now that I'm back on my computer, I can drop some links here.
Cryptfs password changer
https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager
This changes the pre-boot decryption password ONLY, not your lockscreen password. It's good for people who want a very secure encryption password, but without the hassle of typing it in each time they unlock the device (by default, Android will use the same for both, which has been a long-debated point).
Manually:
If you want to do it manually, you can configure Android's vold module (https://source.android.com/devices/tech/storage/config.html)
At prompt (with root):
Code:
vdc cryptfs enablecrypt inplace <password>
Security:
I can't find the link, but there was a Github script I ran across that was able to extract the encrypted filesystem header from an Android device in recovery mode, to an attached computer and brute force it. For a 4 digit PIN (which is what many people use), it takes less than a minute on an average home PC.
Hopefully that helps somebody ...

SenK9 said:
Yeh something like that. Worst comes to worst if you forget you can just boot the phone normally and copy SD contents across by USB. Then format and restore nandroid.
I haven't had any issues with encryption, TWRP 2801 fixed it.
Click to expand...
Click to collapse
twrp 2801 did allow me to encrypt, but the password will not decrypt in twrp. Color me confused.
Sent from my A0001 using XDA Premium HD app

Error message in TWRP?

SenK9 said:
Error message in TWRP?
Click to expand...
Click to collapse
"Password Failed. Please Try Again"
&
"E: Failed to decrypt data"
I have tried changing the password too, and get the same error.
Sent from my A0001 using XDA Premium HD app

Reversing Pattern/Password/PIN encryption on Lollipop

Hi all,
Everywhere I looked online said that the only way to reverse encryption is to factory wipe. Yet, today, when I went to change my lock screen pattern, I was offered the option to choose whether I still wanted to encrypt my phone with this pattern. I chose no, for the heck of it, and on reboot, it didn't take me to the decryption screen. Went straight to Android.
I'm guessing that the encryption is still there, but it's somehow just bypassing it. Any ideas on how to verify that it's still encrypted?
This is on Stock Lollipop 5.0.1 with no root
EDIT : My phone's encryption status still says "Encrypted" even though it doesn't ask me for a pattern

First, take a pencil and draw an outline of your phone on a plain piece of cardboard paper. Second, this isn't helpful goodnight.

Wrong section dude, you wont get answers here. Go to the Q&A section.

Thank You, bor3d2damax for pointing out the incorrect section! Now that it's in the right section and NolenUmar has shown how childish he can really be - Any ideas as to how to verify that it's still encrypted?

xyancompgeek said:
Any ideas as to how to verify that it's still encrypted?
Click to expand...
Click to collapse
In Lollipop it lets you encrypt without a security method (its even enabled by default on a Nexus 6). A little pointless since it'll just slow down read/write and hardly provide any security, as well as having the usual encryption issues, but whatever.

Lethargy said:
In Lollipop it lets you encrypt without a security method (its even enabled by default on a Nexus 6). A little pointless since it'll just slow down read/write and hardly provide any security, as well as having the usual encryption issues, but whatever.
Click to expand...
Click to collapse
I see. So it simply goes back to that method. Thank You for clearing that up.

Settings>Security>[encrypted]-[encrypt phone]