Related
Ive read this can be done incase your external sd card is stolen or lost where u can passcode encrypt the entire card where if someone trys to view jpgs images or video anything for that matter they get a blank image..
Is this a Computer pc encryption deal or native to being done right from the device or an app.
And are they're any downsides to doing it and being able to view yourself from your device while encrypted
Sent from my SGH-T889 using xda app-developers app
lojak29 said:
Ive read this can be done incase your external sd card is stolen or lost where u can passcode encrypt the entire card where if someone trys to view jpgs images or video anything for that matter they get a blank image..
Is this a Computer pc encryption deal or native to being done right from the device or an app.
And are they're any downsides to doing it and being able to view yourself from your device while encrypted
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Settings -> Security -> Encrypt External SD Card (and Encrypt Device).
Keep in mind that it's not worth much if your phone is turned on when the attacker steals it. No matter what.
Against the ordinary thief it'll do fine.
Soooo
stealing the phone gives the person 100% access to the SD card? atleast the iphone has the numeric or alphanumeric password feature and 10 mistakes before Wipe.
L1gh7n1ng said:
Keep in mind that it's not worth much if your phone is turned on when the attacker steals it. No matter what.
Against the ordinary thief it'll do fine.
Click to expand...
Click to collapse
Absolutely right. Still looking for a way to lock out federal forces in case my phone gets "arrested". Any ideas or recommendations?
Encryption of external sd... still is supposed to make any file on sd pass code required. .. as in if someone takes the card out tries it in a pc or other phone they'll see black or blank images .
Essentially making it like Iphone proof .
Only thing can be done is a fat 32 format to clear card.
But I havent tried cause I don't wanna take risks of loosing vital info .
As far as the last post about federal people compromising your phone .... well trust me if they get your phone they can hack anything
Sent from my SGH-T889 using xda app-developers app
what you really need is truecrypt.org/
It might be possible to port it to Android and then use it on the SD card.
In fact it appears it has been done here: code.google.com/p/cryptonite/
stupid 10 message posting crap gawd, someone covert those to real links for people.
shaten said:
what you really need is truecrypt.org/
It might be possible to port it to Android and then use it on the SD card.
In fact it appears it has been done here: code.google.com/p/cryptonite/
stupid 10 message posting crap gawd, someone covert those to real links for people.
Click to expand...
Click to collapse
It seems to only encrypt sdcard contents. I'd probably want my /data encrypted as well.
Product F(RED) said:
Settings -> Security -> Encrypt External SD Card (and Encrypt Device).
Click to expand...
Click to collapse
Sorry to ressurect an old thread. But there is no such option for Cyanogenmod cm-12.1 (Lollipop+). is there a way to encrypt the external sd card?
mrplice said:
Sorry to ressurect an old thread. But there is no such option for Cyanogenmod cm-12.1 (Lollipop+). is there a way to encrypt the external sd card?
Click to expand...
Click to collapse
I once hacked me an EncFS-script that mounts an encrypted folder on my sdcard as sdcard0 and the rest of the sdcard as sdcard1. I use it on my phone since more than a year now without any problems:
http://forum.xda-developers.com/htc-sensation/development/mod-encrypt-sdcard-encfs-t3027711
It may run without any changes on your phone, too. Otherwise you only have to change some paths in the script or ask me for help.
bastei said:
I once hacked me an EncFS-script that mounts an encrypted folder on my sdcard as sdcard0 and the rest of the sdcard as sdcard1. I use it on my phone since more than a year now without any problems:
http://forum.xda-developers.com/htc-sensation/development/mod-encrypt-sdcard-encfs-t3027711
It may run without any changes on your phone, too. Otherwise you only have to change some paths in the script or ask me for help.
Click to expand...
Click to collapse
Thanks for the advice. By looking at that thread I see that you are using encFS. What i have in mind is a full partition encryption (just like LUKS, for instance). Do you know if that would be possible?
mrplice said:
Thanks for the advice. By looking at that thread I see that you are using encFS. What i have in mind is a full partition encryption (just like LUKS, for instance). Do you know if that would be possible?
Click to expand...
Click to collapse
I think by "full partition encryption" you mean "encryption of the file system".? Because if you only mean encryption of "all files on the sdcard" - that's what I actually do. I also wrote three points about my decision for EncFS.
You could try to use TrueCrypt in the same way I use EncFS, but with an encrypted partition. Apart from that I'm not aware of any (easy) way to encrypt the file system. Android uses dm-crypt for internal encryption, but I don't know if and how you can use it to encrypt the sdcard.
The latest luks manager (2.5.1) allows you to encrypt external sdcard, which should me mounted on boot or manually and unlike Encfs, no password is stored in plain text. To have a password stored in plain text is no security at all.
optimumpro said:
[..] unlike Encfs, no password is stored in plain text. To have a password stored in plain text is no security at all.
Click to expand...
Click to collapse
Only out of interest:
I wanted to prevent access to the data on my sdcard if I lose my device. The password is stored on encrypted /data, only readable by root. In what way do you consider that "no security at all"?
bastei said:
Only out of interest:
I wanted to prevent access to the data on my sdcard if I lose my device. The password is stored on encrypted /data, only readable by root. In what way do you consider that "no security at all"?
Click to expand...
Click to collapse
In 2 ways: First, a security model that relies on a separate encryption process that is not provided in that model is not secure. What if data partition is not encrypted? Second, you can't rely on permissions only, if permissions alone were enough, we wouldn't need disk encryption at all. Textsecure used to have a glaring security hole: all sms were stored on disk in plain text. Moxie didn't say encrypt your data, he instead fixed the issue.
optimumpro said:
In 2 ways: First, a security model that relies on a separate encryption process that is not provided in that model is not secure. What if data partition is not encrypted? Second, you can't rely on permissions only, if permissions alone were enough, we wouldn't need disk encryption at all.
Click to expand...
Click to collapse
Funnily enough Android M is saving the encryption key for adopted storage in the exact same way as I did it for my Enfs-folder.
bastei said:
Funnily enough Android M is saving the encryption key for adopted storage in the exact same way as I did it for my Enfs-folder.
Click to expand...
Click to collapse
You still remember? I meant no offence.
Adopted storage: even if this is true, it is still OK, because I don't think you can encrypt adopted storage without encrypting data partition. In other words, there is no way in M the encryption key could be read without first decrypting data. In your case, it is possible, since encrypting SD is independent from encrypting internal data partition. But if I were Google, I would still not save the encryption key in plain...
Hey everyone,
I am wanting to encrypt my D6616. So, a couple of questions:
If I encrypt the phone without the SD card, can I encrypt the SD card later?
If I encrypt the device, can I decrypt it?
Lastly, if you know your PIN, can you recover from a factory reset on your SD card?
Thanks everyone,
Johnathan
johnathanamber said:
Hey everyone,
I am wanting to encrypt my D6616. So, a couple of questions:
If I encrypt the phone without the SD card, can I encrypt the SD card later?
If I encrypt the device, can I decrypt it?
Lastly, if you know your PIN, can you recover from a factory reset on your SD card?
Thanks everyone,
Johnathan
Click to expand...
Click to collapse
1. I am pretty sure, Yes
2. Yes, but during startup, so it would pay to copy the contents to a computer if you wish to remove encryption. then you have to factory reset.
If you go through the process, it will advise you just prior to starting the encryption
@danw_oz,
Thanks for the reply.
I assume that decrypting wouldn't require any external intervention... i.e. there are menu prompts under Security that will do it as opposed to using the shell, etc.
Thanks again,
Johnathan
johnathanamber said:
@danw_oz,
Thanks for the reply.
I assume that decrypting wouldn't require any external intervention... i.e. there are menu prompts under Security that will do it as opposed to using the shell, etc.
Thanks again,
Johnathan
Click to expand...
Click to collapse
Have a read of this http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/
danw_oz said:
Have a read of this http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/
Click to expand...
Click to collapse
@danw_oz,
According to the article you've provided, there is no decryption, unlike what you've informed:
"Encryption is One-Way Only: After encrypting your device’s storage, you can only disable encryption by resetting your phone to its factory default settings. This will also erase all the data stored on your phone, so you’ll have to set it up from scratch."
If your Z3/Z3C is encrypted... do you have a decrypt option now?
Thanks.
Johnathan
Evidently the process isn't reversible... at least during the encryption process, it informs before confirming that it is irreversible.
Thanks for the help,
Johnathan
johnathanamber said:
Evidently the process isn't reversible... at least during the encryption process, it informs before confirming that it is irreversible.
Thanks for the help,
Johnathan
Click to expand...
Click to collapse
The decryption occurs during entering of your pin or password, at which time you would need to copy anything you want to keep off the phone onto a computer.
---------- Post added at 03:07 PM ---------- Previous post was at 03:02 PM ----------
To be honest there is no real benefit of this over just locking your phone, because if you loose your phone it can still be hacked until it is rebooted. If you have find my xperia, you can erase the phone which I am sure includes the SD Card
danw_oz said:
The decryption occurs during entering of your pin or password, at which time you would need to copy anything you want to keep off the phone onto a computer.
Click to expand...
Click to collapse
I understand your reply. The data has to be decrypted before it can be used by the phone and other apps, etc, this only makes logical sense to use decrypted data. since it can't used encrypted data.
I suppose I should have been more clear in my original posting. Once a phone has been encrypted, can the encryption be removed to use the data in its decrypted form? i.e. if I encrypt my SD card, decrypt it, remove it, then place it elsewhere to be used in other devices... the answer is no. Once encrypted, the encryption can't be removed to allow the card to be used elsewhere.... without losing all of the data.
Sorry for the miscommunication.
Thanks,
Johnathan
Did encryption of sd card disabled my phone encryption? After reboot I don't have to use encryption pin on my phone anymore? Can someone explain? Thanks.
VectorM8 said:
Did encryption of sd card disabled my phone encryption? After reboot I don't have to use encryption pin on my phone anymore? Can someone explain? Thanks.
Click to expand...
Click to collapse
Your phone is still encrypted. There is no option to decrypt internal storage. Some functions (like accessibility/service) disable secure startup. To enable pin entry on device boot, go to settings -> lock screen and security -> secure startup
Thanks man.?
Currently I have installed PD1 Stock S5 Verizon, with Root and unlocked Bootloader access but do not have access to write directly on the SD card I'm using Titanium Backup to make my backup apps but now I can not make this restriction, anyone knows of any solution to this problem.
Is this the same question that you have?
http://forum.xda-developers.com/ver...doptable-storage-feature-marshmallow-t3391052
Wynnded said:
Is this the same question that you have?
http://forum.xda-developers.com/ver...doptable-storage-feature-marshmallow-t3391052
Click to expand...
Click to collapse
No this option that mensiona in that post is to use the SD as if the internal storage, what I want is to enable the option Write External Storage Android which is blocked from KK and LL but MM still do not know if already there an alternative to enable this function.
You get prompted when you go to write to the storage. You have to follow the file structure to open up the SD card, but once you do that, you can write to sd.
Sent from my SM-G900V using Tapatalk
musiclover7 said:
You get prompted when you go to write to the storage. You have to follow the file structure to open up the SD card, but once you do that, you can write to sd.
Sent from my SM-G900V using Tapatalk
Click to expand...
Click to collapse
I think what he means is KK-style unrestricted R/W access to the SD card. SDFix might still work, but it hasn't been updated since 2014 and requires root.
In reality though if you enabling full R/W on portable storage breaks Android's use model. The proper way to go about this is to use adoptable storage, which isn't supported out of the box on TouchWiz but can be enabled in CM13.
TheMasterMindGT said:
Currently I have installed PD1 Stock S5 Verizon, with Root and unlocked Bootloader access but do not have access to write directly on the SD card I'm using Titanium Backup to make my backup apps but now I can not make this restriction, anyone knows of any solution to this problem.
Click to expand...
Click to collapse
For Titanium back up, do the following...
open TiBackup
Menu
Preferences...
Backup folder location
Right above the "Detect!" click on "Storage provider:..."
Select DocumentProvider storage
Now you can click on Internal storage and change to SDcard1
Then select "Detect!"
Hopefully that's what you are looking for.
jdrch said:
I think what he means is KK-style unrestricted R/W access to the SD card. SDFix might still work, but it hasn't been updated since 2014 and requires root.
In reality though if you enabling full R/W on portable storage breaks Android's use model. The proper way to go about this is to use adoptable storage, which isn't supported out of the box on TouchWiz but can be enabled in CM13.
Click to expand...
Click to collapse
Thanks friend is right this kind of write access is the desire to enable MM 6.0.1 exactly as that application was previously used in KK and LP. But now I manage to get this kind of access.
johnnybg00d said:
For Titanium back up, do the following...
open TiBackup
Menu
Preferences...
Backup folder location
Right above the "Detect!" click on "Storage provider:..."
Select DocumentProvider storage
Now you can click on Internal storage and change to SDcard1
Then select "Detect!"
Hopefully that's what you are looking for.
Click to expand...
Click to collapse
I've done this procedure but under no circumstances gives access to writing.
Hi everyone,
i hope someone can help me with my Question.
Is the Mate9 encrypted by default?
Unfortunately there is no Option to encrypt the Phone manually.
Which enryption Type will be used? File Based or Full?
Will SD-Cards encrypted by default?
Is there any way to check this?
Update:
The Mate 9 is NOT encrypted.
This will be available in the future.
Pretty sad
Mate 9 is loaded with Android 7.0 Nougat which uses File-based Encryption by default rather than Full-Disk Encryption.
http://www.howtogeek.com/269422/how...ats-direct-boot-for-less-annoying-encryption/
For SD card, I don't know because I don't use SD card on my device.
no sorry, i called the Huawei Support Hotline, the Mate internal storage is not encrypted.
Only the SD Card can be encrypted.
btw: in the developer section there isn´t the point "convert to file encryption"
xacidx said:
Mate 9 is loaded with Android 7.0 Nougat which uses File-based Encryption by default rather than Full-Disk Encryption.
http://www.howtogeek.com/269422/how...ats-direct-boot-for-less-annoying-encryption/
For SD card, I don't know because I don't use SD card on my device.
Click to expand...
Click to collapse
I recall seeing in settings a way to encrypt SD and/or some kind of passcode protect for it.
Sent from my Huawei Mate 9 using XDA Labs
Internal storage is not encrypted by default? That's kinda surprising and disappointing considering how much Huawei was talking about security in their last few events. The file-based encryption should have a negligible performance impact.
Try : settings - fingerprint ID - fingerprint administration - security access - Enable - internal memory / Sd card
Yo can enable encryption there
Enviado desde mi MHA-L29
i think this is not real encryption, this is only a "passcode / fingerprint" safe
https://source.android.com/security/encryption/
Is there any way to check the Filesystem (encrypted or not)?
https://forum.xda-developers.com/mate-9/help/decrypt-internal-storage-t3530224
Someone has trouble seeing files via TWRP.. not sure.. maybe it has internal encryption afterall?
Confuuuzing
Not to get political here but you do know where the Mate series is made? The Chinese Government doesn't want device encryption - so it's not there. And even if it was, I wouldn't trust it.
i dont see this setting. may have to return the phone if i cant encrypt the whole device.
Nexus-Nerd said:
no sorry, i called the Huawei Support Hotline, the Mate internal storage is not encrypted.
Only the SD Card can be encrypted.
Click to expand...
Click to collapse
I can't say whether it is or isn't, but if I go to Settings, Memory & Storage, Default location, and try to switch the default from internal to SD card, I get a message saying my phone has been encrypted and to make sure the external storage is too before proceeding.
Everydevice which comes with nougat installed from huawei is encrypted with (filebased encryption) and every device which gets nougat update like honor 8 and p9 etc gets full diskencryption so the statement is false it's encrypted. The full disk encryption is one encryption step.
The filebased encryption is two way encryption. It uses default hard disk encryption and per app encryption so yes it's encrypted.
LastStandingDroid said:
Everydevice which comes with nougat installed from huawei is encrypted with (filebased encryption) and every device which gets nougat update like honor 8 and p9 etc gets full diskencryption so the statement is false it's encrypted. The full disk encryption is one encryption step.
The filebased encryption is two way encryption. It uses default hard disk encryption and per app encryption so yes it's encrypted.
Click to expand...
Click to collapse
I would like to add that we are talking about the encryption of the /data partition only.
Other parts of your internal memory (like /system) or the SD card are *not* encrpyted
Code:
> adb shell mount | grep cryp
/dev/block/bootdevice/by-name/userdata on /data type f2fs (rw,seclabel,nosuid,nodev,noatime,background_gc=on,discard,user_xattr,inline_xattr,acl,inline_data,extent_cache,[B]inline_encrypt[/B],active_logs=6)
File-based encryption should still be active on internal storage unless you have rooted.
st_voss said:
I would like to add that we are talking about the encryption of the /data partition only.
Other parts of your internal memory (like /system) or the SD card are *not* encrpyted
Code:
> adb shell mount | grep cryp
/dev/block/bootdevice/by-name/userdata on /data type f2fs (rw,seclabel,nosuid,nodev,noatime,background_gc=on,discard,user_xattr,inline_xattr,acl,inline_data,extent_cache,[B]inline_encrypt[/B],active_logs=6)
Click to expand...
Click to collapse
There's no needed for system to be encrypted as there's no sensual data that any vendor will release there. So yes only /data is encrypted
Would u see a reason why system would be encrypted?
Sent from my FRD-L09 using Tapatalk
---------- Post added at 10:00 PM ---------- Previous post was at 09:58 PM ----------
ResonanceZero said:
File-based encryption should still be active on internal storage unless you have rooted.
Click to expand...
Click to collapse
Well technically yes since on nougat it should encrypt all files on storage. Isn't it how it is? Because you still can get into internal storage but files are random names right?
Also I don't see why phone would encrypt your external sd because usually when setup you don't have any sd card inserted so why only /data partition is encrypted is how it should be since u have an option to encrypt external
Sent from my FRD-L09 using Tapatalk
Correct. And we know that this part is working because we see people trying to root struggling with it.
LastStandingDroid said:
There's no needed for system to be encrypted as there's no sensual data that any vendor will release there. So yes only /data is encrypted
Would u see a reason why system would be encrypted?
Sent from my FRD-L09 using Tapatalk
...
Click to expand...
Click to collapse
No, I don't see a reason for an encrypted system partition.
I wanted to make clear that when we talk about Android encryption only encryption of the data partition is meant.
So I was just supporting your point that the Mate 9 is indeed using encryption.
ResonanceZero said:
Correct. And we know that this part is working because we see people trying to root struggling with it.
Click to expand...
Click to collapse
I'm rooted and encrypted.
Everything but magisk.img and /data/magisk/ is encrypted in /data and it runs fine. I don't see why it doesn't encrypt other things when you reboot, but I guess files outside of /data/data, apps, etc are kept as they are since you're not supposed to install things straight to the root of /data anyway.
ante0 said:
I'm rooted and encrypted.
Everything but magisk.img and /data/magisk/ is encrypted in /data and it runs fine. I don't see why it doesn't encrypt other things when you reboot, but I guess files outside of /data/data, apps, etc are kept as they are since you're not supposed to install things straight to the root of /data anyway.
Click to expand...
Click to collapse
Huh. What method are you using? The last instructions I saw all pretty much started with TWRP, and the TWRP thread says that encryption isn't working.
st_voss said:
No, I don't see a reason for an encrypted system partition.
I wanted to make clear that when we talk about Android encryption only encryption of the data partition is meant.
So I was just supporting your point that the Mate 9 is indeed using encryption.
Click to expand...
Click to collapse
Ah i see, sometimes missreading help you to miss the point
Sent from my FRD-L09 using Tapatalk
---------- Post added at 06:56 AM ---------- Previous post was at 06:54 AM ----------
ante0 said:
I'm rooted and encrypted.
Everything but magisk.img and /data/magisk/ is encrypted in /data and it runs fine. I don't see why it doesn't encrypt other things when you reboot, but I guess files outside of /data/data, apps, etc are kept as they are since you're not supposed to install things straight to the root of /data anyway.
Click to expand...
Click to collapse
It should encrypt it if it doesn't there's something wrong. Because it should encrypt on each boot
Sent from my FRD-L09 using Tapatalk