How (and Why) You can Encrypt Your Android Device?

How much of your life is on your Android? Judging by the fact that you spend nearly three hours every day on mobile devices, probably a lot.

But here’s another fact that might open your eyes:

An average of 10,000+ malicious mobile apps was blocked in 2018, according to a cybersecurity company Symantec.

What does this say?

It says that:

  1. Your Android contains a ton of data;
  2. Someone is interested in stealing that data;
  3. You must protect your data.

How do you do that?

By turning on Android encryption.

In this article, we’ll show you:

Why Should You Use Android Encryption?

Encryption allows you to store data on a device in an unreadable (scrambled) form. For example, here’s why you should consider using an encrypted email.

This is important for three reasons:

  1. To prevent hacking attempts (or at least make them harder);
  2. To protect your private information;
  3. And because certain regulations, like HIPAA, demand it.

When it comes to Android, since it is based on Linux, it uses the same disk encryption that Linux kernel does, dm-crypt.

This means, when you unlock your screen (using a passphrase, PIN, or pattern), your screen unlocks and you can access your data on the phone. Without this, the data on your smartphone would be freely at everyone’s disposal.

How to Turn on Android Encryption?

Your device probably already has encryption turned on by default, so luckily, you don’t have to do anything (you also can’t disable it). 

Well, I guess that’s it for this article.

Kidding, of course. Just in case you have an older device or one that doesn’t have encryption on already, here’s how to enable it:

  1. Make sure your device is 80% or more charged, because the encryption process won’t start at all otherwise;
  2. Keep your device plugged-in during the whole process (this will significantly drain the battery and you don’t want it emptying half-way through;
  3. Unroot your phone (if it is rooted);
  4. Backup your files;
  5. Go to Settings > Security & Privacy;
  1. Tap More Settings;
  2. Go to Encryption and Credentials;
  3. From the menu, select Encrypt Phone;
  4. Read the warning and tap Encrypt Phone;
  5. This should take an hour or so to finish, so grab yourself a snack or a drink and do some other stuff in the meantime.

What are the Android Phone Encryption Pros and Cons?

Of course, encrypting your Android has its benefits, but also some drawbacks. 

Let’s take a look at the pros and cons of encrypting your Android device.

Pros:

  1. Encryption protects the data stored on the device (not the data that travels to and from it though). This can include your personal files and photos or business data like customer information for instance;
  2. If your company is issuing devices to its employees, it’s a good idea to encrypt them beforehand to protect sensitive documents and files;
  3. It also encrypts your app data cache. As such, others are not as likely to retrieve this data;
  4. It’s easy to set up and doesn’t require any additional app installation. As you could see, encrypting your Android takes only a few taps and a little time, but otherwise, it’s a very easy process.

Cons:

  1. Older Android phones may become slow. If you have a low-end Android, you might notice a decrease in its speed and performance. However, we are talking about 2GB and lower phones here, which are pretty rare nowadays, so this shouldn’t be that much of an issue;
  2. You cannot remove Android encryption. If you ever want to remove the encryption from your phone, you’ll find this extremely hard to do. There are some ideas on how this might be done here on Stack Exchange if you want to take a look or try them out, I haven’t tried so I can’t vouch if they work or not;
  3. It takes time. For a lot of Android users, who as we saw spend 3 hours a day on their devices on average, an hour or more during which they can’t use their phone is a very long time;
  4. Encryption is not available on all Android phones. Some Android devices, mostly older ones, are not compatible with encryption. If you have a device like that and you want to turn on Android encryption, tough luck;
  5. You’ll have to “give up” root access on your phone. If you’ve rooted your device (to get access to some features that are not available “out-of-the-box”, you’re going to have to unroot it if you want to encrypt it. The reason for this is that encrypting a rooted device might cause you to lose all of your data. So unroot > encrypt > root.

How secure is Android encryption?

According to the official Android documentation about full-disk encryption:
“Upon first boot, the device creates a randomly generated 128-bit master key and then hashes it with a default password and stored salt. The default password is ‘default_password’. However, the resultant hash is also signed through a TEE (such as TrustZone), which uses a hash of the signature to encrypt the master key
When the user sets the PIN/pass or password on the device, only the 128-bit key is re-encrypted and stored (ie. user PIN/pass/pattern changed do NOT cause re-encryption of userdata.)”

How to remove encryption on Android?

You cannot remove encryption on Android. At least not without some difficulty. It might be possible to unencrypt your Android device by making a backup with adb backup and then converting the backups to .tar files using DroidExplorer.

How to change encryption password Android?

Since Android encryption password is tied to your lock screen password, you would have to use a difficult password every time you want to use your device, which is less than convenient.
Some custom ROMs like Copperhead will allow you to separate encryption and lock screen, but in case you don’t have this, it might be possible to use the cryptfs file as shown here.

Conclusion

As you can see, Android encryption has its benefits and flaws, but by and large, the fact that this could mean the difference between secure and unsecure data on your phone, the advantages heavily outweigh the disadvantages.

We showed you here why you might want to encrypt your Android device (if it isn’t already) and how to do it. This might take an hour off your day (which you can’t use to swipe things on your smartphone), but if you want to protect your data, Android encryption is a good investment.

Speaking of encryption, popular email services like Gmail don’t have very good encryption, especially “at rest”, but only use TLS “in transit” encryption. This is not enough to protect your email data when it’s stored on servers and makes it vulnerable to data breaching.

CTemplar: Armored Email encrypts your data both in transit and at rest and will encrypt the body, subjects and attachments. If you want to truly keep your data safe and enjoy privacy when using email, sign up for CTemplar right now and get a 14-day money-back guarantee.