Google introduced full-device encryption back in Android Gingerbread (2.3.x), but it has undergone some dramatic changes since then. On some higher-end handsets running Lollipop (5.x) and higher, it’s enabled out-of-the-box, while on some older or lower-end devices, you have to turn it on yourself.
Why You Might Want to Encrypt Your Phone
Encryption stores your phone’s data in an unreadable, seemingly scrambled form. (To actually perform the low-level encryption functions, Android uses dm-crypt, which is the standard disk encryption system in the Linux kernel. It’s the same technology used by a variety of Linux distributions.) When you enter your PIN, password, or pattern on the lock screen, your phone decrypts the data, making it understandable. If someone doesn’t know the encryption PIN or password, they can’t access your data. (On Android 5.1 and above, encryption doesn’t require a PIN or password, but it’s highly recommended since not having one would reduce the effectiveness of the encryption.)
Encryption protects the sensitive data on your phone. For example, corporations with sensitive business data on company phones will want to use encryption (with a secured lock screen) to help protect that data from corporate espionage. An attacker won’t be able to access the data without the encryption key, although there are more advanced cracking methods that make it a possibility.
If you’re an average user, you may think you don’t have sensitive data on your phone, but you probably do. If your phone is stolen, that thief now has access to your email inbox, your home address, and any number of other pieces of personal information. Granted, most thieves would also be deterred from accessing your data by a standard unlock code—encrypted or not. And, most thieves are more interested in wiping and selling the phone than accessing your personal data. But, it never hurts to keep that stuff protected.
Things to Consider Before Enabling Encryption
Most newer Android phones ship with encryption already turned on by default. If this is the case for your phone, there is no way to disable encryption. But if you’re using a device that doesn’t have encryption enabled out of the box, there are some things to consider before enabling it:
- Slower Performance: Once a device is encrypted, the data has to be decrypted on-the-fly every time you access it. Therefore, you may see a bit of a performance drop once it’s enabled, though it’s generally not noticeable for most users (especially if you have a powerful phone).
- Encryption is one-way: If you enable encryption yourself, the only way to undo the process is by factory resetting the device and starting over from scratch. So make sure you’re sure before you start the process.
- If you’re rooted, you’ll need to temporarily unroot: If you try to encrypt a rooted phone, you’ll run into problems. You can encrypt your rooted phone, but you’ll have to unroot it first, go through the encryption process, then re-root afteward.
These aren’t meant to deter you from encrypting your phone-—just to give you an idea of what caveats it comes with. For most people, we think the added protection is well worth it.
How to Enable Encryption in Android
Before you get started, there are a few things worth noting:
- Encrypting the device can take an hour or longer.
- Your device’s battery must be at least 80% charged. Android won’t even start the process otherwise.
- Your device must be plugged in throughout the entire process.
- Again, if you’re rooted, be sure to unroot your phone before continuing!
Basically, make sure you’ve got plenty of time and battery before you start the process. If you interfere with the process or end it before it’s finished, you will likely lose all your data. Once the process is started, it’s best to just leave the device alone and let it do its thing.
With all the caveats out of the way, you’re ready to encrypt your device.
Start by heading into the Settings menu and tapping on “Security,” again keeping in mind that the wording may be slightly different. If your device is already encrypted, it will show up here. Some devices will also allow SD card contents to be encrypted, but by default Android just encrypts on-board storage.
If the device isn’t encrypted, you can start the process by tapping the “Encrypt phone” option.
The next screen will present a warning to let you know what to expect once the process is finished, most of which we’ve already talked about in this article. If you’re ready to proceed, hit the “Encrypt phone” button.
One more warning will present itself (seriously, they want to make sure you know what’s happening here), which tells you not to interrupt the process. If you’re still not scared away, one more tap of the “Encrypt phone” button will do the trick.
The phone will then reboot and start the encryption process. A progress bar and estimated time till completion will show up, which should at least provide an idea of how long you’ll be without your beloved handset. Just wait, it’ll all be okay soon. You can do this. You’re strong.
Once it’s finished, the phone will reboot and you’re back in business. If you set up a lock screen password, PIN, or pattern, you’ll have to put it in now so the device will finish the boot process.
If you haven’t set up a PIN or password, now is a good time to do so. Head into your device’s Settings > Security menu. From there, select the “Screen Lock” option (keep in mind that the wording may be slightly different for non-stock Android handsets, like Samsung Galaxy devices).
Choose Pattern, PIN, or Password to set your security.
You’ll be asked if you want to require the PIN, password, or pattern at startup. This is up to you, but we recommend choosing yes, since this increases the security of your device.
Note that even with a fingerprint reader, you can’t use a fingerprint to unlock a device on first boot—you’ll have to put in the password, PIN, or pattern. After the device has been decrypted with the correct security unlocking method, the fingerprint reader can be used to unlock the screen moving forward.
From now on, your device will be encrypted, but if you ever want to disable it, you can do so by performing a factory reset. If you have a newer device that has encryption enabled out of the box, there’s no way to remove said encryption—not even with a factory reset.