Android includes a system encryption feature that encrypts all data – including application data, downloaded files, and everything else – on your phone or tablet. You’ll have to enter your PIN or password each time you turn on your phone
We’ll be using the full-device encryption feature built into Android Gingerbread 2.3.4 and newer versions of Android for this.
Why Would You Want to Encrypt Your Phone?
Encryption stores your phone’s data in an unreadable, seemingly scrambled form. When you power on your phone, you’ll have to enter the encryption PIN or password, which is the same as your phone’s lock-screen PIN or password. Your phone uses your PIN or password to decrypt your data, making it understandable. If someone doesn’t know the encryption PIN or password, they can’t access your data.
This is ideal if your phone contains particularly sensitive data. For example, corporations with sensitive business data on company phones will want to use encryption to help protect that data from corporate espionage. An attacker won’t be able to access the data without the encryption key, although the dreaded freezer attack is always a possibility.
For the average person without sensitive data on their phone, encryption isn’t likely to matter as much. If your phone is stolen, most thieves would also be deterred from accessing your data by a standard unlock code. The thief would likely be more interested in wiping and selling the phone rather than accessing your personal data.
Some recent legal rulings have suggested that encryption can protect against warantless searches. The California Supreme Court has ruled that police officers can lawfully search your cell phone without a warrant if it’s taken from you during arrest – but they would require a warrant if it was encrypted. A Canadian court has also ruled that phones can be searched without a warrant as long as they’re unencrypted. (But remember, we’re not lawyers here!)
Before you enable encryption, be aware that there are some drawbacks:
- Slower Performance: Encryption always adds some overhead, so your device will be a bit slower. The actual speed decrease depends on your phone’s hardware.
- Encryption is One-Way Only: After encrypting your device’s storage, you can only disable encryption by resetting your phone to its factory default settings. This will also erase all the data stored on your phone, so you’ll have to set it up from scratch.
Not everyone should enable encryption, as it will do more harm than good for many people. If you still want to enable encryption, read on.
How to Enable Encryption on Android
Encryption may take an hour or even longer, depending on how much data you have on your device. Plug in your phone and ensure you have enough time before continuing. If you have to interrupt the encryption process, you’ll lose some (or all!) of the data on your phone.
Before you continue, ensure you have a lock screen PIN or password set up. Android won’t allow you to encrypt your device until you create a PIN or password. To set one up if you haven’t already done so, open your device’s Settings screen, tap Security, tap Screen Lock, tap PIN or Password, and set up a new PIN or password.
You can now encrypt your Android phone’s storage. Open its Settings screen, tap Security, and tap Encrypt phone (or Encrypt tablet) under Encryption.
Read the warning information and tap the Encrypt phone button to continue. You’ll see a message telling you to plug in your phone if it’s not plugged in yet.
You’ll have to provide the lock-screen PIN or password to continue with the encryption process. Agree to the warning and then leave your phone alone for a while – it may take an hour or more. Don’t interrupt the phone while it’s encrypting its storage.
(When we tried this on a Nexus 4 running Android 4.2.2, our phone just rebooted itself instead of beginning the encryption process. We got around this apparent bug by trying again several times. If your phone reboots itself, try initiating the encryption process again and keep trying until it works. We had to try three times on our Nexus 4 before it worked.)
You’ll see a progress indicator appear. After it’s done, your device’s storage will be encrypted. You’ll have to enter the PIN or password each time you boot your phone or its storage will be unreadable, so don’t forget the password! If you do, you can only remove the encryption by performing a factory reset.
If you used a PIN instead of a password, you’ll get a password prompt anyway. Just enter the PIN number using the numeric keyboard.
To actually perform the low-level encryption functions, Android uses dm-crypt, which is the standard disk encryption system in the Linux kernel. It’s the same technology used by a variety of Linux distributions.
Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.
- Published 03/30/13