Encryption in its most basic form is the process of changing information into illegible code to prevent people from accessing your data.
As of Android 7.0 Nougat, which was first released in March 2016, almost all Android phones come pre-encrypted. However, this encryption is not without problems. In this article, we show you several ways of encrypting your Android phone.
3 ways to encrypt your Android phone
-
Use Third-party file Android encryption apps
If you store highly sensitive data on your phone then, you really shouldn’t trust Android’s encryption. What you can do, though, is secure your data using third-party apps.
EDS/ EDS Lite is an open source app that allows you to store files in a secure VeraCrypt (or LUKS, EncFS, or CyberSafe) container on your phone. Cryptomator will encrypt data locally as well as securely syncing it to the cloud.
High-end Samsung users also have the built-in Secure Folder feature, which allows you to store files and apps in a specially encrypted folder protected by the Samsung Knox security platform. Similar features are available on Huawei, OnePlus, Oppo, Viovo, and Xiaomi phones.
Note that numerous third-party app locker apps exist, but as far as we are aware these do not actually encrypt data stored by the locked app. -
Enable Lockdown mode
Android 9.0 Pie has introduced a neat feature aimed at stopping people from forcing you to unlock your phone.
Once enabled, "Lockdown mode” brings up an "Enter Lockdown” option when you long-press the power button. Selecting it disables biometric authentication methods such as fingerprint scanning and Smart Lock (which can open your phone when connected to an authenticated WiFi network or Bluetooth device, for example).
To enable Lockdown mode in Android Pie 9.0 Pie:
- go to Settings
- click on security Lock screen preferences
- click on lock Screen Secure Lock Settings
- click on Show lockdown option on Samsung phones
-
Encrypting SD Cards on Android
Most phone manufacturers no longer support external SD card storage. A notable exception is Samsung, although others also exist. If your phone supports expandable storage then it should be possible to encrypt it.
On a Samsung S9+, this is simply done by going to Settings, selecting Biometrics & security and choosing to Encrypt your SD card, but may vary by device.
SD card encryption is completely transparent in use, as long as you access encrypted files from the phone you encrypted them on.
The files cannot now be accessed in any other way, though. If you lose or break the phone used to encrypt the SD card, you will not be able to recover data stored on it.
Current Android Encryption
Before Android 7.0, data was protected using dm-crypt full disk encryption (FDE).
An open source transparent disk encryption subsystem used in Linux, dm-crypt is commonly used for desktop encryption. This approach works quite well on desktop computers, but not so well in Android as users rarely power their devices down.
Android enforced strong lock screen protection (via either password or fingerprint) to mitigate against this problem, but this could never be as secure as the 128-bit AES-CBC with essiv:sha256 encryption used to secure data when the device was off.
If an adversary could bypass the lock screen, a not impossible task, then the encryption keys would just be sitting there in the memory for them to grab.
Final thoughts
These days, high and mid-range Android phones all come encrypted straight out-of-the-box, and this should also soon be true of low-end Android phones.
This is undoubtedly a step forward for the security of most phone users’ personal data, but if you store sensitive files on your phone, then you should further encrypt them using something like EDS.