As we know google is going to pre enable the Data encryption on Android L and we already have it as an optional extra security ..
So before anyone rushes to enable it to feel more Secured . First let's learn about it ..
As this option is available in Security .
If you enable it you have to enter password/PIN(compulsory) ..
80% minimum battery + plugged in for charging is necessary .
Once the encryption starts it will take about 15 minutes to complete the process ..
Once it's complete , it will automatically reboot the phone . booting will be in 2 stages.. On first stage it will ask for password/PIN to decrypt the phone/phone storage
And then the second boot process will be the normal one ..
And now comes the warning part ..
Once you encrypt the data , you have to decrypt it on every boot and you can't disable this .. You have to factory reset the phone to remove this .
And here at XDA we flash mods and zips etc almost every day/week ..
So if you encrypt your phone and then you flash anything via bootloader ..IT WILL FORMAT EVERYTHING ..(including internal storage, basically factory reset)
So if you are an advanced user with custom rom/recovery etc i suggest you to first do a complete backup If you really want to try the data encryption .
So i hope this information be helpful for those who are unaware and don't know what can happen , and i suggest you to read about it before you enable it ..
For most of us, we already know that encryption causes issues, always. Maybe not immediately, but always at some point.
Its the new people that go "oh encryption, sounds good, must use", when they don't have any data that's actually important enough to justify the need for encryption.
Lethargy said:
For most of us, we already know that encryption causes issues, always. Maybe not immediately, but always at some point.
Its the new people that go "oh encryption, sounds good, must use", when they don't have any data that's actually important enough to justify the need for encryption.
Click to expand...
Click to collapse
That's why i created a new thread specially for those who are inexperienced .
Not everyone are born developers/pro
Everyone learns with making mistakes
And our Job is to help them at XDA .
IMO this is what XDA is for at the first place ..
I'll rely on custom ROMs as always, that certainly have it disabled by default.
I think it's insane google would try to force this on us. Shame on them. ?
How does android L handle staying unlocked in trusted areas if encryption is enabled?
Despite the warning, we will see how the encryption will work in Android L. It might not be the same process as described from Kitkat/JB of encryption.
Who know if the process of encryption will be changed in Android L, so that you don't have to do each step to encrypt/decry pt and the flashing/modding issues.
I see many bricks coming from this as well, from unknowing flashers.
inferol said:
Despite the warning, we will see how the encryption will work in Android L. It might not be the same process as described from Kitkat/JB of encryption.
Who know if the process of encryption will be changed in Android L, so that you don't have to do each step to encrypt/decry pt and the flashing/modding issues.
Click to expand...
Click to collapse
Probably they are going to change the way it works .. , because they haven't updated it since it first came out with ICS ..
The inability to use pattern lock is enough to turn me off Android encryption. All the other problems just makes it a no brainer.
May be they have overcome these issues and thus made it default....
I find no sense in making some hectic procedure as default
wow. wonder who will have access to the encryption keys.. or more likely supplied the encryption technique in the first place?
cough... nsa, feds, gchq, ect...... cough
don't believe the security services fake crying about encrytion... just a fairy story to pacify the sheep
meangreenie said:
wow. wonder who will have access to the encryption keys.. or more likely supplied the encryption technique in the first place?
cough... nsa, feds, gchq, ect...... cough
don't believe the security services fake crying about encrytion... just a fairy story to pacify the sheep
Click to expand...
Click to collapse
When NSA forced TrueCrypt to hand over their keys, they essentially and purposely updated their product to be broken to ensure no one used it. Wonder what Google would do?
Sent from my Nexus 5 using Tapatalk
Wakamatsu said:
The inability to use pattern lock is enough to turn me off Android encryption. All the other problems just makes it a no brainer.
Click to expand...
Click to collapse
You can't do it out of the box, but you can make it work fairly easy with twrp and a backup. The quick version is:
before encryption, setup your pattern lock, do a nandroid backup in twrp. Reboot, change to a PIN/password to allow encryption, perform encryption process. Boot back into twrp, it will prompt you to enter your pin/password, since it can decrypt and then function inside of the encrypted volume (and therefore restore an unencrypted backup inside of the encrypted envelope in essence). Restore your backup that has pattern unlock and reboot. It should prompt you for your strong pin/password on each initial boot, but once booted, it will use your pattern unlock. Downside is you can't change your pattern after that, so pick what you want the first time. You can change your pin/password if you want, I use EncPassChanger myself. I also use bootunlocker to relock the bootloader after I'm done, just have to make sure to unlock before flashing any updates.
I use this process on both my N5 and 2013 N7.
rootSU said:
When NSA forced TrueCrypt to hand over their keys, they essentially and purposely updated their product to be broken to ensure no one used it. Wonder what Google would do?
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Source for this?
markassbuster said:
Source for this?
Click to expand...
Click to collapse
Action speaks louder than words sometimes all u need is to observe
markassbuster said:
Source for this?
Click to expand...
Click to collapse
They can't really openly say that buy the industry "knows".
But the opening paragraph of this page hints at it.
http://truecrypt.sourceforge.net
rootSU said:
They can't really openly say that buy the industry "knows".
But the opening paragraph of this page hints at it.
http://truecrypt.sourceforge.net
Click to expand...
Click to collapse
AH OK thanks. I thought there was some recent, concrete news about what went down.
Thing is, now what will we gotta do to still be able to flash zips with encrypted device? XD
So I recently encrypted my phone....because I read it only encrypts the data partition...so if I wanted to update my CM11 version (m9 to m10 for example) I wouldn't be able to?
I should have read into it more I guess...
edit: TWRP saved my ass. Just looked at it and it decrypts the data partition.
I encrypted my phone, but now wish I hadn't. I'm pretty sure it is the cause of some small issues I have had flashing different ROMs.
fml :crying:
Related
I'm new to the 6 and I haven't really read too much into the whole encryption thing, so I don't know the pros/cons of having it that way, or not.
During my first boot of this thing, I started the unlock/root process, then I quickly remembered about encryption...and what the whole thing was about. Well I'm curious, are these custom ROM's built without the encryption? In the security menu of Chroma, encryption is enabled. In another ROM which specifically stated encryption was off...it was actually on.
So I'm confused.
Thanks.
Some ROMs do not force encryption. They can still be encrypted. It depends on the kernel. You will need to perform a wipe to unencrypt
stevew84 said:
I'm new to the 6 and I haven't really read too much into the whole encryption thing, so I don't know the pros/cons of having it that way, or not.
During my first boot of this thing, I started the unlock/root process, then I quickly remembered about encryption...and what the whole thing was about. Well I'm curious, are these custom ROM's built without the encryption? In the security menu of Chroma, encryption is enabled. In another ROM which specifically stated encryption was off...it was actually on.
So I'm confused.
Thanks.
Click to expand...
Click to collapse
It depends on the state of your device before you flash the ROM. If you are unencrypted prior to flashing the ROM, you will stay unencrypted. And if encrypted, you will stay encrypted. For most ROMs. Read the fine print in the OP.
cam30era said:
It depends on the state of your device before you flash the ROM. If you are unencrypted prior to flashing the ROM, you will stay unencrypted. And if encrypted, you will stay encrypted. For most ROMs. Read the fine print in the OP.
Click to expand...
Click to collapse
I've also read about long "encrypting now" screens during first boot of fresh ROM's, I've never seen those.
Encryption depends on the kernel or more accurately the fstab, so it depends what kernel is supplied with the ROM or which kernel you plan on flashing with the ROM.
There are 2 types of ROM. Stock based and AOSP based. I find it hard to believe any AOSP ROM dev would turn on force encryption, but with a stock ROM, it could be on or off - depending. Read each thread to find out.
All ROMs and kernels are encryption enabled by the way. Turning off force encryption inky prevents first boot from encrypting your data partition. You can still turn on encryption yourself in settings and if you're already encrypted, turning off force encryption will not unencrypt your data, so it will still be on. Once force encryption has been turned off, you must then format /userdata to remove encryption
stevew84 said:
I've also read about long "encrypting now" screens during first boot of fresh ROM's, I've never seen those.
Click to expand...
Click to collapse
Correct. If you are unsure of your kernel status go to Settings/Security/Encryption. If it says "Encrypt phone", then you are unencrypted.
cam30era said:
Correct. If you are unsure of your kernel status go to Settings/Security/Encryption. If it says "Encrypt phone", then you are unencrypted.
Click to expand...
Click to collapse
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
stevew84 said:
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
Click to expand...
Click to collapse
It says in my post
Encryption will stay on unless you completely wipe the device and have a kernel installed that doesn't force you to encrypt. So you'll never see an option for decrypting your device. This comes with a huge warning that ANYTHING on the internal storage will be lost, that goes for the ROM and your files, including your ROM zip files for flashing. If you want to decrypt the device I suggest you first practice by flashing a ROM that you copy into your phone while in recovery so you know you can do it.
Guide: http://forum.xda-developers.com/nexus-6/development/disable-forced-encryption-gain-root-t2946715
This will get you to a clean slate, make sure you test MTP (file transfer over usb from computer) in recovery and verify that you can move files over to your device in recovery. You should already have a custom recovery installed such as TWRP. If you are considering disabling make sure you know exactly what is going on first, its not as straight forward as it seems. Goodluck
stevew84 said:
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
Click to expand...
Click to collapse
If you are on stock, rooted, or a non-CM12 based ROM, one way is to go here > http://forum.xda-developers.com/nexus-6/development/disable-forced-encryption-gain-root-t2946715
Remember, after flashing the boot.img, you need to "fastboot format userdata" to unencrypt. This will wipe your SDcard.
rootSU said:
It says in my post
Click to expand...
Click to collapse
Sorry, I didn't see you posted.
Right now with Chroma + Vindicator kernel...Encryption states Enabled in the security menu.
stevew84 said:
Sorry, I didn't see you posted.
Right now with Chroma + Vindicator kernel...Encryption states Enabled in the security menu.
Click to expand...
Click to collapse
Because you were already encrypted.
stevew84 said:
I don't know the pros/cons of having it that way, or not.
Click to expand...
Click to collapse
Pros for encryption;
- security. This is pretty obvious, if somebody hostile gets their hands on your phone, your data will not be obtained by them.
Cons;
- performance and battery life. There is indication in AOSP that google *intends* to activate hardware crypto, but as of yet, have not. That means that the crypto function is done on your main CPU, which is (a) not as fast as the hwcrypto block, and (b) takes up valuable CPU cycles from other software that is running, and (c) anything that uses CPU heavily will consume battery.
Another con with encryption that I have (which I admit is extremely unlikely - but has happened in the past) is that files that are backed up off the device may not get decrypted correctly, leaving them corrupt. That is my main hate of encryption. That and the fact that I cannot automate my TWRP backups
rootSU said:
Another con with encryption that I have (which I admit is extremely unlikely - but has happened in the past) is that files that are backed up off the device may not get decrypted correctly, leaving them corrupt. That is my main hate of encryption. That and the fact that I cannot automate my TWRP backups
Click to expand...
Click to collapse
That isn't a con of encryption. That's a con of using broken software to perform your backup.
doitright said:
That isn't a con of encryption. That's a con of using broken software to perform your backup.
Click to expand...
Click to collapse
The con of encrypting data is that it may not always decrypt-able. Regardless of the root cause being Android, Windows, Linux or "broken software". If doing something to your data leads to it being useless via whatever means, then there is a negative effect of doing that something to your data
My last phone (Nexus 4) was stolen. My new device, the Nexus 6, as you all know comes with enhanced security measures, requiring authentication even after a factory reset. Now, I had grown accustomed to playing around with wiping, rooting, custom roms, kernels, radios, etc with my Nexus 4. Now that I have had my Nexus 6 for a bunch of months, I am starting to think about rooting my device (so I can install an SSH server and have my phone automatically open a tunnel back to my server). My only hesitation is turning the OEM unlocking switch to on. See, I am a big fan of the new security measures that require authentication after a device reset, and would much prefer to keep that feature enabled. I've searched around on Google and XDA, and I haven't been able to find any definitive answers on how unlocking the bootloader in order to root the device will affect these security mechanisms.
My understanding is this: in order to root the Nexus 6, you need to enable OEM unlocking, which allows flashing pretty much any image onto the phone. If any image can be flashed to the phone, this security mechanism can be circumvented.
Two questions:
1. (pretty sure the answer to this is no) Can I root my phone and prevent flashing of images that would circumvent the security feature
2. Will rooting my phone make it easier for an unknown party to gain access to the device via another route
Unlocking the bootloader really only allows you to flash unsigned images, and root provides you with the option to grant administrative access to applications.
Neither one of those has anything to do with encrypted data, or in any way makes encrypted data readable without the key.
The bootloader unlock will make it easier for a thief to wipe all the data on the device without reading it, so he can use the device or sell it as functioning... Even then, you may be able to factory reset an encrypted device without the key anyways... At which point I would think they could make a new key for the freshly wiped partition?
Anything that is going to run unauthorised code at root level is likely going to use other exploits to achieve root on their own, like users do to gain root on devices that are locked down. You having root access doesn't give the right for anything to run as root unless you approve it (or if someone managed to find some exploit in the version of supersu your running, but this is not likely... and if we are assuming any code may have holes in it you're not safe no matter what you do). It does give you the possibility of being tricked into running malicious code that is disguised as some utility... But that is a risk your going to take running any software that isn't from a stable corperation you can take legal action against. Trust who wrote the code or don't use it.
If in question number 1 "the security feature" is encryption, then yes having and unlocked bootloader means if someone takes your phone they can flash a kernel that does not force encryption, they would then have to format the userdata partition to encrypt the phone. Without luck, guessing the password, or discovering some amazing undocumented flaw in the encryption algorithm they will not being able to read your data with out having the key, or guessing it.
@scryan
If you have unlocked the bootloader and have installed a custom recovery (TWRP), are you able to see the list of files in the file manager of TWRP, if the device is encrypted?
Nikos2k said:
@scryan
If you have unlocked the bootloader and have installed a custom recovery (TWRP), are you able to see the list of files in the file manager of TWRP, if the device is encrypted?
Click to expand...
Click to collapse
Yes. Otherwise couldn't pick a file to flash. It actually only encrypts user data. Apps, zips ect are not encrypted or we couldn't pull and modify them.
prdog1 said:
Yes. Otherwise couldn't pick a file to flash. It actually only encrypts user data. Apps, zips ect are not encrypted or we couldn't pull and modify them.
Click to expand...
Click to collapse
the user data that are encrypted include files on the sdcard folder? (e.g. pdfs, images in DCIM folder etc)
i am asking because in my device in Settings -> Security -> Encryption it shows that it is encrypted, in TWRP however i can see all the files
Can i make the custom recovery to ask for the pin? do I have to enable PIN as a screen lock?
What happens if i use an unlock pattern or just swipe for unlock?
Nikos2k said:
the user data that are encrypted include files on the sdcard folder? (e.g. pdfs, images in DCIM folder etc)
i am asking because in my device in Settings -> Security -> Encryption it shows that it is encrypted, in TWRP however i can see all the files
Can i make the custom recovery to ask for the pin? do I have to enable PIN as a screen lock?
What happens if i use an unlock pattern or just swipe for unlock?
Click to expand...
Click to collapse
TWRP will use same pin as Device lock. Only thing I have seen if you use pinlock have to convert 5x5 to 4x4. There's a way to convert it located in this forum somewhere. Swipe to unlock has no pin so TWRP is open. Unlock pattern works also. Either pin or swipe has to be converted don't remember which. I run wide open encrypted so have never played with it.
prdog1 said:
TWRP will use same pin as Device lock. Only thing I have seen if you use pinlock have to convert 5x5 to 4x4. There's a way to convert it located in this forum somewhere.
Click to expand...
Click to collapse
By pinlock you mean the pattern screen lock?
I think it is 3 x 3, not 4x4 or 5x5
And since I use this pattern screen lock, which cannot be input in TWRP, this means that I have to disable it b4 I need to enter recovery?
This makes me a bit uncomfortable since I may need to enter recovery because of a problem with the system
Nikos2k said:
By pinlock you mean the pattern screen lock?
I think it is 3 x 3, not 4x4 or 5x5
And since I use this pattern screen lock, which cannot be input in TWRP, this means that I have to disable it b4 I need to enter recovery?
This makes me a bit uncomfortable since I may need to enter recovery because of a problem with the system
Click to expand...
Click to collapse
Start with this thread. It explains TWRP.
http://forum.xda-developers.com/nexus-6/help/twrp-2-8-5-0-password-help-t3046630
prdog1 said:
Start with this thread. It explains TWRP.
http://forum.xda-developers.com/nexus-6/help/twrp-2-8-5-0-password-help-t3046630
Click to expand...
Click to collapse
thank you it worked!
scryan said:
Unlocking the bootloader really only allows you to flash unsigned images, and root provides you with the option to grant administrative access to applications.
Neither one of those has anything to do with encrypted data, or in any way makes encrypted data readable without the key.
The bootloader unlock will make it easier for a thief to wipe all the data on the device without reading it, so he can use the device or sell it as functioning... Even then, you may be able to factory reset an encrypted device without the key anyways... At which point I would think they could make a new key for the freshly wiped partition?
Anything that is going to run unauthorised code at root level is likely going to use other exploits to achieve root on their own, like users do to gain root on devices that are locked down. You having root access doesn't give the right for anything to run as root unless you approve it (or if someone managed to find some exploit in the version of supersu your running, but this is not likely... and if we are assuming any code may have holes in it you're not safe no matter what you do). It does give you the possibility of being tricked into running malicious code that is disguised as some utility... But that is a risk your going to take running any software that isn't from a stable corperation you can take legal action against. Trust who wrote the code or don't use it.
If in question number 1 "the security feature" is encryption, then yes having and unlocked bootloader means if someone takes your phone they can flash a kernel that does not force encryption, they would then have to format the userdata partition to encrypt the phone. Without luck, guessing the password, or discovering some amazing undocumented flaw in the encryption algorithm they will not being able to read your data with out having the key, or guessing it.
Click to expand...
Click to collapse
Ok, so for encryption, "Allow OEM Unlocking" allows flashing of unsigned images (such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
quickdry21 said:
Ok, so for encryption, "Allow OEM Unlocking"
encryption and oem unlock ar 2 entirely different things
allows flashing of unsigned images
allows you to unlock the boottloader, which allows you to flash unsigned img's. the setting itself does nothing but enable the ability. to unlock
(such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
yes
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
i think if someone were to completely wipe the phone, use a different gmail and sim, the google protection would be gone, but i could be wrong. im not positive on that one.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
some extremely savvy person "may" be able to make a rom without the google protection, but i have never seen it tried.it may be a core feature that cant be removed.
i really wouldnt worry about that. the likelihood that someone would steal or find your device and have the skills to do all you asked above, is very remote.
Click to expand...
Click to collapse
in red above.
bweN diorD said:
in red above.
Click to expand...
Click to collapse
protection will be gone if you flash android 5.0.1. if you wipe and flash android 5.1.1, the protection will still be there and will ask for your password first.
bweN diorD said:
in red above.
Click to expand...
Click to collapse
Thanks, that does seem to make sense.
I know this comes across as overly paranoid, but I ask also because I'm a curious developer. I'm interested in understanding how android's insides work in general as well as how the new device protection fits in with rooting, custom roms, unlocking the bootloader, etc. (just how well does it prevent unauthorized use of devices)
Interesting, that says to me there is a relatively easy way to get around the reset protection if a phone has an unlocked bootloader. Albeit, relatively easy is relative.
quickdry21 said:
Interesting, that says to me there is a relatively easy way to get around the reset protection if a phone has an unlocked bootloader. Albeit, relatively easy is relative.
Click to expand...
Click to collapse
easy, yes, for one of us. but for a typical user, very hard. anyways, i dont like letting out the secret of how to bypass it, so keep it quiet please
simms22 said:
easy, yes, for one of us. but for a typical user, very hard. anyways, i dont like letting out the secret of how to bypass it, so keep it quiet please
Click to expand...
Click to collapse
Yes, agreed. I'm going to edit out that quote.
quickdry21 said:
Ok, so for encryption, "Allow OEM Unlocking" allows flashing of unsigned images (such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
Click to expand...
Click to collapse
Maybe someone could figure out something?
But if your device is wiped, and basically all the partitions are re-written.... Where do you want to store the last google account information to check against?
No one is going to plan on stealing your phone, ask you if the bootloader is unlocked, then decide not to if they say no. None of the security really prevents your phone from being stolen. Nothing just looking at your phone lets a would be thief know that its encrypted and not unlocked...
The encryption and locked bootloader will not prevent your phone from being stolen. The encryption will protect your data, and the locked booloader will make it harder to reset the device (though does factory recovery have a factory reset option? I would think this would allow the device to be wiped and encryption key to be reset anyways?)
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
Click to expand...
Click to collapse
What? You keep talking about this single security device? What are you talking about?
Do you mean encryption?
encryption is just how the data is stored on the device.
Say you have the word "Duck"
And we want to store that word in a safe way. As a VERY VERY basic method, we will encrypt this by shifting each letter of the alphabet a certain number of letters. This number will be something YOU give, so that others do not know how many letters we have shifted over.
So lets say you give us "5" as your key.
so the alphabet
abcdefghijklmnopqrstuvwxyz we will shift 5 letters over, starting on the fifth letter and wrapping around...
fghijklmnopqrstuvwxyzabcde so each letter matches up with a new letter.
D is the 4th letter of the alphabet, so we will use the 4th letter of of shifted alphabet, i
u is the 21st letter of the alphabet so we will use the 21st letter of our shifted alphabet, z
ect, ect... so Duck becomes Izho, and with out knowing how many letters to shift over, know one will know what that means (ok, obviously due to the simplicity of our encryption algorithm, anyone who is smart and cares can likely try different numbers until the output is a coherent word. the actual method of encryption is significantly more complex, and the key is more then one characters
See here for more intellegent details: https://wiki.archlinux.org/index.php/Disk_encryption#How_the_encryption_works
quickdry21 said:
Yes, agreed. I'm going to edit out that quote.
Click to expand...
Click to collapse
na, it ok, you can leave it here. that way if someone really needs to, theyll find the answer here. just dont go around spreading it around i meant
scryan said:
Maybe someone could figure out something?
But if your device is wiped, and basically all the partitions are re-written.... Where do you want to store the last google account information to check against?
No one is going to plan on stealing your phone, ask you if the bootloader is unlocked, then decide not to if they say no. None of the security really prevents your phone from being stolen. Nothing just looking at your phone lets a would be thief know that its encrypted and not unlocked...
The encryption and locked bootloader will not prevent your phone from being stolen. The encryption will protect your data, and the locked booloader will make it harder to reset the device (though does factory recovery have a factory reset option? I would think this would allow the device to be wiped and encryption key to be reset anyways?)
Click to expand...
Click to collapse
I'm not expecting this "Device Protection" feature to prevent my phone from being stolen, I'm more interested in the **** you aspect to someone who tries, and maybe them returning it to me for some money.
scryan said:
What? You keep talking about this single security device? What are you talking about?
Do you mean encryption?
Click to expand...
Click to collapse
I'm not sure if you are aware, but with the release of 5.1, there is a new security feature (think it's called Device Protection, but that seems to encompass some other things) that requires you to login to the last Google account attached to the phone after a factory reset (whether done from the settings UI, or from recovery mode). If you are unable to login to a Google account that was attached to the phone, the phone becomes worthless (there have been some posts on xda about people "acquiring" a Nexus 6 and being unable to use it), some details here: https://support.google.com/nexus/answer/6172890
A quote from that link sums it up:
Important: You can enter information for any Google account that has been added to the device. If you can't provide this information during the setup process, you won't be able to use the device at all after the factory reset.
Click to expand...
Click to collapse
Now, this security feature is only available on new phones that are released with 5.1 (with the exception of the newest round of Nexus devices, which received it with the update to 5.1). This leads me to believe that some aspect is baked into the device. Separate encrypted partition maybe? Part of the bootloader software? I don't know, that's what I'm curious about.
scryan said:
encryption is just how the data is stored on the device.
Say you have the word "Duck"
And we want to store that word in a safe way. As a VERY VERY basic method, we will encrypt this by shifting each letter of the alphabet a certain number of letters. This number will be something YOU give, so that others do not know how many letters we have shifted over.
So lets say you give us "5" as your key.
so the alphabet
abcdefghijklmnopqrstuvwxyz we will shift 5 letters over, starting on the fifth letter and wrapping around...
fghijklmnopqrstuvwxyzabcde so each letter matches up with a new letter.
D is the 4th letter of the alphabet, so we will use the 4th letter of of shifted alphabet, i
u is the 21st letter of the alphabet so we will use the 21st letter of our shifted alphabet, z
ect, ect... so Duck becomes Izho, and with out knowing how many letters to shift over, know one will know what that means (ok, obviously due to the simplicity of our encryption algorithm, anyone who is smart and cares can likely try different numbers until the output is a coherent word. the actual method of encryption is significantly more complex, and the key is more then one characters
See here for more intellegent details: https://wiki.archlinux.org/index.php/Disk_encryption#How_the_encryption_works
Click to expand...
Click to collapse
Yes, I was not very clear in my original post about what security feature I was inquiring about. I'm aware of what encryption is. Part of the reason I am interested in rooting my phone is to reverse tunnel a SSH server on the phone, or possibly netcat, via SSH to my server, so I will be able to open up a shell on my phone from anywhere I desire.
Ahh yes, apologies, was unaware they implemented that feature. A bit dense this morning.
I would imagine unlocked bootloader/custom recovery would DEFINITELY negate this feature.
No one gonna give your phone back, particularly after you use this as a "**** you" While its just IMO, its better to enjoy your phone now. Screwing yourself out of features only to attempt to limit the phone once you don't have anything to do with it anymore does not seem to be particularly productive.
So I heard someone mention something about TWRP not working on Android N if the device is encrypted. I haven't been able to test this myself yet. but details on that? Does it just hang and freeze? Is there an error message of some sort? Does flashing stuff just always fail? Thanks!
H4X0R46 said:
So I heard someone mention something about TWRP not working on Android N if the device is encrypted. I haven't been able to test this myself yet. but details on that? Does it just hang and freeze? Is there an error message of some sort? Does flashing stuff just always fail? Thanks!
Click to expand...
Click to collapse
stop listening to "rumors".. twrp works just fine on N, just like its supposed to.
simms22 said:
stop listening to "rumors".. twrp works just fine on N, just like its supposed to.
Click to expand...
Click to collapse
Thanks! Just have to be sure when working with an expensive device such as the shamu. Glad that's a rumor, cuz it would be yet another thing to worry about in the future lol Thanks again!
There are issues with flashing if the device is encrypted. Also (not a worry on shamu) things like lock passwords and FP scans. To be honest the encryption is not even worth it. This is why most disable it by default.
zelendel said:
There are issues with flashing if the device is encrypted. Also (not a worry on shamu) things like lock passwords and FP scans. To be honest the encryption is not even worth it. This is why most disable it by default.
Click to expand...
Click to collapse
most people disable encryption because they falsely believe that itll improve their devices performance. but guess what, it does not! i just leave my device encrypted, it makes everything much easier.
simms22 said:
most people disable encryption because they falsely believe that itll improve their devices performance. but guess what, it does not! i just leave my device encrypted, it makes everything much easier.
Click to expand...
Click to collapse
That is open for debate as I see a huge increase in performance with it disabled. To me encryption is pointless and useless so disabling it was not a big deal.
simms22 said:
stop listening to "rumors".. twrp works just fine on N, just like its supposed to.
Click to expand...
Click to collapse
TWRP 3.0.2-0 hangs at start... on Android N... if your device is encrypted. I'm going to assume your device isn't encrypted.
Edit: more clarity for the lazy reader.
deepdvd said:
TWRP hangs at start if your device is encrypted. I'm going to assume your device isn't encrypted.
Click to expand...
Click to collapse
im encrypted, since nov 2014, never unencrypted. ive never had an issue with twrp. now being encrypted, i dont really use it(excpt for special occasions), so i dont use a password.
simms22 said:
im encrypted, since nov 2014, never unencrypted. ive never had an issue with twrp. now being encrypted, i dont really use it(excpt for special occasions), so i dont use a password.
Click to expand...
Click to collapse
This post is about Android N Developer Preview. You must not have that.
I've got N preview (always been encrypted) but can't update OTA because I have TWPR, guess I need to flash back to stock.
deepdvd said:
This post is about Android N Developer Preview. You must not have that.
Click to expand...
Click to collapse
um.. ive been going back and forth from pure nexus rom to N, then back to pure nexus, for the 5th time now. and ive been using twrp recovery to do it :angel:
Running Pure Nexus which may not matter. Wife got mad and figured out my pattern lock to be nosey in my phone. She then decided to change to a password lock. I am now locked out. How can I reset my password without wiping my data? Android device manager knows it's locked so I can't use it to set a lock code. Saw a method using pc and adb to clear the password and reboot but not near my pc. Any way to use Twrp?
You SERIOUSLY can't get your wife to tell you the unlock code she put on it??? The only idea I have to get around it would to be dirty flash your current ROM over top of itself. This will retain your data and maybe/probably? take off the unlock code. On a side note, going forward I think you guys really need to work on trust and boundaries...
Hi,
Sorry to hear that happened to you. I have faced this issue before when I accidentally choose the pattern lock and forgot what it was. Could you tell me what ROM and android version you are running. The kernel also matters because if it has encryption enabled by default, the TWRP recovery would also need the same pattern/PIN for you to get in there to flash it. I guess my only other solution would be to use the Nexus Toolkit and try dirty flashing if you're running a custom ROM or checking the 'no wipe data' when flashing the official Google image.
Have a great new year!
Love,
Syed
I decided to just wipe and flash a new ROM. Took the opportunity to update to Pure Nexus Nougat. I'm still setting online accounts back up which is part of what I wanted to avoid. I really dislike not being automatically logged in to pay my bills!
knightjs1 said:
I decided to just wipe and flash a new ROM. Took the opportunity to update to Pure Nexus Nougat. I'm still setting online accounts back up which is part of what I wanted to avoid. I really dislike not being automatically logged in to pay my bills!
Click to expand...
Click to collapse
Wow paying your bills on a device with root and an unlocked bootloader. You surely are brave.
As for your issue well to be honest you have bigger issues then your device.
Thread closed
I thought that while encrypting my phone, the result would be that my data is preserved, just encrypted. So I went through the encryption process only to find that all my data is wiped, so that I have to restore everything from backups, as far as I have them.
Did I overlook something, or is this a bug? I have LineageOS 14.1, installed yesterday, official.
Found that after a reboot, the data was again gone. (after I spent considerable time setting the phone up yet again), now factory reset, running unencrypted, until I know what has been going wrong here. Sigh. Custom roms and encryption continue to be a toxic mix for me.
yahya69 said:
Found that after a reboot, the data was again gone. (after I spent considerable time setting the phone up yet again), now factory reset, running unencrypted, until I know what has been going wrong here. Sigh. Custom roms and encryption continue to be a toxic mix for me.
Click to expand...
Click to collapse
When I first started playing around with encryption (Samsung Note 3) I discovered that to get encryption to work properly I had to format /data (you lose everything, including internal shared storage) and that it worked better on stock ROM rather than custom ROMs.
Sent from my OnePlus3T using XDA Labs
BillGoss said:
When I first started playing around with encryption (Samsung Note 3) I discovered that to get encryption to work properly I had to format /data (you lose everything, including internal shared storage) and that it worked better on stock ROM rather than custom ROMs.
Sent from my OnePlus3T using XDA Labs
Click to expand...
Click to collapse
which I kind of accepted after learning it the hard way, but the problem was that after encrypting the device, all data was wiped each time the phone was rebooted, so something is buggy here.
yahya69 said:
which I kind of accepted after learning it the hard way, but the problem was that after encrypting the device, all data was wiped each time the phone was rebooted, so something is buggy here.
Click to expand...
Click to collapse
I resolve this problem using latest official twrp.
dimon2242 said:
I resolve this problem using latest official twrp.
Click to expand...
Click to collapse
How did you? (What version of TWRP did you install) After all, it is not TWRP that does the encryption, or is it? So I don't see how this could be the cause.
With TWRP, I had the additional issue that it kept asking me for a password to mount /data, but it wouldn't accept the PIN that I had set in Android. I have no idea what other password it might want.
Oh, well, there is just too much fumbling in the dark in this whole mobile devices business. I have been a Linux user for some 20 years, and there, if things go wrong, you can actually view what is happening. On android, this is so much more difficult, even with logcat.
yahya69 said:
How did you? (What version of TWRP did you install) After all, it is not TWRP that does the encryption, or is it? So I don't see how this could be the cause.
With TWRP, I had the additional issue that it kept asking me for a password to mount /data, but it wouldn't accept the PIN that I had set in Android. I have no idea what other password it might want.
Oh, well, there is just too much fumbling in the dark in this whole mobile devices business. I have been a Linux user for some 20 years, and there, if things go wrong, you can actually view what is happening. On android, this is so much more difficult, even with logcat.
Click to expand...
Click to collapse
Have you tried default_password as the password in TWRP?
Also, if you can actual log into your system normally, then you can set the password again and require it on boot.
BillGoss said:
Have you tried default_password as the password in TWRP?
Click to expand...
Click to collapse
What "default password"? You mean, literally typing "default_password"? No I did not. What would that have done?
After all, again, it required a password for the /data partition, hence a password with whom it is encrypted. But I had used no password other than the PIN. And again, I can't see how my problem of data disappearing on each boot would be caused by TWRP.
Also, if you can actual log into your system normally, then you can set the password again and require it on boot.
Click to expand...
Click to collapse
Again, what password do you have in mind? The PIN? Yes, the system asked for the PIN at boot, but nonetheless, all data was wiped on each boot.
For the time being,I run the system without encryption, because I have had enough of setting is up again and again anew (had to do this three or four times.)
Again, it looks like this is a bug. Because after initially encrypting the phone, my data should still have been there. But it was gone. The phone was now encrypted, but there was nothing on it. That's something that I am pretty sure is not supposed to happen.
just had the same using Samsung S5 Duos with latest lineage-os (20180427): this is a cluster-f**k, I cannot believe it. I advocate using Lineage-OS whereever I go. Of course, it's my fault, I did trust Lineage-OS too much so I didn't think of backing-up. I didn't believe something like this could happen.
chaos_prevails said:
I did trust Lineage-OS too much so I didn't think of backing-up. I didn't believe something like this could happen.
Click to expand...
Click to collapse
You probably already realize this, at this point. But there is no such thing as an OS (on any device) that is so secure or stable, that backing up your data is not necessary. Even regardless of OS, memory corruption and data loss can happen for any number of reasons. Golden rule: If your data is important to you, back it up.
Of course, I know.
I took the loss of all data as opportunity to flash newest modem, CSC, and PDA firmware via latest stock-rom, and then re-flashed latest Lineage OS again. This time, it didn't factory reset my phone with encryption. Don't know if that had anything to do with my old firmware (I had G900FDXXS1CPK2 installed when factory reset-with-encryption happened).
Beside, I was lucky as no other migration method to my new phone worked out except going via a old-school micro-sd card copy. I could undelete almost all pictures on it