I ask because after installing stock MRA58R the contents of my N6 were still visible in Windows Explorer. So I reformatted userdata & cache, and then used the new NRT 2.0.7 to flash MRA58R again - wipe, no root, no recovery, no no-encrypt, just bog-standard install. The "Encrypting device" appeared for literally a few seconds, and now as it's sitting re-installing my apps from Google I can still see the contents of internal memory in Explorer. No USB debug, just a "Use USB for file transfer".
I have a multi-digit PIN on the phone, set up as part of the initialisation process.
I went through all this because my wife's phone was stolen last weekend and it was a wake-up call for me about my data security.
I'm sure I'm being particularly stupid. Can someone please educate me?
Thanks...
And maybe I'm answering my own question...
The contents are visible to me because I entered the device PIN?
Anyone without the PIN gets to see nothing?
And that includes any access via ADB/fastboot?
But is this any different from a non-encrypted device?
dahawthorne said:
Anyone without the PIN gets to see nothing?
Click to expand...
Click to collapse
It is a method to store data that is only readable with the key used for encryption.
Your pin is something different and is used for access permission of a device.
Thanks, but my understanding is that the device PIN is the encryption key. You can't set encryption without having a device PIN. What else could it possibly be using?
So I guess I still don't understand if having my device encrypted is any better than having a simple PIN-secured unencrypted device. If someone can see my data via bootloader mode or some other back door how secure is it?
If I look at an encrypted file I expect to see hieroglyphics. That's not what I'm seeing here. I see either nothing at all because the device isn't recognised by my PC, or I have full access to the data.
So what effect should I expect to see that is different/more secure than a simple PIN-protected device? What's the actual benefit of encryption?
dahawthorne said:
Thanks, but my understanding is that the device PIN is the encryption key. You can't set encryption without having a device PIN. What else could it possibly be using?
So I guess I still don't understand if having my device encrypted is any better than having a simple PIN-secured unencrypted device. If someone can see my data via bootloader mode or some other back door how secure is it?
If I look at an encrypted file I expect to see hieroglyphics. That's not what I'm seeing here. I see either nothing at all because the device isn't recognised by my PC, or I have full access to the data.
So what effect should I expect to see that is different/more secure than a simple PIN-protected device? What's the actual benefit of encryption?
Click to expand...
Click to collapse
Ill be honest. Your device is only as secure as the person that steals it. No amount of security has been 100% proven to prevent the data being attainable if they have access to the device its self. While I am not saying the average thieve will be bale to do it but, then all they care about is the device and end up wiping the device and reselling it without a care about the info inside it.
dahawthorne said:
Thanks, but my understanding is that the device PIN is the encryption key.
Click to expand...
Click to collapse
That wouldn't be a good encryption, you usually need at least 256 bits to encrypt a volume. The pin is only to unlock the encryption key that's stored on a separate partition. Also to unlock the phone.
If you stick a USB cable into a phone that's on, it switches to USB charging mode by default, so you need to unlock it to change it to MTP or Camera. If you want to connect as USB debugging, you first must allow the new computer's fingerprint to connect, so you need the pin to unlock the phone again.
If encryption is used correctly, then you must enter your pin to resume boot. But you can just set MTP as default connection in a custom ROM, build it as userdebug that doesn't require ADB fingerprint, and set pin for unlocking lock screen only
Thanks, people. It looks like encryption is pretty well pointless then if any Tom, **** or Harry can just install a new ROM or recovery and get access to the data... Burning my battery for nothing but a lot of security hot air...?
Speaking of which, I've just rebooted my phone and despite having checked the "Require passcode to start Android", which actually did work at least once (meaning I had to enter a PIN 3 times, for Android, SIM and device), this time there was no Android challenge, only SIM & device.
This security really isn't up to the job at all.
That is incorrect. With out knowing the key, as long as you select require pon at boot, the only thing they could do is reformat your phone and continue using it. No matter what, the key to your data is needed to access it.
dahawthorne said:
Thanks, people. It looks like encryption is pretty well pointless then if any Tom, **** or Harry can just install a new ROM or recovery and get access to the data... Burning my battery for nothing but a lot of security hot air...?
Click to expand...
Click to collapse
I really don't get where this comes from?!? It's a very serious security measure, and it's really not its fault if people dynamite holes into the phone's security like using userdebug builds, and having custom recoveries.
The point is, you have to decide if you want a phone open for modding and to use to store sensitive data on it. There isn't a system that really can accommodate both.
But if you don't have any sensitive data on your phone then encrypting is really pointless.
Thanks again, guys.
@scryan - "select require pin at boot" - does this mean the "require PIN before starting Android"? This is what I mentioned I had but now I don't. An extra layer of security disappeared for no reason I can think of, and I see no option to switch it back on, since the only time it was offered to me was during the initial setup. I still have SIM lock and device lock, but more is better, no?
@istperson - I get the trade-off between security and flexibility. I would consider my photos, for example, to be secure data - even if I'm happy showing them to people I know, I don't want strangers poking around in them.
So bottom line - I still see no argument that says that encryption provides something that the PIN doesn't. How exactly is a PIN-protected encrypted phone more secure than a PIN-protected unencrypted phone?
Edit: I found the "require PIN on boot" option in one of the security tabs, and it appears to work. Back to 3 levels of security, but still in the dark about encryption benefits.
dahawthorne said:
So bottom line - I still see no argument that says that encryption provides something that the PIN doesn't. How exactly is a PIN-protected encrypted phone more secure than a PIN-protected unencrypted phone?
Click to expand...
Click to collapse
If they hit you on the head, take your phone, tear it apart, and remove the sdcard, it won't be readable because of the encryption. If it's unencrypted they can access every data.
But don't store naked selfies on you phone. or in the cloud, then you're safe.
Also the pin to boot doesn't go away by itself without tinkering. Go back to Settings/Security and switch on the Require pin to boot, or whatever it's called.
Basically encryption is how the data is stored on the device. Instead of the normal readable format, its scattered all around in a pattern that requires a key to calculate how to put it all back together.
When you computer goes to read a file, it pulls out a chunk of data, looks at what the right pattern is, then ignores the pieces it doesn't need.
When you phone is running you dont see any of this, because your phone is always in the middle decoding.
If I tried to access your data by circumventing the OS and its checks, all I would see was scrambled randomness.
Decent little wiki entry from arch linux
https://wiki.archlinux.org/index.php/Disk_encryption#How_the_encryption_works
Its more aimed at computers, but its the same thing...
"it won't be readable because of the encryption."
That I understand - thanks. I suppose I was just a bit uneasy because it seems a bit too simple to get in, but obviously tinkering with my own device is far simpler than tinkering with someone else's.
I'll put this one to bed now. I'm very grateful for everyone's patience in answering my questions.
Related
Even if one has installed some kind of lockdown/tracking software + lock pattern there is always the possibility that a thief would know how to reflash and/or wipe the phone or be able to use Google to find out how.
Has anyone worked on adding the possibility of locking access to fastboot, recovery and OS boot? (Password protecting adb would also be a nice addition.)
There is not much these forums about it. Here is a thread that died: http://forum.xda-developers.com/showthread.php?t=531225
I would be fine with compiling my own recovery image if that is what it takes to get my own password, but I guess fastboot is the biggest concern.
I hope some smart developers will take their time to read this and think about it. Let's hear some input on how big of a task this is. I am sure it can be done, so take the challenge and show us some love.
wow this is an awesome idea. ya because apps like mobiledefense or wavesecure would be useless if the thief knows how to wipe the phone. this would be great and i would love to see it work. i dont know crap about making my own recovery or else i would do it if thats what it means to make my own password protected recovery. but like u said, fastboot is a greater challenge.
I could see recovery maybe having this but the bootloader you are out of luck unless you have a dev or holiday version of the nexus. We currently cant flash custom SPL's because they are sig checked.
What happens when you forget your password? Brick?
MatMew said:
What happens when you forget your password? Brick?
Click to expand...
Click to collapse
Damn if you forget it than you are just too stupid, lol Jk
but good question, however i don't think any development on this will be done anytime soon, id definitely support it though if it ever starts.
Locking the SPL would require us to be able to write/flash one, which is currently impossible
Maybe a petition to google to set forth this new option then?
Because I was thinking the same thing...our laptops can do it, because duh, if someone steals your lappy they could just wipe to get the hardware so we can put a BIOS password so even thats impossible.
Our so 'open' phones should follow suit...please google, read this. It would be a fantastic option, that way its rendered completely useless to anyone that steals it and is smart with them (aka anyone reading these forums ).
THANKS
I want it
I've been thinking of how to 'secure' my phone's data again since I unlocked the bootloader... but this would be the way.
The feature request goes like this: Password protect the bootloader both for fastboot and getting into recovery (the option to start recovery should be password protected). A wipe is required in order to reset the password.
An additional and optional theft lock (along the lines of what the OP wants) would disable the password reset/wipe feature altogether, essentially bricking the phone if the password is unknown. Not exactly what I want (I just want my data to be safe), but should be easy enough to add both options if we have the code and can flash the SPL.
Obviously this is going nowhere if we can't flash the SPL, but there's no harm in putting this out there for Google to include in the next signed SPL.
Everyone should realize that unlocking the bootloader essentially puts all the data on your phone out there for anyone to grab without a password, given that they know a few things about fastboot/recovery. This is likely why Google forces a wipe when you originally unlock. We 'unlockers' should be given a way to get that security back.
We'd also need to find a way to 'type' a password (for the recovery option) while in the bootloader, since there's no keyboard. You could use the volume toggle to cycle through letters or numbers, but this puts this option far past a 'trivial' change to the SPL code. This may be why Google didn't include the option in the beginning.
theslam08 said:
Maybe a petition to google to set forth this new option then?
Because I was thinking the same thing...our laptops can do it, because duh, if someone steals your lappy they could just wipe to get the hardware so we can put a BIOS password so even thats impossible.
Our so 'open' phones should follow suit...please google, read this. It would be a fantastic option, that way its rendered completely useless to anyone that steals it and is smart with them (aka anyone reading these forums ).
THANKS
Click to expand...
Click to collapse
A computer bios password only keeps people from changing bios settings. They can still format the hard drive.
bubbahump said:
I've been thinking of how to 'secure' my phone's data again since I unlocked the bootloader... but this would be the way.
The feature request goes like this: Password protect the bootloader both for fastboot and getting into recovery (the option to start recovery should be password protected). A wipe is required in order to reset the password.
An additional and optional theft lock (along the lines of what the OP wants) would disable the password reset/wipe feature altogether, essentially bricking the phone if the password is unknown. Not exactly what I want (I just want my data to be safe), but should be easy enough to add both options if we have the code and can flash the SPL.
Obviously this is going nowhere if we can't flash the SPL, but there's no harm in putting this out there for Google to include in the next signed SPL.
Everyone should realize that unlocking the bootloader essentially puts all the data on your phone out there for anyone to grab without a password, given that they know a few things about fastboot/recovery. This is likely why Google forces a wipe when you originally unlock. We 'unlockers' should be given a way to get that security back.
Click to expand...
Click to collapse
This would be really great... an idea, if ever possible, to overcome the bricking phone by password being lost, is somehow emailing it to the registered google account... or maybe sending an sms to a known phone number that was registered before...
dalingrin said:
A computer bios password only keeps people from changing bios settings. They can still format the hard drive.
Click to expand...
Click to collapse
Actually you can set an ON-BOOT password, which will prevent it from being booted at all without the password. Unfortunately, it is not that great a security measure, since you can just reset the BIOS using the jumper on the motherboard. Also, every BIOS manufacturer leaves a backdoor in case of forgotten passwords, just do a Google search for BIOS DEFAULT PASSWORDS.
But, the main thing to remember here is that we do not have a keyboard, and very limited buttons to use. So, what are you thinking of using? A combination of buttons (similar to the quick-reboot)? Or, cycling through with the volume/trackball, kind of like on a briefcase/suitcase (argh, imagine the frustration).
The next thing would be the implementation of such an idea.
If the SPL is to be modified to be password protected, we would need to source code - which I don't think is available.
If the recovery is to be password protected, it would need to have immediate access to a rewriteable portion of the internal memory for storage/retrieval of said password (as would the SPL, but first things first - gotta have the source).
A simple qwerty on-screen keyboard and using the trackball to select characters would work fine. Up and down with volume keys or whatever to type in characters is not a viable option for long passwords.
It seems all this would be of no use without the possibility of flashing our own SPL, so I guess this is a bigger task than I thought at first. We all know SPL's have been hacked many times before, so I believe it can be done on the Nexus One too. But, because of the already unlocked SPL opening up flashing heaven, I am not so sure anyone is going to use any time on figuring it out.
This is what we are left with:
1. Find a way to flash a custom SPL. Piece of cake right?
2. Create an SPL with the possibility of adding password protected fastboot/recovery. Protecting boot will probably not be necessary, as it would make it impossible to trace a stolen phone.
Let me comment on the privacy issue: I am not really very concerned about the data on my phone. Of course I would not want all the pictures and videos I have shot to fall into the hands of complete strangers, but I try not to keep secret/sensitive data on my phone. It is not really very difficult to take the sdcard and put it in any other device or card reader to get all the data off of it. All the password protection in the world will never get us around some physical security. (Maybe I should make another request for encrypting the sdcard?)
What I want is to be able to somehow find the bastard(s) that took my mobile and get it back without it being wiped first. Though there is always the risk that they would not get past the unlock pattern and just throw it away right away. Let's just hope they left it powered on within network coverage.
How does Android store Gmail login credentials? Are the information cookie-like (only session information) or is there an actuall password (encrypted or not, doesn't matter) stored somewhere? If the latter than that would be very bad for the security of the Gmail account (most critical apps there are Mail and Checkout). It would probably be a good idea to change the Gmail password as soon as one starts missing his Android phone.
--
One way of increasing the odds to get a stolen phone back would be to flash a custom ROM with an embeded and preconfigured security application that installs automatically and silently after a wipe. Not perfect because a thief could just flash another ROM but there's a greater chance of a device getting wiped than not getting wiped, right?
I guess a password in recovery would add an extra percentage to those odds too.
So much for this request. Someone moved us to Q&A, so I guess this is doomed for now. We'll just have to keep our phone safe.
maedox said:
So much for this request. Someone moved us to Q&A, so I guess this is doomed for now. We'll just have to keep our phone safe.
Click to expand...
Click to collapse
Sorry for the bump. But seriously this is a must.
Any Nexus with unlocked bootloader leaves the internal memory unprotected (All your photos in DCIM folder, etc).
You just need to enter fastboot and flash a custom recovery.
Hello
Well i have a phone that has exactly what was being mentioned in this thread and i have literally tried everything everyone is saying about flashing, etc.
Hello, I am aware of the reset my phone function on windows phone. I understand that it's mounted as an MTP when connecting to a PC. I would like to know if there is a complete, secure, total wiping method for the ultra-paranoid, suitable for WP 8 that will be given away, on the level of how dBan does it. In light of the recent news about how easy it is to recover data on Android, and the fact that it's not impossible on iPhone, I would like to know this.
I am also curious if there is any way to mount the WP 8 as a fully accessible drive, similar to a USB, in order to view all files and perform sanitization. I am curious if this exists for not just Windows, but any of the other OSes out there.
It's probably not technically a full shred of the data, especially since doing so is bloody hard on flash storage. It might even be just a quick format, leaving nearly all the data intact. However, this isn't *very* concerning, because (in answer to your second question) no, there isn't any way to mount the storage directly. Apps don't have the privileges, USB only exposes MTP unless you have a non-retail engineering phone, and there's no way (at this time) to get the required access to the OS. A sufficiently determined attacker *could* pull the data off the physical storage, though this would probably require effectively destroying the phone.
On the other hand, there's an even better option (if you can manage it): BitLocker. If you encrypt the data, then the encryption key (and all material needed to recover it) will be wiped even in a quick format, and your data will be permanently unrecoverable. The problem is, WP8 supports BL but doesn't expose a user-reachable way to enable it. The usual method is to connect to an Exchange server that mandates device encryption, which will turn on BL on the phone. Stupid, I know...
secure erase
GoodDayToDie said:
It's probably not technically a full shred of the data, especially since doing so is bloody hard on flash storage. It might even be just a quick format, leaving nearly all the data intact. However, this isn't *very* concerning, because (in answer to your second question) no, there isn't any way to mount the storage directly. Apps don't have the privileges, USB only exposes MTP unless you have a non-retail engineering phone, and there's no way (at this time) to get the required access to the OS. A sufficiently determined attacker *could* pull the data off the physical storage, though this would probably require effectively destroying the phone.
On the other hand, there's an even better option (if you can manage it): BitLocker. If you encrypt the data, then the encryption key (and all material needed to recover it) will be wiped even in a quick format, and your data will be permanently unrecoverable. The problem is, WP8 supports BL but doesn't expose a user-reachable way to enable it. The usual method is to connect to an Exchange server that mandates device encryption, which will turn on BL on the phone. Stupid, I know...
Click to expand...
Click to collapse
Thank you for that information. Am I correct in assuming that encryption also encrypts user data that may still remain from before a flash, even if that data is no longer accessible? Also, does a full firmware and software flash using Nokia care suit product support tool found on this forum overwrite all data?
BitLocker is capable of encrypting free space as well, though I don't know whether the phone's implementation does so. In general, I would expect it to, though.
No idea w.r.t. firmware flashing, but generally speaking those don't touch the user data at all (you have to hard reset as part of the process, though).
What Decryption does? I know that It boosts the performance, but what else it does?
digitLIX said:
What Decryption does? I know that It boosts the performance, but what else it does?
Click to expand...
Click to collapse
Although you will see a lower overhead in read/write operations of the device, I don't think you'd notice it all that much and there are fixes if rooted, to increase that.
The other thing it does, is to not encrypt your data. The reason I decrypt is I do not like my data encrypted. I backup all my data regularly and although any operation moving data off the device should decrypt it, I never truly trust this. What I dont want to do is end up with a pile of backed up data that didn't unencrypt properly. For most people this won't be an issue but working in IT support, I have had many run ins with encryption so I prefer not to use it... Also I do not want to have to enter any passcode at boot, because I run automated procedures that involve rebooting the phone over night. Sure, I could set not to have a passcode, but that makes all data accessible via android or recovery, which makes encryption pointless.
It's just personal preference really. There's no genuine need for you to decrypt
rootSU said:
Although you will see a lower overhead in read/write operations of the device, I don't think you'd notice it all that much and there are fixes if rooted, to increase that.
The other thing it does, is to not encrypt your data. The reason I decrypt is I do not like my data encrypted. I backup all my data regularly and although any operation moving data off the device should decrypt it, I never truly trust this. What I dont want to do is end up with a pile of backed up data that didn't unencrypt properly. For most people this won't be an issue but working in IT support, I have had many run ins with encryption so I prefer not to use it... Also I do not want to have to enter any passcode at boot, because I run automated procedures that involve rebooting the phone over night. Sure, I could set not to have a passcode, but that makes all data accessible via android or recovery, which makes encryption pointless.
It's just personal preference really. There's no genuine need for you to decrypt
Click to expand...
Click to collapse
Thanks, I also heard decryption boosts the boot time? My nexus 6's boot time takes like 30-60 seconds Is It normal?
digitLIX said:
Thanks, I also heard decryption boosts the boot time? My nexus 6's boot time takes like 30-60 seconds Is It normal?
Click to expand...
Click to collapse
Yes it will boost boot because read / write operations occur during boot and the OS has to "decrypt" whilst doing so... It's not technically decrypting them, but thats the simplest way of explaining it.
http://lmgtfy.com/?q=What+are+the+Differences+between+Decrypted+and+Encrypted?
rootSU said:
Yes it will boost boot because read / write operations occur during boot and the OS has to "decrypt" whilst doing so... It's not technically decrypting them, but thats the simplest way of explaining it.
Click to expand...
Click to collapse
Last question, once I decrypt is it gonna be for hackers easy to hack into my data? or I shouldn't be worrying about decrypting
Most custom kernels already include patches to speed up I/O reads on encryption to the point where having your device encrypted or decrypted would not be that significant in terms of noticeability.
Last question, once I decrypt is it gonna be for hackers easy to hack into my data? or I shouldn't be worrying about decrypting
Click to expand...
Click to collapse
I don't think that you have a clear understanding what encryption is or what it actually does, no offense. Encryption has nothing to do with "hackers" having a easier time hacking your data, it's about hackers obtaining your information and then being able to see all the file contents; whereas, if your device is encrypted even though the hackers obtained your data, they have to go through a decryption process in order to make the "stolen data" useful to them as the files will appear to be jibberish to them. The decryption process requires high level math computations in order to obtain private, public keys (depending on the encryption method being used) that can takes large amounts of computing time in order to obtain the values to decrypt the files.
No one is going to hack your data, Android and iOS made encryption enabled by default for mainly NSA purposes.
My suggestions to you OP is to just remain encrypted and use a custom kernel with encryption patches (Lean Kernel, Franco Kernel are one of the many that include these patches already) just to make your life easier.
digitLIX said:
Last question, once I decrypt is it gonna be for hackers easy to hack into my data? or I shouldn't be worrying about decrypting
Click to expand...
Click to collapse
Encryption won't protect you against remote hackers. If Android is running, it is already seeing your data as you gave it your encryption password.
zephiK said:
Most custom kernels already include patches to speed up I/O reads on encryption to the point where having your device encrypted or decrypted would not be that significant in terms of noticeability.
I don't think that you have a clear understanding what encryption is or what it actually does, no offense. Encryption has nothing to do with "hackers" having a easier time hacking your data, it's about hackers obtaining your information and then being able to see all the file contents; whereas, if your device is encrypted even though the hackers obtained your data, they have to go through a decryption process in order to make the "stolen data" useful to them as the files will appear to be jibberish to them. The decryption process requires high level math computations in order to obtain private, public keys (depending on the encryption method being used) that can takes large amounts of computing time in order to obtain the values to decrypt the files.
No one is going to hack your data, Android and iOS made encryption enabled by default for mainly NSA purposes.
My suggestions to you OP is to just remain encrypted and use a custom kernel with encryption patches (Lean Kernel, Franco Kernel are one of the many that include these patches already) just to make your life easier.
Click to expand...
Click to collapse
Not offended, I'm sorry for being stupid I totally have no clue about this kind of stuff.
This answered my question, Thank you for the help.
rootSU said:
Encryption won't protect you against remote hackers. If Android is running, it is already seeing your data as you gave it your encryption password.
Click to expand...
Click to collapse
Thanks.
digitLIX said:
Not offended, I'm sorry for being stupid I totally have no clue about this kind of stuff.
This answered my question, Thank you for the help.
Thanks.
Click to expand...
Click to collapse
You're not being stupid. Don't be rude to yourself.
Encryption was something that was considered very secretive back in the days. You can read about that in the history of encryption.
Sent from my Nexus 6 using Tapatalk
Faux Kernel also has patches to speed things up. Thanks for asking this stuff. its good to have all the info in one spot.
Just to add, encrypted data only really protects the data if someone has physical access to the device who doesn't have the password. If they cannot unlock the phone, you'd expect they could boot into recovery or whatever and get your data that way, but like @zephiK said if it is encrypted - that data is useless.
However to clear, it doesn't protect you against remote theft of the data. When you enter your password into the device, you're giving the OS permission to do what it nerds with the data. If you unlock the phone and start copying data elsewhere, as it leaves the device, it becomes decrypted. If some remote "hacker" had got you to install an application on your phone and your phone allows data to be copied off the device, the encryption is useless because as its moving off the device, its being decrypted.
But yeah, no one will be trying to get the data anyway.
Did anybody try to encrypt the z3compact? Is the performance hit noticeable or negligible?
I'm very fought about encrypting my phone. Would I lose the smartlock feature?
Thanks in advance
I encrypted it, including SD card. There is no visible impact I would say. I think PIN and password is the only unlock option after encryption, the biggest drawback for me is that you can't manage it with Sony Companion after encryption (as Sony did not manage to implement support it seems).
PIN and password are the only options available after encryption and you'll probably lose smartlock.
In KK at least performance was about the same. Though it did reduce my battery life...
i9300usr said:
I was curious to know if this was true with Sony Bridge too (Mac app), and I found this thread on the Sony forums. The Sony mods there insist that this is a choice by Sony to maintain security. Apparently none of them have heard of encrypted backups (à la iPhones). So, possible this will never be implemented.
Click to expand...
Click to collapse
It's not that important, ADB backups work and are more complete, only drawback is the time they take
i9300usr said:
I was curious to know if this was true with Sony Bridge too (Mac app), and I found this thread on the Sony forums. The Sony mods there insist that this is a choice by Sony to maintain security. Apparently none of them have heard of encrypted backups (à la iPhones). So, possible this will never be implemented.
Click to expand...
Click to collapse
i9300usr said:
So, just to make sure I understand you correctly: ADB allows users to make backups of encrypted Sony Xperia phones? Are the backups encrypted or unencrypted? And is the restore process straightforward?
Click to expand...
Click to collapse
Yes ADB allows you to make a full encrypted backup of your phone (including apps installation files). The restore process is straightforward as well but it's not as complete as say an iPhone backup. ADB might not be able to access some files, especially ADB might restore all your apps but not your launcher settings, folders, etc...
Even though the backup is encrypted, keep in mind that if you use a four digits code it can be bruteforced in less than 10s so encryption does not mean much in this regard.
difto said:
...Even though the backup is encrypted, keep in mind that if you use a four digits code it can be bruteforced in less than 10s so encryption does not mean much in this regard.
Click to expand...
Click to collapse
This is interesting. Are you referring to a code ADB requires or the code used on the phone? I use a pattern on the phone.
scottjb said:
This is interesting. Are you referring to a code ADB requires or the code used on the phone? I use a pattern on the phone.
Click to expand...
Click to collapse
If you encrypt your phone you cannot use the pattern anymore. The ADB password is the same as your phone password so either 4 digits or a real password.
difto said:
If you encrypt your phone you cannot use the pattern anymore. The ADB password is the same as your phone password so either 4 digits or a real password.
Click to expand...
Click to collapse
I have my phone encrypted and use a pattern. I was not required to change it to a PIN when I encrypted it.
That's why I asked, I wonder how ABD would handle the pattern.
You can transfert files when the phone is mounted as mass storage and unlocked, that's why Sony isn't consistent. You can also transfert files using a third party ftp server like es file browser.
I encrypted my phone last week. Not really noticed any difference in terms of general performance and battery life. One thing I hate is that if you fail to enter the correct password 10 times your phone gets wiped. I hate this because it just makes it easy for people to troll you and makes a thief's job easier because your essentially getting your phone ready to be sold on and also locking yourself out so it can't be tracked.
Another negative is startup takes forever but, you don't really reboot phones much anyway
i9300usr said:
Sounds like something I might actually use. Thanks for the feedback.
So, this is by default and can't be disabled by the user? Hmm, Apple's iOS at least makes the wipe optional.
So much this. Makes backing up your phone every day a necessity just in case. But then:
a) how many people are actually aware the wipe is mandatory for encrypted phones,
b) how many would be mean-spirited enough to actually do this,
and
c) how can people tell if your phone's encrypted?
I think the likelihood is low, but I guess that depends on the company you keep. But if it's that kind of company, you're probably wise enough to keep the phone in your possession all the time anyway.
Unless you're running 5.1, and have enabled "Device Protection" - if Google have actually implemented it? Did the promised "kill switch" actually make it to our phones?
How useful is the tracking anyway? Do the Police even care? I've read articles where the owners themselves had to retrieve their phones, and that can be a very tricky prospect.
Yup, very infrequently these days.
Well, this is all better than the non-existent encryption on my S3.
Click to expand...
Click to collapse
Sadly, no you can't disable the wipe after 10 failed attempts. Well I'm uni student and you know what some people are like when it comes to trolling! I don't think z3 compact has the device protection. Not mine anyway. The police should track it. Well I've heard they help here in the UK
I think it's better to go without encryption, root with locked bootloader and install Cerberus to system partition, and use a strong lock pattern or password.
No worries of 10 try wipes, more secure lockscreen options, and can still track the phone even after a factory reset (unless they reflash the entire system.)
cschmitt said:
I think it's better to go without encryption, root with locked bootloader and install Cerberus to system partition, and use a strong lock pattern or password.
No worries of 10 try wipes, more secure lockscreen options, and can still track the phone even after a factory reset (unless they reflash the entire system.)
Click to expand...
Click to collapse
I think there's a tendency to speak too lightly of rooting. It invalidates warranty, which is a big deal for a US$400–600 phone such as this. Even after the warranty expires, I think it places far too much responsibility on the user to solve any problems that may arise, which can be onerous if the phone actually serves a purpose (as opposed to being merely a prestige item, which I'm sure it frequently is).
Rooting is a nice concept, but it presents real-world problems that can entirely negate any benefits gained; it's not the panacea it purports to be.
OK, this is not strictly a OP3T problem but that's where it happened to me. I run Norton Mobile Security on my phone, which is encrypted. Just recently enabled Web Protection to see if that would help speed up the incredibly long time Norton takes to analyze links before it allows pages to load. When I set it up and enabled Norton Security Services in the Accessibility menu, there was a fine-print screen that said Norton would be taking over some of the lock screen functions. No big deal.
When I rebooted the phone, it went straight to Android, without asking for the encryption password. I booted into recovery, same thing. I tried disabling Norton Web Protection, still no password. Uninstalled Norton, still no password. The Security menu shows the phone is still encrypted, which I figured because the installation didn't take long enough to decrypt the phone, and because it doesn't work that way anyway.
I tried this first on an LG G2 running Lineage 16 , but didn't notice the lack of the password prompt until it was too late, and I had done the same thing to my daily driver OP3T.
After about two hours on a chat with Norton support, they escalated me up to senior support, and said I'd get a call back in a couple of days.
So, I turn to this group. There's only one way I can explain this behavior: it appears Norton Mobile Security might be modifying the bootloader to preload the encryption password and bypass the prompt. This effectively disables decryption, since anyone can now boot my phone into recovery and ADB pull whatever they want.
The phone is fully functional, but also wide open. Short of copying everything off the phone, resetting and starting from scratch, does anyone have a suggestion? I do have TWRP backups that include the bootloader, but I don't want to overwrite the bootloader if that risks breaking the encryption entirely and locking me out of my phone.
In the meantime, be careful with Norton Mobile Security!
If memory serves me right (ha!), disabling the boot password is supposed to happen when you enable any accessibility settings...
That makes sense. The warning looked like standard Android boilerplate. Is there a way to re-enable the password prompt?
mobilityguy said:
That makes sense. The warning looked like standard Android boilerplate. Is there a way to re-enable the password prompt?
Click to expand...
Click to collapse
Yes, disable whatever accessibility setting you enabled. It's got nothing specifically to do with Norton....
Didgeridoohan said:
Yes, disable whatever accessibility setting you enabled. It's got nothing specifically to do with Norton....
Click to expand...
Click to collapse
I disabled everything I could find related to accessibility - the Norton services and the Android accessibility shortcut. What am I missing?
Also, the problem affects the recovery partition boot, which has also stopped asking for the encryption password but decrypts the phone must fine. Doesn't seem like changes to the Android options would change that.
You might have to reenable the boot password in the security settings as well.
Didgeridoohan said:
You might have to reenable the boot password in the security settings as well.
Click to expand...
Click to collapse
Yes! That did it. Opening the PIN option on the security screen brought up a prompt asking if I wanted to have the PIN prompt on boot. It now asks for passwords on both system and recovery. Thank you for the last piece of the puzzle.