In this article, I’m going to explain the benefits of encrypting your Android device, as well as the drawbacks. Iâll walk you through step-by-step instructions about how to encrypt the device. Iâll also explain the encryption options available for microSD card users.
Then, finally, Iâll explain what will happen if you ever need to decrypt your Android device. (Spoiler alert: Youâll need a recent backup.)
Why Should I Encrypt My Android Device?
If youâre like me, your whole life is on your phone.
The Android handset that you take out of your pocket, backpack or purse for what seems like thousands of times a day contains all of your personal and business information, your favorite apps, all of your contacts, priceless photos of friends and family, and God only knows what else. No one but you deserves to have access to that.
Unfortunately, if your Android device is lost or stolen, whoever gets their hands on it could have access to whatever is stored on it. Sure, youâve protected it with a passcode or a fingerprint so no one can unlock it. But, they could connect it via USB to a computer and attack it from there.
Thatâs why encrypting your Android phone or tablet is so important.
What Does Device Encryption Do?
Device encryption converts all of the data you have stored on your Android phone or tablet into a âscrambledâ form that you can only access using the correct credentials. (That credential is your Android device passcode or password.)
However, encryption provides an additional layer of protective security for your deviceâs data over the standard passcode/password/fingerprint lock screen that many use on Android devices.
If your device is not encrypted and is merely protected by a lock screen, users may not be able to access your device directly, but they can access the data on it by connecting it to a computer and running software to access the data stored on the device.
If your device is encrypted, the information stored on the device will be unreadable, even if accessed by exterior methods. Remember, more security is always better security.
At a basic level, encryption is a form of the character substitutions that many of us used in grade school to send âsecretâ messages to our schoolmates. (A = 21, B = 4, C = 12, etc.) Or maybe you had one of those fancy decoder rings. (Well, lah-dee-dah!)
However, encryption today is far, far more advanced and secure than simply writing “21” instead of “A”, etc. Check out my article about what encryption is and how it works to learn more about today’s highly-secure encryption methods.
âThe Benefits of Encrypting Your Android Device
Device encryption does not protect the data traveling to and from your deviceâonly the data that is stored on the device (youâll want to use a VPN to protect the data transmitted to and from your device).
Android device encryption is popular among corporations that issue devices to their employees. Those devices may contain corporate secrets, time-sensitive documents, or other information that may be attractive to hackersâor even corporate competitors. Hackers are unable to access the device and its data without the deviceâs passcode or password.
If you own an Android device for personal use, you will also want to consider encrypting your device(s), keeping your personal files, photos, and other information safe from the prying eyes of anyone who may steal or find a lost device.
Encrypting your device can also make it tougher for the bad actors of the world to hack your device. Encryption requires you to use a passcode, a fingerprint or your face to unlock the device. This has the pleasant side effect of preventing anyone else from unlocking your device without your consent. This not only protects the data on your device, but it also prevents a third party from easily sending messages, emails, social posts and other potentially embarrassing communications from your device.
âThe Drawbacks of Encrypting Your Android Device
I donât want to mislead my readers into thinking encryption is all flowers and unicorns, with no drawbacks of any kind.
As with just about any type of security-related subject, there are some drawbacks to encrypting your device. Iâll lay them out for you here, and then it will be up to you to decide if any of these are deal-breakers.
I’m not listing these âconsâ to deter you from encrypting your device. On the contrary, I recommend encrypting your mobile devices. However, I simply want my readers to be well-informed about the subject of encryption before they blindly jump into the process.
Slower Performance
After an Android device is encrypted, you may see some slight performance drops.
While this will likely not be noticeable on high-end devices, if you’re using a low-end or older device, you may see a drop in the performance of your device. This is because, once you’ve encrypted the information on your device, it will need to be decrypted on the fly every time you access it. This will tax your deviceâs CPU a bit more.
Encryption Is a One-Way Street; Thereâs no Going BackÂ
If you turn on encryption for your Android phone or tablet, thereâs usually no way to reverse the process, short of doing a factory reset of the device and starting over. Sure, some manufacturers may offer an option to encrypt and then decrypt, but this option is not generally available.
If Your Device Is Rooted, Youâll Need to (Temporarily) Unroot ItÂ
Many Android users root their devices to give them access to features of the device and operating system that may not normally be available. Rooting is similar to having Administrator access to a computer or network, which allows a user to perform actions that are not available to the average user.
If you attempt to encrypt a rooted Android device, youâll run into problems and run the risk of losing all of your data. If you want to encrypt a rooted device, youâll need to unroot it, encrypt it and then root it again afterward.
Time Investment Â
When encrypting your Android device, it can take an hour or more to complete the process. The actual length of time will depend on the speed of your device, as well as the amount of data you have stored on the device.
Be warned: this is not something you can do on your coffee break, or while youâre waiting to get a table at your favorite lunch spot.
If none of the above would deter you from encrypting your Android device, then letâs move on to the next section, where I walk you through the steps to encrypt your device.
How to Encrypt Your Android Device
As promised, this is the portion of my show that youâve all been waiting for. Well, not the guy over in the corner with the iPhone, but the rest of you. Itâs time to encrypt your Android phone or tablet.
Iâll be covering two types of Android encryption: full-disk encryption and file-based encryption. Full-disk encryption protects all of a deviceâs user data partition (the storage on the Android device), while file-based encryption allows files to be individually encrypted, allowing the files to be unlocked on an independent basis.
Please note: Android devices install customized versions of Android on their devices. This means the steps for encrypting your device may be slightly different.
If your system menus donât match the menus mentioned here, check with your device makerâs customer support folks for more information. Both of the devices I used for this part of the article are BLU devices.
Full-Disk Encryption
Android 5.0 through Android 9 supports full-disk encryption. Note: Devices that launched with Android 10 or higher must use file-based encryption instead of full-disk encryption. Android 10-12 support full-disk encryption only for devices that upgraded from a lower Android version.
Full-disk encryption uses a single encryption key to unlock the encryption used for the device, which is protected by the userâs device password. It protects all of a deviceâs user data partition. When the device boots up, the user must provide their passcode before any part of the user data storage is accessible. Without it, the device is unusable.
While this method of encryption is excellent for security, itâs lousy for user convenience. Most of a deviceâs core functionality is not immediately available when a user reboots their device, meaning features like alarms, accessibility services and even receiving phone calls are not available.
Step 1: Backup! Backup! Backup!
If you havenât done so already, take the time to back up your Android device.
While encryption is a safe and simple process, Murphyâs Law (âanything that can go wrong will go wrongâ) always applies to any process related to electronic devices, and encryption is no exception.
Besides, youâre supposed to be backing up ALL of your devices on a regular basis. Thatâs Safe Computing 101.
Step 2: Make sure your device is fully charged
Make sure your device is charged to at least 80% of its full capacity.
The Android operating system wonât let you begin the process unless your device is charged to at least 80%. Youâll need to keep your device plugged into a charger during the entire encryption process, just to help ensure everything will run smoothly.
Step 3: Enter a lock screen passcodeÂ
Okay, this is something you should already have set up on your phone or tablet. However, on the off chance you donât lock your device with a passcode or password, do so now.
Ideally, youâll want to use a fairly complex string of numbers or characters to set your passcode. Make sure it’s a unique password, as re-using old passwords is asking for trouble. However, keep in mind that youâll need to remember AND enter this passcode every time you unlock your device, so try to find a happy medium.
Step 4: Begin the encryption process
While your phone is connected to the charger, do the following. (The menus on your device might differ a bit, depending on the Android version your device has installed and which company manufactured the device.)
1. Enter the âSettingsâ app on your Android device.
2. Tap the âSecurityâ menu option in the Settings menu.
3. Find the âEncryptionâ section in the Security menu. There, youâll see a menu option labeled âEncrypt Phoneâ (or âEncrypt Tablet,â depending on which device youâre encrypting.) Tap that.
4. âOn the next screen, youâll see an explanation of whatâs about to happen, and that youâll need to unlock the device every time you wish to use it.
It will also mention that youâll need to perform a factory data reset to decrypt your device, losing all of your data. In addition, it will warn you that your device must be charged and remain connected to the charger during the encryption process. If all of that doesnât scare you off, tap the âENCRYPT PHONEâ button to begin the encryption process.
5. Go get a snack and your favorite beverage, sit down with your favorite book or Netflix show, and wait a while.
Be sure not to unplug or screw around with your phone while it is encrypting. Seriously. Leave it alone.
Your device will prompt you when the decryption process has finished, usually within the space of an hour or so.
Step 5: Enjoy your newly encrypted Android device
Once the encryption process is finished, all of the data stored on your Android device will be protected from the eyes of others.
File-Based Encryption
Android 7.0 and above supports file-based encryption (FBE). (For devices running Android 10 and later, file-based encryption is a requirement and should be enabled on new devices straight out of the box. However, if you have updated your device to Android 10, you will need to convert your deviceâs encryption to file-based.)
File-based encryption allows different files to be encrypted using different encryption keys, allowing the files to be unlocked independently.
Devices that offer support for file-based encryption also support Direct Boot, which allows a device to go straight to the lock screen when it boots up, allowing access to device features such as alarms, accessibility services and receiving calls.
By using file-based encryption and APIs (programming interfaces) that allow apps to be aware of file-based encryption, apps can operate within a limited context before a user has provided their credentials, while still allowing private user information to be protected.
If you buy an Android device with Android 7.0 or later installed, thereâs a chance file-based encryption might already be in place. However, it isnât required to be enabled on new devices until Android 10. Hereâs how to find out if your device is already using FBE.
Go to âSettingsâ -> âSecurityâ -> âScreen Lockâ and tap your current screen lock setting. If ârequire PIN to start deviceâ is an option, youâre running full-disk encryption and can convert to file-based encryption.
If you need to convert your device to FBE, please keep in mind that this process will erase all of your data, which will effectively factory-reset the device! This makes step 1 arguably the most important step of the entire process.
To convert your Android device to file-based encryption, do the following:
Step 1: Back it up!
If you havenât backed up your Android device, do it now. Always back up any electronic device before making a big change, like encrypting your device or updating the operating system. Especially in this case, as weâre erasing all of the data on your device.
Itâs easy to back up your device, and the peace of mind a regular backup provides is well worth the amount of time it takes to perform a backup.
Step 2: Make sure your device is fully charged
Make sure your device is charged to at least 80% of its full capacity. Youâll also want to keep your device plugged into a charger during the entire process.
Step 3: Enable developer options
Youâll need to enable Developer Options on your device to perform the conversion of your device to FBE. To do so, follow these steps:
- Go to the Settings menu and find âAbout phoneâ or âAbout tablet.â Tap that.
- On the About screen, find the Build number.
- Tap the Build number field 7 times to enable Developer Options. After you tap a few times, youâll see a countdown notification that says âYou are now X steps away from being a developer.â
When youâre done, youâll see a message that says âYou are now a developer!â (Youâll have to learn how to actually develop apps on your own, though – itâs not a learn-by-osmosis thing.)
Step 4: Begin the encryption process
With your phone connected to the charger, perform the following steps. (The menus on your device might differ a bit, depending on the Android version your device has installed and which company manufactured the device.)
- After backing out to the main Settings menu, find the âSystemâ menu item. Tap that.
- In the System menu, look for âDeveloper options.â Tap that.
- Find the âConvert to file encryptionâ option. Tap that.
- On the next screen, youâll see a warning that converting your device to file-based encryption will erase all of your data and that the feature is alpha and may not work correctly. (When a feature is âalpha,â it means it is still being tested, and may still contain bugs and unwanted âfeatures.â) If you have a backup of your device (youâll need it to restore your data and apps), and youâre sure you want to convert your deviceâs encryption to file-based encryption, tap the âWIPE AND CONVERTâŚâ button.
5. Wait while your device is converted. It will reboot when finished.
6. Restore your data and enjoy your deviceâs new file-based encryption.
Conclusion
If you want to ensure that the information stored on your Android phone or tablet stays safe from prying eyes, encrypting your device is one of the best steps you can take to protect your privacy, especially if the device is lost or stolen.
Encrypting your Android device covers the data on the device with a coating of encryption, rendering the information unreadable, unless the user enters their passcode or password, or unlocks the device using their fingerprint or another biometric unlocking process.
This is a security-enhancing step that all Android users can take to protect their personal data, and itâs particularly important for users that keep business-related information on the device.
The encryption process is a simple, yet important way to keep your personal and business-related information safe from crooks, hackers, government types, and anyone else that would love to see what you have stored on your Android device.
Now, if youâll excuse me, the postal carrier is here with a package. I think itâs the vintage Captain Midnight decoder from eBay.
Android Encryption FAQs
Is Encryption Legal?
Encrypting your Android device is legal in most countries. It even offers added advantages, as in countries like the United States and Canada, the cops can't search your mobile device if it's encrypted.
Is There an Alternative to Full-Device Encryption?
Yes, many apps allow encrypting their files on a file-by-file basis. However, keep in mind that this means third parties could read your other information without your password or passcode.
Why Should I Encrypt My Android Phone?
Your Android phone contains loads of personal and possibly financial information that the bad actors of the world would love to get their hands on. If you don't encrypt your phone you're making it easy for the bad guys to access your information. This is especially important when you use your Android device for business purposes, possibly accessing sensitive documents and files.
Is Encrypting My Android Phone Safe?
Yes, it is generally safe. However, be forewarned that once your device is encrypted there is no going back, as your device can only be restored to its unencrypted formet by doing a complete factory reset of your device.
Contents [hide]