How to Encrypt Your Android Device
A Step-by-Step Guide
If you’re like me, your whole life is on your phone.
The Android handset that you take out of your pocket, backpack or purse for what seems like thousands of times a day contains all of your personal and business information, your favorite apps, all of your contacts, priceless photos of friends and family, and God only knows what else. No one but you deserves to have access to that.
Unfortunately, if your Android device is lost or stolen, whoever gets their hands on it could have access to whatever is stored on it. Sure, you’ve protected it with a passcode or a fingerprint so no one can unlock it. But, they could connect it via USB to a computer and attack it from there. That’s why encrypting your Android phone or tablet is so important.
In this article, I’m going to explain the benefits of encrypting your Android device, as well as the drawbacks. I’ll walk you through step-by-step instructions about how to encrypt the device. I’ll also explain the encryption options available for microSD card users.
Then, finally, I’ll explain what will happen if you ever need to decrypt your Android device. (Spoiler alert: You’ll need a recent backup.)
Why Should You Encrypt Your Android Device?
1
What Does Device Encryption Do?
Device encryption converts all of the data you have stored on your Android phone or tablet into a “scrambled” form that can only be accessed using the correct credentials. (That credential is your Android device passcode or password.)
Encryption is a sophisticated form of the character substitutions that many of us used in grade school to send “secret” messages to our schoolmates. (A = 21, B = 4, C = 12, etc.) Or maybe you had one of those fancy decoder rings. (Well, lah-dee-dah!)
2
The Benefits of Encrypting Your Android Device
Device encryption does not protect the data traveling to and from your device - only the data that is stored on the device. You’ll want to use a VPN to protect the data transmitted to and from your device.
Android device encryption is popular among corporations that issue devices to their employees. Those devices may contain corporate secrets, time-sensitive documents or other information that may be attractive to hackers - or even corporate competitors. Hackers are unable to access the device and its data without the device’s passcode or password.
Users who own Android devices for personal use will also want to consider encrypting their device(s), keeping their personal files, photos and other information safe from the prying eyes of anyone who may steal or find a lost device.
Encryption provides an additional layer of protective security for your device’s data over the standard passcode/password/fingerprint lock screen used on many Android devices.
If your device is not encrypted and is merely protected by a lock screen, users may not be able to access your device directly, but they can access the data on it by connecting it to a computer and running software to access the data stored on the device.
If your device is encrypted, the information stored on the device will be unreadable, even if accessed by exterior methods. Remember, more security is always better security.
3
The Drawbacks of Encrypting Your Android Device
I don’t want to mislead my readers into thinking encryption is all flowers and unicorns, with no drawbacks of any kind.
As with just about any type of security-related subject, there are some drawbacks to encrypting your device. I’ll lay them out for you here, and then it will be up to you to decide if any of these are deal-breakers.
I am not listing these “cons” to deter you from encrypting your device. On the contrary, I recommend encrypting your mobile devices. However, I simply want my readers to be well-informed about the subject of encryption before they blindly jump into the process.
Slower Performance
After an Android device is encrypted, you may see some slight performance drops.
While this will likely not be noticeable on high-end devices, users of low-end or older devices may see a drop in the performance of their devices. This is because, once the information on your device has been encrypted, it will need to be decrypted on the fly every time you access it. This will tax your device’s CPU a bit more.
Encryption Is a One-Way Street; There’s No Going Back
If you turn on encryption for your Android phone or tablet, there’s usually no way to reverse the process, short of doing a factory reset of the device and starting over. Sure, some manufacturers may offer an option to encrypt and then decrypt, but this option is not generally available.
If Your Device Is Rooted, You’ll Need to (Temporarily) Unroot It
Many Android users root their device to give them access to features of the device and operating system that may not normally be available. This is similar to having Administrator access to a computer or network, which allows a user to perform actions that are not available to the average user.
If you attempt to encrypt a rooted Android device, you’ll run into problems and run the risk of losing all of your data. If you want to encrypt a rooted device, you’ll need to unroot it, encrypt it and then root it again afterward.
Time Investment
When encrypting your Android device, it can take an hour or more to complete the process. The actual length of time will depend on the speed of your device, as well as the amount of data you have stored on the device.
Be warned: this is not something you can do on your coffee break, or while you’re waiting to get a table at your favorite lunch spot.
If none of the above would deter you from encrypting your Android device, then let’s move on to the next section, where I walk you through the steps to encrypt your device.
How to Encrypt Your Android Device
As promised, this is the portion of our show that you’ve all been waiting for. Well, not the guy over in the corner with the iPhone, but the rest of you. It’s time to encrypt your Android phone or tablet.
We’ll be covering two types of Android encryption: full-disk encryption and file-based encryption. Full-disk encryption protects all of a device’s userdata partition (the storage on the Android device), while file-based encryption allows files to be individually encrypted, allowing the files to be unlocked on an independent basis.
Please note: Android devices install customized versions of Android on their devices. This means the steps for encrypting your device may be slightly different.
If your system menus don’t match the menus mentioned here, check with your device maker’s customer support folks for more information. Both of the devices I used for this part of the article were made by BLU.
Full-Disk Encryption
Android 5.0 through Android 9 supports full-disk encryption.
Full-disk encryption uses a single encryption key to unlock the encryption used for the device, which is protected by the user’s device password. It protects all of a device’s userdata partition. When the device boots up, the user must provide their passcode before any part of the userdata storage is accessible. Without it, the device is unusable.
While this method of encryption is excellent for security, it’s lousy for user convenience. Most of a device’s core functionality is not immediately available when a user reboots their device, meaning features like alarms, accessibility services and even receiving phone calls are not available.
Step 1: Backup! Backup! Backup!
If you haven’t done so already, take the time to back up your Android device.
While encryption is a safe and simple process, Murphy’s Law (“anything that can go wrong will go wrong”) always applies to any process related to electronic devices, and encryption is no exception.
Besides, you’re supposed to be backing up ALL of your devices on a regular basis. That’s Safe Computing 101.
Step 2: Make Sure Your Device is Fully Charged
Make sure your device is charged to at least 80% of its full capacity.
The Android operating system won’t let you begin the process unless your device is charged to at least 80%. You’ll need to keep your device plugged into a charger during the entire encryption process, just to help ensure everything will run smoothly.
Step 3: Enter a Lock Screen Passcode
Okay, this is something you should already have set up on your phone or tablet. However, on the off chance you don’t lock your device with a passcode or password, do so now.
Ideally, you’ll want to use a fairly complex string of numbers or characters to set your passcode. However, keep in mind that you’ll need to remember AND enter this passcode every time you unlock your device, so try to find a happy medium.
Step 4: Begin the Encryption Process
While your phone is connected to the charger, do the following. (The menus on your device might differ a bit, depending on the Android version your device has installed and which company manufactured the device.)
1. Enter the “Settings” app on your Android device.
2. Tap the “Security” menu option in the Settings menu.
3. Find the “Encryption” section in the Security menu. There, you’ll see a menu option labeled “Encrypt Phone” (or “Encrypt Tablet,” depending on which device you’re encrypting.) Tap that.
4. On the next screen, you’ll see an explanation of what’s about to happen, and that you’ll need to unlock the device every time you wish to use it.
It will also mention that you’ll need to perform a factory data reset to decrypt your device, losing all of your data. In addition, it will warn you that your device must be charged and remain connected to the charger during the encryption process.If all of that doesn’t scare you off, tap the “ENCRYPT PHONE” button to begin the encryption process.
5. Go get a snack and your favorite beverage, sit down with your favorite book or Netflix show and wait awhile.
Be sure not to unplug or screw around with your phone while it is encrypting. Seriously. Leave it alone.
Your device will prompt you when the decryption process has finished, usually within the space of an hour or so.
Step 5: Enjoy Your Newly Encrypted Android Device
Once the encryption process is finished, all of the data stored on your Android device will be protected from the eyes of others.
File-Based Encryption
Android 7.0 and above supports file-based encryption (FBE). (For devices running Android 10 and later, file-based encryption is a requirement and should be enabled on new devices straight out of the box. However, if you have updated your device to Android 10, you will need to convert your device’s encryption to file-based.)
File-based encryption allows different files to be encrypted using different encryption keys, allowing the files to be unlocked independently.
Devices that offer support for file-based encryption also support Direct Boot, which allows a device to go straight to the lock screen when it boots up, allowing access to device features such as alarms, accessibility services and receiving calls.
By using file-based encryption and APIs (programming interfaces) that allow apps to be aware of file-based encryption, apps can operate within a limited context before a user has provided their credentials, while still allowing private user information to be protected.
If you buy an Android device with Android 7.0 or later installed, there’s a chance file-based encryption might already be in place. However, it isn’t required to be enabled on new devices until Android 10. Here’s how to find out if your device is already using FBE.
Go to “Settings” -> “Security” -> “Screen Lock” and tap your current screen lock setting. If “require PIN to start device” is an option, you’re running full-disk encryption and can convert to file-based encryption.
If you need to convert your device to FBE, please keep in mind that this process will erase all of your data, which will effectively factory-reset the device! This makes step 1 arguably the most important step of the entire process.
To convert your Android device to file-based encryption, do the following:
Step 1: Back It Up!
If you haven’t backed up your Android device, do it now. Always back up any electronic device before making a big change, like encrypting your device or updating the operating system. Especially in this case, as we’re erasing all of the data on your device.
It’s easy to back up your device, and the peace of mind a regular backup provides is well worth the amount of time it takes to perform a backup.
Step 2: Make Sure Your Device is Fully Charged
Make sure your device is charged to at least 80% of its full capacity. You’ll also want to keep your device plugged into a charger during the entire process.
Step 3: Enable Developer Options
You’ll need to enable Developer Options on your device to perform the conversion of your device to FBE. To do so, follow these steps:
Go to the Settings menu and find “About phone” or “About tablet.” Tap that.
On the About screen, find the Build number.
Tap the Build number field 7 times to enable Developer Options. After you tap a few times, you’ll see a countdown notification that says “You are now X steps away from being a developer.”
Step 4: Begin the Encryption Process
With your phone connected to the charger, perform the following steps. (The menus on your device might differ a bit, depending on the Android version your device has installed and which company manufactured the device.)
After backing out to the main Settings menu, find the “System” menu item. Tap that.
In the System menu, look for “Developer options.” Tap that.
Find the “Convert to file encryption” option. Tap that.
5. Wait while your device is converted. It will reboot when finished.
6. Restore your data and enjoy your device’s new file-based encryption.
What Have We Learned?
Before signing off, let’s take a quick look at what we’ve covered in this article.
If you want to ensure that the information stored on your Android phone or tablet stays safe from prying eyes, encrypting your device is one of the best steps you can take to protect your privacy, especially if the device is lost or stolen.
Encrypting your Android device covers the data on the device with a coating of encryption, rendering the information unreadable, unless the user enters their passcode or password, or unlocks the device using their fingerprint or other biometric unlocking process.
This is a security-enhancing step that all Android users can take to protect their personal data, and it’s particularly important for users that keep business-related information on the device.
Users should be made aware of a few drawbacks, which might affect the usage of their devices.
The main drawback for most users will likely be that they’ll see slower performance with their device, as encrypted data needs to be decrypted on the fly every time it’s accessed. The decryption requires more work by your device’s processor. This will be most noticeable with older or low-end devices.
If you turn on encryption on your Android tablet or phone, you cannot reverse the process. If you wish to decrypt the data, you’ll need to perform a factory reset of the device and start over completely. (However, some device manufacturers do offer ways to decrypt data. Check with your device makers before pulling the trigger on resetting your device.)
If you have rooted your device, as many users do in order to access advanced features of their device not normally available without root access, you’ll need to unroot your device. If you try to encrypt your Android phone or tablet while it is still rooted, you could run into problems, which could cause you to lose the data stored on the device.
Encrypting your device is not something you should try on your lunch or coffee break. The encryption process will usually take an hour or more to complete, depending on the speed of your device.
The Android encryption process is simple to perform, and merely takes a few taps of a finger. The main investment is time. Once the process has completed, other parties will not be able to access your device’s precious data unless they have access to your passcode or fingerprint.
The encryption process is a simple, yet important way to keep your personal and business-related information safe from crooks, hackers, government types and anyone else that would love to see what you have stored on your Android device.
Now, if you’ll excuse me, my postal carrier is here with a package. I think it’s the vintage Captain Midnight decoder I purchased on eBay.