Data Encryption

[jcarsw04]

Does anyone know if android automatically encrypts the data on on internal memory or SD card? It seems like a thief could just take out your phone's internal memory or SD card before you have the opportunity to remotely wipe the phone. I'm looking for something that will at least encrypt my data.

 

[funpig]

I don't think the SD card is encrypted. You can take your SD card out of the phone and see if your PC can read it. My sd card is readable on a PC. This is a risk with removable storage. You can get an app to remotely wipe your SD card. However, if the card is removed before you can do the wipe, there is nothing else you can do. With some phones that do not have SD storage, the phone access (and internal data) can be protected with the passcode and at least delay the unauthorized access until you have a chance to locate or wipe your phone.

 

[sgosnell]

No, Android is not encrypted by default. Google may give you some ideas for encrypting your devices.

 

[Saltine713]

Well the main reason people wipe phones is because of account data stored, like email accounts and whatever.

That's all internal memory. And getting to that externally is a lot harder.

 

[Shengxin]

Basically there are two approaches - either you encrypt the whole internal memory space/SD card or encrypt the individual files/app space.

Android 3 supports encryption better, however, it is mainly for tablets. More information on Android disk encryption can be found at Notes on the implementation of encryption in Android 3.0 | Android Open Source.

For the approach of encrypting individual file/app space, there are many apps available on Google play. Some apps offer to encrypt individual sensitive files, others help to protect sensitive information, like preventing some apps from being opened without a password like contact.

Hope this helps.

 

[sgosnell]

There is an app in the market that does full device encryption for Samsung Galaxy devices, but claims not to work on anything else. Most of the apps just do individual file encryption. The link posted by Shengxin discusses the implementation of encryption in the Android OS, and the barebone basics of how to write an app that will do the encryption, but it doesn't actually link to any apps. I'm somewhat surprised that there aren't more apps available for full device encryption. I may have missed some, but I didn't see anything other than the one for the Galaxy series.

 

[Shengxin]

I think the reasons that full device encryption isn't popular are:
1. Encryption is CPU and resource intensive. Android devices, especially the phones, are not high performance computing devices.
2. The Android OS itself has a lot of files, users might not want to encrypt everything. Encrypting/protecting a standard Android installation makes no sense. Personally I would like to only protect files/apps that I want to protect.
3. Encrypting the full device basically just provides one layer of protection with a password, while this can be somewhat achieved by an alternative solution like screen lock/password unlock.
4. Strong encryption algorithms themselves are very resource consuming, which will tax heavily on mobile battery. Using strong encryption against standard Android files is not useful.

 

[sgosnell]

I agree that encrypting system files is unnecessary, and in fact may be detrimental. But encrypting the entire data partition makes sense. You never know what files you may want to encrypt, and if you have them all encrypted, it's easier and thus more secure. It takes little or no more battery power and CPU resources to encrypt/decrypt a full volume than it does a single file. You don't do the encryption/decryption that often anyway. I'm encrypting my GalaxyS, and I see no difference in battery life nor performance with or without it.

 

[Shengxin]

It depends on the encryption algorithm used. Strong algorithms are very resource intensive. The link I posted above has one paragraph:
"From the UI, the user selects to encrypt the device. The UI ensures that there is a full charge on the battery, and the AC adapter is plugged in. It does this to make sure there is enough power to finish the encryption process, because if the device runs out of power and shuts down before it has finished encrypting, file data is left in a partially encrypted state, and the device must be factory reset (and all data lost)."

In the traditional Web scenario, HTTPS encryption is a heavy process as well. It is pretty common to have the server use a hardware accelerator.

 

[foxrider]

How about "Tor" have u tried it.... heard it encrypts the data of the phone and broswer

 

[Shengxin]

https://www.torproject.org/docs/android.html.en says
"Tor is available for Android by installing our package named Orbot. Orbot is an application that allows mobile phone users to access the web, instant messaging and email without being monitored or blocked by their mobile internet service provider. Orbot brings the features and functionality of Tor to the Android mobile operating system."


So it looks like it is an application for Web use only (not for encrypting the data on the device).

 

[Saltine713]

To those that say encryption is needed on Android is pretty odd. You shouldn't have any sensitive info that you need you think to have encrypted on a mobile device.

Encryption on a mobile platform is severely limited regardless of what apps say they can do. What if that developer built in a back door? Honestly, leave that to servers or larger computers at home.

I run 2 internet connections in my home. 1 is for normal use, like Wifi with my phone and whatnot, with full security on that with a random set of keys I mashed.

The second internet connection is encrypted and is basically like a hardline directly to my office, it isn't connected to the internet. It's basically like a very very large VPN that only works with 2 computers at one time. Therefore, I know that my stuff is safe 100% of the time. Also encrypted on both ends.

So really, just be weary of anything on your phone or tab. Don't store anything on there you would think you need encrypting.

 

[SpyglassSally]

I am wondering if the data encryption is tied to the SD card or the files? I am trying to help someone who encrypted their Razr (including external SD card files), had to reset her phone, and now the phone won't recognize her PIN. (It's unclear to me if it won't recognize it or if she's just not remembering it.)

As a "worst case" can she copy the encrypted files to her pc, format her card so she can use it, and at some point in time (if she remembers it) copy the files back to the reformatted card and decrypt them?

 

[colmmcgrath]

Automatic encryption is not supported by the android

 

[SpyglassSally]

As a warning to anyone thinking of using Motorola's encryption, I would say depending on the type you choose, you run the risk of losing your data forever if your device requires a reset or fails and you have not backed up your unencrypted files.

I posted about this here on Motorola's forum and FoxKat found the following:

Here's what I've found so far:

Files encrypted on the RAZR (newly fastbooted to .173), and with Password encryption, will not read in the RAZR MAXX with no lock screen Password, even though it asks for the Password when the card is inserted.

Files transferred from phone with encryption enabled to PC via USB Mass Storage, USB PC mode, or via Motocast USB will not open on PC, but will open on that phone normally.

Card removed from original phone with encryption and then reinserted into that same phone responds to password on lock screen and files open on that phone normally.

I have been unsuccessful in getting a decrypted copy of the file to the PC from the encrypted phone and card.

I transferred encrypted files to the PC but they would not decrypt with a third part AES 256 utility.

Those encrypted files then transferred back to the encrypted phone open normally.

If the encrypted card is inserted and the password is bypassed, the card is completely inaccessible (though I did not do a reboot of the phone, so I am still undecided on this).​

So I'd be very careful if you choose to do this. My choosing to make your data "secure" you may, in fact, be making it highly vulnerable to irretrievable loss.

 

[mystique]

Why not try SecretVaultpro?
https://play.google.com/store/apps/details?id=com.mystique.secretvaultpro&feature=search_result#?t=W251bGwsMSwxLDEsImNvbS5teXN0aXF1ZS5zZWNyZXR2YXVsdHBybyJd