Related
Hi! I managed to compile a bionic version of cryptsetup with libcrypto instead of gcrypt, and I put it inside Steam Kernel, so anyone can play with it. This is actually not new to android, as from Froyo, the APKs that can get installed on the external SD, are actually also uding dm-crypt, although they are doing through vold, and not via device-mapper. It is actually strange, that Android has filesystem encryption on inside the kernels by default, but they are using it to keep us out from the system, and not actually to make other people get inside the system more harder.
In Steam Kernel, you can now chose to apply filesystem encryption to any of the 3 main partitions (cache, data, dbdata). The password can be entered using the screen by one, or multiple Swypes (up to 255 elements). Each swype creates a word, and words will be separated by "_". This mechanism was invented, as with this one can potentially achieve a good-enough entropy (although I'm not a cryptoanalyst), than by for example a simple PIN code entry box.
If you worry about speed, quadrant scores are around 1400 if using ext4+crypt, so they're still better, than stock rfs. I can't say much about battery life yet.
This feature is beta however, so don't rely valuable data to it yet, as it hasn't been throughly tested yet. (ancrpytion should be fine, I'm actually worried about data corruption).
The way to secure android is not yet finished however. I'm trying to find a way to secure adb, even if it's running root mode. (as running adb in root mode is good for debugging, but bad for security).
Questions on this topic is welcome.
Very impressive stuff, and still opensource.
It's a real innovation, congrats!
sztupy said:
The way to secure android is not yet finished however. I'm trying to find a way to secure adb, even if it's running root mode. (as running adb in root mode is good for debugging, but bad for security).
Click to expand...
Click to collapse
First weak security point for the Galaxy S phones is definitely the ability to flash anything with Odin.
As you cannot trust, well... anything your Filesystem Encryption approach is definitely the good one!
Other current weak point is the adbd exploit (rageagainstthecage) - so easy to use. I guess you can replace adbd in your ramdisk by the Gingerbread one, which is not vulnerable, if not done already
Yes this is really impressive man...
You should be hired by samsung to set there software ass rite :-D
Sent from my GT-I9000 using XDA App
supercurio said:
First weak security point for the Galaxy S phones is definitely the ability to flash anything with Odin.
As you cannot trust, well... anything your Filesystem Encryption approach is definitely the good one!
Other current weak point is the adbd exploit (rageagainstthecage) - so easy to use. I guess you can replace adbd in your ramdisk by the Gingerbread one, which is not vulnerable, if not done already
Click to expand...
Click to collapse
You would still lose the benefit of being secure + having the comfort of adb root. I'm more into the fact you have to login to the phone in order to use adb, just like you have to login to a real linux.
sztupy said:
You would still lose the benefit of being secure + having the comfort of adb root. I'm more into the fact you have to login to the phone in order to use adb, just like you have to login to a real linux.
Click to expand...
Click to collapse
I meant, for general security, we can replace the vulnerable adbd by a non vulnerable updated one - just that -
I feel your title could have security under [ ]. More noticiable.
AS I SEE IT NOW. supercurio's THANK's meter stands at 666. ROFL...
EVIL
Seems really great !
I'm not sure about a thing : Does this work when you power on the device (ie, you'll have to enter a pass to make it boot to Android), or before to be able entering into recovery ? Or none of these two things, and I totally misunderstood what you're saying ?
I was about to make a request to Koush if he could add some (basic?) security system to his recovery, as if you phone is stolen, they even won't be able to reflash a new rom.
This security layer + WaveSecure or any similar soft, and you would be sure that even if you phone is stolen / lost, nobody will be able to use it
Anyway thanks for your big stuff, will look deeper for sure when I'll get some free time, but your steam package seems amazing
Cheers
This works when you want to mount the partition. (eg at every boot). The partition can not be mounted wirhout a password ever
Amazing project. Good work.
Now wait just a moment...why would you encrypt those directories, when you alone (the user) are responsible for giving applications certain permissions. I mean...you agree to giving access to your Radio, messages and...whatever when you install applications, but then you want to encrypt certain directories. Why? You've already installed a trojan or a root kit and given it permission to do whatever it wants to do. That's the main security issue.
If your phone gets stolen they can't access your data.
Sent from my GT-I9000 using XDA App
... But another issue! Great work, Great project!
Edit: to slow, I was referring the post 2 above
sztupy said:
This works when you want to mount the partition. (eg at every boot). The partition can not be mounted wirhout a password ever
Click to expand...
Click to collapse
And I guess the partition has to be mounted if you want to flash another rom (By recovery, Odin, Kies, whatever) ?
If it's the case, then it's really really great !!!
No, if you're flashing a new ROM, you don't have to mount the partition. But the point is that nobody can read your data from the partition - that's the security risk sztupy is trying to prevent.
kidoucorp said:
And I guess the partition has to be mounted if you want to flash another rom (By recovery, Odin, Kies, whatever) ?
If it's the case, then it's really really great !!!
Click to expand...
Click to collapse
When you flash a new rom the data will be inaccessible (unless it's a steam rom and you know the password, or you can dump the partition AND know the password. Without the password the data can not be accessed, as it's AES encoded there).
This means that if you use all the security feautres inside Android (lockscreens, pin code, etc.), and use this too, and you don't allow adb to be run as root, there is actually no way of accessing your data (unless you can circumvent the security provided by Android, like the lockscreen), not even by flashing a new ROM.
Good work these kind of improvements make android better and better. I think the phones should be encrypted from the factory.
Great idea
If I might suggest though - can you make it so that it turns off decryption a couple of minutes after the screen is locked so that you have to enter the code again? Otherwise if the unit is on and stolen and never rebooted...
Being in Healthcare related IT I can say you'd have a product that is in severe need if any doctors really want to start using an Android tablet.
@sztupy
This is simply the best thing to happen to my SGS I've ever heard.
I can not test it right now (running 2.2.1 Darky's mod) but I have some questions about the security.
- What type of encryption is used? 128/256? weaker?
- Is it possible for you to figure how to use this encryption with different kernels/mods? We're talking about quite big a deal breaker for lots of people here. Perhaps even a separate app? I almost bought a blackberry as a second phone *kugh kugh* because android lacks encryption I so hardly need.
Sierra November said:
@sztupy
This is simply the best thing to happen to my SGS I've ever heard.
I can not test it right now (running 2.2.1 Darky's mod) but I have some questions about the security.
- What type of encryption is used? 128/256? weaker?
- Is it possible for you to figure how to use this encryption with different kernels/mods? We're talking about quite big a deal breaker for lots of people here. Perhaps even a separate app? I almost bought a blackberry as a second phone *kugh kugh* because android lacks encryption I so hardly need.
Click to expand...
Click to collapse
As already stated Android already uses dm-crypt for encrypting the application data on the external sd card, so in theory any kernel can actually use dm-crypt. Originally Android kernels only support aes-plain (which is AES-128 I think), and that is what you can use on probably every 2.2+ android (and even on some 2.1 too). (You can get a stronger encryption if you compile a better kernel as aes-plain has some weaknesses).
The hard part is actually not the encryption therefore (You just have to run cryptsetup before init, which is very-very similar of the process of creating "lagfixes"), but the fact that you'll need a way to enter the password every run. The latter is problematic, as you'll need to access the framebuffer to show the user the pin code panel, then leave the framebuffer in a state, so Android can boot from it without problems. On SGS, and probably all SGS based devices (including the Nexus S), this is already accomplished (in steam kernel). On other devices it might work too, but the framebuffer support might need to be rewritten. On other devices the fact that they use yaffs2 might also pose problems (as yaffs is working on a block), but that can be circumvented using a few tricks (like creating loop devices, putting the /data partition on the sd card, etc.)
Question: I have the Dev Edition Note 4 and am looking for the lock screen fields in SQLite, since they seem to have moved. Does anyone know where they are located now?
Reason: When encrypted, as we all know and hate, you have to use a password with a special character.... That you also have to use as the lock screen... Which sucks. It would be pretty handy to have the scanner for unlocking the screen and the password for decryption on boot.
Background: On the Note 3 you could use SQLITE to change LOCKSCREEN_PASSWORD_TYPE to different codes which enabled the different types of password. For instance 131072 was for PIN. After encryption was in place I was able to change the lock screen type to PIN. However, since no PIN was used during setup it would just act as if any entries didn't match. I want to see if changing to fingerprint scanner would work since the fingerprints, or password in this case, are stored in the phone prior to the change. Hopefully making it so lock screen can be unlocked much easier while encrypted.
Thanks everyone.
Just an update to this for anyone who likes to, or needs to, have FDE enabled on their devices.
If you setup your fingerprint unlock and use a file explorer to go to data/system/ you will see three files called lockscreen.db two in which say -shm and -wal after. Copy those to the SD card.
Then make your way to Terminal Emulator and run the command pkill -KILL daemonsu . This will kill superuser. Making the FDE actually run.
After encryption is complete you can take the lock settings files saved earlier and copy (replace) them back to the data/system/ partition.
That's it. When booting you will have your strong password and be able to use the scanner for screen unlocks.
Now this only works for for device encryption. SD cards seem (?) to decrypt after the boot process and this causes them to not mount correctly. One of the times I was toying around with it the files on the SD were actually corrupted and unrecoverable. So make backups and all that if you decide to figure that out. I typically use encryption manager for things that I want to encrypt on the SD card anyway. Since I use the card in several devices.
Hope this helps anyone who wants or needs FDE on their Note 4 Devs.
Fingerprint scanner is not displaying note 4 - android 5.1.1
blubyu87gt said:
Just an update to this for anyone who likes to, or needs to, have FDE enabled on their devices.
If you setup your fingerprint unlock and use a file explorer to go to data/system/ you will see three files called lockscreen.db two in which say -shm and -wal after. Copy those to the SD card.
Then make your way to Terminal Emulator and run the command pkill -KILL daemonsu . This will kill superuser. Making the FDE actually run.
After encryption is complete you can take the lock settings files saved earlier and copy (replace) them back to the data/system/ partition.
That's it. When booting you will have your strong password and be able to use the scanner for screen unlocks.
Now this only works for for device encryption. SD cards seem (?) to decrypt after the boot process and this causes them to not mount correctly. One of the times I was toying around with it the files on the SD were actually corrupted and unrecoverable. So make backups and all that if you decide to figure that out. I typically use encryption manager for things that I want to encrypt on the SD card anyway. Since I use the card in several devices.
Hope this helps anyone who wants or needs FDE on their Note 4 Devs.
Click to expand...
Click to collapse
Hi, i have a big trouble with my note 4, i had a fingerprint lock screen with a pin pass in case of emergency; the phone just got locked with no reason and it doesn´t show me the fingerprint option and doesn`t get any pin. Im out of my phone, i don`t know what to do, i took some photos yesterday that i need for my job urgently, could you help me?
A while ago my SD card apparently stopped working and my phone asked me to format it to be used as internal storage, wiping all of the data on the card. I was pretty annoyed but after that I had no problems. Recently I removed the SD card as I was going to root my phone with the All in One Toolkit and it seemed to work until I opened SuperSU and was told I had no SuperSU binaries. (I'm not sure if this is relevant but I thought I would mention it just in case).
I then went onto Google Chrome and tried to save a random image and was prompted to overwrite *completely random image name* in documents. No matter which option I hit (overwrite or create new file) I am given the notification it has downloaded but if I tap it then I'm just taken to a black screen with a triangle and an exclamation mark. When I go into the file manager and go to internal storage there is absolutely nothing in there.
I thought this might have something to do with the SD card so I put it back in but was again prompted to format it, so this time I did it as removable storage and it hasn't made a difference. Any ideas?
Android Version 6.0
Software Number 6.13.206.5
If you need any more info let me know.
Thanks!
dezzybird said:
A while ago my SD card apparently stopped working and my phone asked me to format it to be used as internal storage, wiping all of the data on the card. I was pretty annoyed but after that I had no problems. Recently I removed the SD card as I was going to root my phone with the All in One Toolkit and it seemed to work until I opened SuperSU and was told I had no SuperSU binaries. (I'm not sure if this is relevant but I thought I would mention it just in case).
I then went onto Google Chrome and tried to save a random image and was prompted to overwrite *completely random image name* in documents. No matter which option I hit (overwrite or create new file) I am given the notification it has downloaded but if I tap it then I'm just taken to a black screen with a triangle and an exclamation mark. When I go into the file manager and go to internal storage there is absolutely nothing in there.
I thought this might have something to do with the SD card so I put it back in but was again prompted to format it, so this time I did it as removable storage and it hasn't made a difference. Any ideas?
Android Version 6.0
Software Number 6.13.206.5
If you need any more info let me know.
Thanks!
Click to expand...
Click to collapse
Did you update the binaries?
xunholyx said:
Did you update the binaries?
Click to expand...
Click to collapse
I was never given an option, it said they couldn't be installed by the app. I was going to try the fix where you install them directly by saving a zip to your phone's internal storage and then installing it but then I noticed the problem with my internal storage.
dezzybird said:
A while ago my SD card apparently stopped working and my phone asked me to format it to be used as internal storage, wiping all of the data on the card. I was pretty annoyed but after that I had no problems. Recently I removed the SD card as I was going to root my phone
Click to expand...
Click to collapse
When you chose to make the SD a part of internal storage (known as the new "adoptable storage" option in Marshmallow), you merged it (with the phone's internal storage) as part of the data partition. Then you yanked out a part of that partition, by removing the SD (and why you did that in order to root, I don't know).
I'm not too familiar with what happens (or is supposed to happen, anyway) when you choose adoptable storage, then remove the SD. But I think its safe to say, that resulting storage issues is not a surprise.
dezzybird said:
I was going to root my phone with the All in One Toolkit and it seemed to work until I opened SuperSU and was told I had no SuperSU binaries. (I'm not sure if this is relevant but I thought I would mention it just in case).
Click to expand...
Click to collapse
The toolkit hasn't been updated in over a year, and causes many issues for that reason. It hasn't been updated for Marshmallow (Android 6) and therefore can't root MM. Toolkit also contains an obsolete version of TWRP which will also cause some issues.
Good rule of thumb: whenever rooting an Android device, you should be sure to use updated methods; and verify the method works with your Android version.
Since you have TWRP installed, try going to the Wipe section in TWRP. Then select the button that says "Format Data" and see if that helps your issue with writing to internal storage. Do not select to wipe any other things in the Advanced section of Wipe (another rule of thumb - if you don't know what it is don't wipe it. For instance wiping "System" will delete the OS entirely).
Of course, formatting data will cause any data to be lost. So backup accordingly (if there is anything left) before you format data.
Once you have the storage issue sorted out (hopefully the above helps), ditch the toolkit, and do the following steps manually:
1) Unlock bootloader (should already be done)
2) Flash TWRP 3.0 with fastboot
3) Flash SuperSU 2.65 in TWRP, to properly root
Aye, I couldn't find an alternative to the toolkit so I just ran with it but I guess I've learned that lesson.
I've managed to sort the issue now so I'll post what I did here for any people who may happen upon the thread in future. I'm still not sure what caused the issue in the first place; maybe it was the memory card, maybe I selected the wrong thing to wipe in TWRP, maybe it was the toolkit or maybe a bit of everything because I'm stupid.
Before I discovered the issue I was going to install the SuperSU binaries manually (since they didn't install for some reason) and install a custom ROM, so I decided to just go ahead with it. After flashing the ROM and then SuperSU.zip everything worked fine and I had a fully rooted phone running Cyanogenmod. According to the guide I was reading I had to wipe a number of things (the Dalvik Cache, System, Cache, and Data) anyway so I don't think it mattered that I had somehow erased the internal memory as it seemed to be reinstalled with the ROM. This is just a guess though, all I know for sure is it's fine now (fingers crossed).
So next time I'd just use the toolkit to help unlock the bootloader and maybe flash a recovery as that seemed to work fine, but manually flash SuperSU.zip to root yourself in case the toolkit is what broke it.
Thanks for your help!
dezzybird said:
Aye, I couldn't find an alternative to the toolkit so I just ran with it but I guess I've learned that lesson.
Click to expand...
Click to collapse
The best way to achieve bootloader unlock and root is to just do the steps manually.
You don't need a toolkit to do these things. Anyone that can follow instructions and type a few fastboot commands can do it.
All that folks need to do it manually is here. Everything in Section 1 is valid, with the exception that the TWRP version number in the command needs to (obviously) match the number you are trying to install (the example given in the guide is an older version). Some things in Section 2 and 3 are obsolete (s-off method, firmware version) but that's irrelevant in this case (and for most folks) since those things aren't necessary to unlock the bootloader, root, or flash custom ROMs.
dezzybird said:
Before I discovered the issue I was going to install the SuperSU binaries manually (since they didn't install for some reason)
Click to expand...
Click to collapse
What do you mean "for some reason"? I told you the reason. The toolkit uses an old, long obsolete version of SuperSU that existed before MM. It therefore can't root MM, and there is no reason to believe it would. New Android builds often (almost always) require new root methods, and old versions of SuperSU are usually going to cause you trouble. That is why you should always research the current root methods, when trying to root.
dezzybird said:
After flashing the ROM and then SuperSU.zip everything worked fine and I had a fully rooted phone running Cyanogenmod.
Click to expand...
Click to collapse
You don't need to root after flashing a custom ROM, they are already rooted.
You also don't need to root in order to flash a custom ROM. Unlocked bootloader and custom recovery is all you need to flash custom ROMs.
dezzybird said:
According to the guide I was reading I had to wipe a number of things (the Dalvik Cache, System, Cache, and Data) anyway so I don't think it mattered that I had somehow erased the internal memory as it seemed to be reinstalled with the ROM. This is just a guess though, all I know for sure is it's fine now (fingers crossed).
Click to expand...
Click to collapse
These are not correct assertions. Doing the default wipe in TWRP (it says most of the time, this is all that is needed, and it means it!) doesn't touch internal storage.
On a similar note, flashing a ROM doesn't touch internal storage, either. It just flashes system partition and boot.img partition.
dezzybird said:
So next time I'd just use the toolkit to help unlock the bootloader and maybe flash a recovery as that seemed to work fine, but manually flash SuperSU.zip to root yourself in case the toolkit is what broke it.
Click to expand...
Click to collapse
I'd strongly advise against using the toolkit at this point, or suggesting to others to use it. As I've already tried to explain (but you seem to be ignoring) the components of the toolkit are woefully obsolete. By the time you flash recovery manually (with fastboot) and manually flash the proper version SuperSU, there isn't much of value that the toolkit does. The bootloader unlock procedure via HTCDev.com is pretty self-explanatory (and the guide I've posted explains whatever isn't already obvious). And is justifiable to say that if you can't handle doing these things manually, you probably shouldn't have root.
I was just stating what I did to fix the issue and what I would have done instead with the same amount of knowledge I had when I started. I did search for stuff like "how to root HTC One M8 2016" and whatnot and the toolkit showed up in like the first 4 results, plus it was linked in the sidebar of the Android subreddit as the go-to option so I assumed I'd be good to go but apparently not.
After I flashed the ROM I didn't see SuperSU which I had been led to believe was what signified if the phone was rooted (if you had SuperSU > Rooted. If not > Not rooted) but apparently not. Like I mentioned, this was my first time rooting a device and I was kinda winging it as a learning experience, hence not doing things optimally (or particularly right)
Thanks for the info, that'll definitely make things easier next time!
dezzybird said:
I was just stating what I did to fix the issue and what I would have done instead with the same amount of knowledge I had when I started.
Click to expand...
Click to collapse
And what I am saying is: what you stated you "would have done instead" (or do "next time") is in fact not the correct thing to do.
Also, when you say "this is what I would have done" it read strongly like a suggestion to others what "they should do".
Just trying to prevent obvious pitfalls for both you and others in the future.
dezzybird said:
I did search for stuff like "how to root HTC One M8 2016" and whatnot and the toolkit showed up in like the first 4 results, plus it was linked in the sidebar of the Android subreddit as the go-to option so I assumed I'd be good to go but apparently not.
Click to expand...
Click to collapse
My advice would be to stick to XDA, and just use the search function here; or simply browse the forums. Reason being, randomly Googling for root methods will often yield random "root" websites with poorly organized, outdated information; which is often just stolen from XDA in the first place.
The question (and answer) of rooting this device pops up pretty frequently; as well as common pitfalls, solutions, etc. While the forums may be a bit intimidating to work through, the answers are all here; and not hard to find, once you become accustomed to how the forum is organized.
dezzybird said:
After I flashed the ROM I didn't see SuperSU which I had been led to believe was what signified if the phone was rooted (if you had SuperSU > Rooted. If not > Not rooted) but apparently not.
Click to expand...
Click to collapse
The knowledge in the following 2 paragraphs are fairly esoteric, but proboably could have been found in the CM thread or other threads:
CM has a slight oddity to it (and I'm sure its devs have there reasons) versus many other ROMs (but you may find a similar thing in other AOSP based ROMS) in that the ROM is pre-rooted, but root access is toggled "off" by default. To turn it on, do to phone's Settings>Developers Options, and there you find the option to toggle root on or off (default is off).
If you don't see Developer Options in Settings, its a bit of a quirky Android trick to make it appear. Go to Settings>About>Software information>More, then tap the "Build number" 7 times, and you will see a toast message that "You are now a developer" (yeah, that is what it really says!) and the option is now available in Settings.
Hey,
I don't remember but one rom which I tested encrypted my storage, I know the pattern key to unlock it but it's very irritating. What's more... I'm on xiaomi.eu rom now and I updated it yesterday up to latest version. It was dirty updated. Just downloaded package and updated form twrp. After reboot some apps don't want to open or they are opening like 5 minutes, literally! Apart that I can't access internal storage neither on phone nor at computer. Camera can't make photos cause there is no storage at phone.
What happened? How can I decrypt storage to get rid of this pattern while booting or flashing roms?
And what happened to. rom after update?
Can you help me guys?
I think flashing SuperSu then going to settings (in ROM) and disable security then reboot should disable it, worked once for me, but another time it didn't.. I think this feature is called secure boot or secure startup
Hello!
This is my first post in this forum, please be indulgent if I don't understand some stuff or abbreviations immediately.
I recently bought a Galaxy A3 2017 (SM-A320FL) to replace my old one with shattered screen and back cover. I tried the new Poco X3 for two weeks, but I wasn't satisfied with it since it was just wayyy too large for me, and also the phone speaker was unbearably loud (all people around me could follow the conversation on phone, even on lowest volume), which then led to the decision of sending it back and buying another used A3 2017 in good condition, as I was very satisfied with it, except of limited internal storage which continued to be an issue over months and years. And since the spare parts would have cost the same as the smartphone costs used at the moment, the decision was easy.
To avoid the single problem I had with the old phone, I wanted to root the phone right from the start so I could adopt the SD card as internal storage and/or change the folder some apps (especially WhatsApp) are storing their data and media in. Since the phone is factory reset and I have the other one which is still functioning, I don't have to take much care while trying things, which is great. I took yesterday evening until late night for that plan, and although a lot of threads and posts I read said that rooting the stock OS with latest update of Android 8 is not possible, I did it after some trial and error with flashing the custom recovery TWRP through Odin and then flashing SuperSU through TWRP. If a tutorial is needed, I'd happily write down how I did it, just ask.
But I still have a problem with adopting the storage. And as far as I understood, this is related to the storage encryption of Android/Samsung. Please explain if someone knows, I'd really like to understand the mechanisms that make all of this so laborious. I tried to mount the storage in TWRP when I started it first after flashing (it persists btw, as some people said it is gone and no recovery system can be found after the phone booted normally once, why?), but ran into the problem of "internal storage (0MB)". This was solved by wiping it, then I was able to mount the SD card as internal storage and the internal storage also was shown with a reasonable size in MB. I then started the phone which was obviously factory reset by the wiping. Unfortunately I couldn't see any results in the OS (does stock Android or file manager even show these changes in some way?) and also noticed the adopted storage was not anymore adopted when inspecting it in the TWRP recovery and again the internal storage was at 0MB. I then stumbled upon the app "Root Essentials" which is said to be able to adopt the storage, but needs a zip file which must be flashed by the recovery for that process. I tried it, but the flashing process does not work, as it can't find an installation of the app - my guess is, that this also is related to encrypted storage and the 0MB problem, how should the flash be able to look for something in encrypted space?
Soo, my problem now is, that I want to adopt the storage and don't know how to continue & where to begin. I also don't know if that app "Root Essentials" is any good, just read it at several places while googling so gave it a try. The phone is rooted with TWRP (0MB problem persisting) and stock OS now, and the adoptable storage per se is no must-have for me - if there is any other solution to migrate apps and more importantly their data to the SD card, please let me know, I'd be perfectly fine with that also.
Thank you!
Flo
Hey there Flo,
I am facing the same issues like you, always having to clear up space (e.g. Chrome cache) because the internal storage is not enough for the apps. And you cannot move many of the apps to the SD card, only their data. Last time I had to rermove Teams altogether because it was eating up 500+MB, and I couldn't afford it anymore as the free space dropped below 600MB.
Sooo, here are some basics I have learnt while looking for solutions.
Current custom ROMs are not an option for me as I use this phone for banking and production tasks, and I could not find any of them stable and issue-free enough to switch from the stock one.
The stock ROM is full of bloatware, especially Samsung stuff I do not need, and some others, like the Facebook app. However, you cannot extend internal storage with your SD card as Samsung does not allow this, and this is impossible with the stock ROM.
So I am stuck here, as I cannot leave the stock ROM, but I am constantly running out of space. Currently, I have rooted my device and installed TWRP, too, and I am planning to try one of the debloated stock ROMs to see if they can solve at least my problem with running out of free space on the internal storage.
In any case, what I can confirm is that you either have the stock ROM, and then you can only install apps on the internal storage, or if you want to extend your internal storage with the SD card, you'll have to choose one of the custom ROMs that allow this and wave goodbye to Knox and some other features.
I hope the above helps.
Hi!
Thanks for your detailed answer!
I didn't find a way to adopt the storage persistently, and I think at this point I'll just take your word that it won't be possible with the stock ROM. I knew that the stock ROM adopt storage option isn't able to be brought back by some adb shell commands as it was possible earlier (until 6.0 Marshmallow I think), but I thought that it maybe is possible by tricking the storage the OS sees with the mount in TWRP before the first start. Doesn't seem to work at all (for mostly unknown reasons, at least for me ).
And same for me, I don't know if the custom ROMs nowadays are better a lot, but doesn't sound like that as you described it. I flashed Resurrection Remix on my Galaxy S4 a few years ago, and although I liked the customizability and slimness, I too often ran into bugs and errors with it, which is why I abandoned the phone in the end.
However, I kind of found a fix I can live with on the SM-A320FL: I downloaded Link2SD from Playstore and also upgraded to the plus version, which is reasonably priced. This enables to also store app data on the SD card. I tried it with the 64GB SD card I had rolling around, partitioned it with MiniTool Partition Wizard following this guide to conform Link2SD requirements, and it worked perfectly. I also uninstalled all sorts of bloatware, and as far as i saw the shift to external storage of the apps I tried works fine. All data, including app, cache and app data is moved (and/or linked, not sure) to the ext2 partition on the SD card (which is shown to be a broken partition in Android storage settings btw, but that's fine). If any, only <1KB of file size per app remains in internal storage, which seems great!
I am currently waiting for my ordered 256GB SD card (U3, A2) to arrive next week, then I will do the full port from the old to the new A3 and I'll see how WhatsApp and Spotify behave being stored in external storage. Hopefully Link2SD is able to shift them, especially WhatsApp, since that was the main factor in cluttering the internal storage very fast and efficient.
If the Link2SD doesn't work for WhatsApp media, I'll give FolderMount a try, the direct mount then seems to work for many.
Since you mentioned it: What are the great features of Knox? The secure folder? Data encryption by screen lock? I can't remember using Knox features knowingly in the past three years. Is Knox not already blown by flashing a custom recovery?
Thanks for your help!
Flo
The internal storage data partition not mounting in TWRP is due to the partition being encypted when Android is booted, but also due to quota being enabled and latest version of TWRP for this phone (3.2.3-0 AFAIK) being unable to mount this. Fix for this is to flash a zip from Zackptg5 which disables both these options. See https://forum.xda-developers.com/t/...y-a3-sm-a320f-fl-y-2017.3562302/post-79260952 for full details
I see that OrangeFox is available now (https://orangefox.download/device/a3y17lte), so maybe this is able to mount without these problems, I am going to flash this soon so I will let you know!
FYI I am using H-ROM by Astrako. Very close to stock (it is a port from the A7) and seems to work well. VoWiFI is working in this ROM which was essential for me.
lastsaskatchewanpirate said:
The internal storage data partition not mounting in TWRP is due to the partition being encypted when Android is booted, but also due to quota being enabled and latest version of TWRP for this phone (3.2.3-0 AFAIK) being unable to mount this. Fix for this is to flash a zip from Zackptg5 which disables both these options. See https://forum.xda-developers.com/t/...y-a3-sm-a320f-fl-y-2017.3562302/post-79260952 for full details
I see that OrangeFox is available now (https://orangefox.download/device/a3y17lte), so maybe this is able to mount without these problems, I am going to flash this soon so I will let you know!
FYI I am using H-ROM by Astrako. Very close to stock (it is a port from the A7) and seems to work well. VoWiFI is working in this ROM which was essential for me.
Click to expand...
Click to collapse
Did “orange fox” work?
King p1n said:
Did “orange fox” work?
Click to expand...
Click to collapse
Yes, with OrangeFox I didn't need to flash the zip file from Zackptg5 which removes quota. I didn't get on with the latest H-ROM 6.0 (too many niggles, particularly ambient light sensor doesn't work so no adaptive brightness; fingerprint scanner doesn't work in apps; video call doesn't work in WhatsApp), but OrangeFox worked really well, definitely recommend it. Sorry for not remembering to come back and update sooner!
lastsaskatchewanpirate said:
Yes, with OrangeFox I didn't need to flash the zip file from Zackptg5 which removes quota. I didn't get on with the latest H-ROM 6.0 (too many niggles, particularly ambient light sensor doesn't work so no adaptive brightness; fingerprint scanner doesn't work in apps; video call doesn't work in WhatsApp), but OrangeFox worked really well, definitely recommend it. Sorry for not remembering to come back and update sooner!
Click to expand...
Click to collapse
Thank you
Which rom do you use and recommend?
Or can orange fox be used with the stock rom?
Doing this on behalf on a friend who is struggling with storage issues, been years since I’ve touched android
King p1n said:
Thank you
Which rom do you use and recommend?
Or can orange fox be used with the stock rom?
Doing this on behalf on a friend who is struggling with storage issues, been years since I’ve touched android
Click to expand...
Click to collapse
Currently I use H-ROM 2.0 (https://forum.xda-developers.com/t/...7-port-v2-0-pie-oneui-64-bits-treble.3940532/) which works well. Only two main niggles that I might change back to stock - video doesn't work in WhatsApp (but is OK in WhatsApp Business) and some VoWiFi calls have echo, but this might just be normal for VoWiFi, not had echo on normal cell network calls. Stock ROM is now available with Android 8 (Oreo) so when I have time I was intending to try that again, maybe with debloat to remove some of the stock apps.
I would recommend OrangeFox, and although I started with TWRP and flashed this over the top, I think you should be OK to just flash this straight from Odin. TWRP would only flash in old version of Odin, I would guess OrangeFox maybe would be the same. Flash in AP using older version Odin3 v3.12.10. Untick auto reboot, when complete power off with vol down + power, then force to recovery using volume up, home and power
lastsaskatchewanpirate said:
Currently I use H-ROM 2.0 (https://forum.xda-developers.com/t/...7-port-v2-0-pie-oneui-64-bits-treble.3940532/) which works well. Only two main niggles that I might change back to stock - video doesn't work in WhatsApp (but is OK in WhatsApp Business) and some VoWiFi calls have echo, but this might just be normal for VoWiFi, not had echo on normal cell network calls. Stock ROM is now available with Android 8 (Oreo) so when I have time I was intending to try that again, maybe with debloat to remove some of the stock apps.
I would recommend OrangeFox, and although I started with TWRP and flashed this over the top, I think you should be OK to just flash this straight from Odin. TWRP would only flash in old version of Odin, I would guess OrangeFox maybe would be the same. Flash in AP using older version Odin3 v3.12.10. Untick auto reboot, when complete power off with vol down + power, then force to recovery using volume up, home and power
Click to expand...
Click to collapse
just to clarify I could use Orange fox with stock rom and enable adopted storage? So I can use SD for apps when necessary.
I did get adopted storage working of sorts, but certain screens were missing from storage in the setting menu (I think Samsung didn't include or removed these as the phone was not intended to work with Adopted Storage), so it would crash when trying to perform certain actions. I can't actually remember now if you could move apps to the Adopted Storage using the standard system menus, it was so flakey that I stopped using that and switched to using Link2SD (which I had already used before so had a Plus license for) and this does exactly what I needed. These are the steps I used to get Link2SD working: https://forum.xda-developers.com/t/app-1-6-link2sd.919326/post-82757807. I don't think you need the Plus version, but it doesn't cost much, removes the ads and lets you move a few more files. Hope that helps