I is it possible to use the fingerprint reader to unlock the phone with encryption turned on?
I would like to setup Tasker to force a reboot after 3 failed login attempts, thus forcing encryption on and the use of a strong password. But, if I have to use a strong password to unlock the phone every time I use it, I don't want to turn on encryption.
gscrypt can be used (root required) to setup different passwords to unlock vs. decrypt. Is there something similar for enabling the fingerprint sensor?
Related
If you use device encryption, do you then have to enter a password each time you turn the screen on, or only each time you power the phone on after it had been powered down?
And can you later decide to undo the encryption?
After further searching, I've discovered that the device-encryption password is only entered when the device powers up (reboots). However, the UI forces the same password to be used for the unlock screen as for the device encryption, so it's just as though the device-encryption password has to be used for each unlock. (There are hacks to work around that restriction, but they require rooting.)
New question for anyone using device encryption, please: Are you still able to set a long delay (up to one hour) before the lock screen engages, or does it always engage immediately when the device is encrypted, requiring password entry each time you pick up the phone?
Also, still wondering if anyone who's tried it knows whether device encryption can later be reversed/disabled. If so, I'll just go ahead and experiment. But I'd rather not do so if I'd have to factory-reset in order to undo it.
I'd like to enable Google Smartlock for passwords on my Google Pixel C, but when I was running Android N, under Settings/Security it shows my device as encrypted with no option to turn it off. So, I reloaded MM, N still has a lot of bugs I don't feel like messing with on an everyday tablet, but even under MM my device is encrypted with no option to disable it. Smartlock for passwords will not run on an encrypted device, but Google has decided to make encryption part of the OS. Is the only way around this is to unlock the bootloader and flash another ROM?
Rolldog said:
I'd like to enable Google Smartlock for passwords on my Google Pixel C, but when I was running Android N, under Settings/Security it shows my device as encrypted with no option to turn it off. So, I reloaded MM, N still has a lot of bugs I don't feel like messing with on an everyday tablet, but even under MM my device is encrypted with no option to disable it. Smartlock for passwords will not run on an encrypted device, but Google has decided to make encryption part of the OS. Is the only way around this is to unlock the bootloader and flash another ROM?
Click to expand...
Click to collapse
I never encrypt my devices so I couldn't speak about smart lock only working on encrypted devices. I know Marshmallow and up it's required for OEMs to encrypt (85% sure on that - I think it was supposed to start with Lollipop but OEMs weren't required to do so). Not that I don't believe you though, but that just seems weird for Google to "force" encryption but then allow another of their features, Smart Lock, to only work with unencrypted devices?
To answer your question - if you're running stock MM or N on a Google device, by default your data will be encrypted. The only way to decrypt would be to unlock the bootloader, format the data partition and flash a kernel that doesn't force encryption. You don't have to use another ROM per se, you just need a kernel that will keep you decrypted on your first boot.
I've no issue with smartlock on Pixel C, stock N5 and unencryted N9. I've only use trusted location - without GPS I wonder if you are having a problem with your location. Have you got "location" correctly set?
Ok, on your Pixel C, go into settings/Google, then scroll all the way to the bottom where it says Smartlock for Passwords, press it, and tell me what it says. When I do, it says, "This account uses custom passphrase encryption, which is unsupported at this time."
However, if I go to settings/security, I can enable Smart Lock, but just underneath where it says Smart Lock, it says:
Encryption
Encrypt Tablet
Encrypted
I never chose to encrypt anything, but, I guess Google uses encryption by default. Smart Lock can still be used, but Smartlock for Passwords can not.
Rolldog said:
Ok, on your Pixel C, go into settings/Google, then scroll all the way to the bottom where it says Smartlock for Passwords, press it, and tell me what it says. When I do, it says, "This account uses custom passphrase encryption, which is unsupported at this time."
However, if I go to settings/security, I can enable Smart Lock, but just underneath where it says Smart Lock, it says:
Encryption
Encrypt Tablet
Encrypted
I never chose to encrypt anything, but, I guess Google uses encryption by default. Smart Lock can still be used, but Smartlock for Passwords can not.
Click to expand...
Click to collapse
Sorry misunderstood. I think the answer is that using your own passphrase disables Smartlock on Android see: https://support.google.com/chrome/answer/1181035?p=settings_encryption&rd=1
"Some Google features will not be available after you set a sync passphrase
Google Now won’t show suggestions based on sites you browse in Chrome.
You won't be able to view your saved passwords on https://passwords.google.com or use Smart Lock for Passwords on Android.
Your history won't sync across devices. Web sites or URLs that you type in the address bar in Chrome will still sync."
Setting for Google/custom passphrase in chrome browser at chrome://settings/syncSetup
The strange thing is I don't use a custom passphrase, all of my information does sync between all of my devices, and I get Google Now cards based off my search history. However, last night, when I logged into an app, Smartlock for Passwords popped up and asked me if I wanted to save this password, so I guess it's working now. It still shows my tablet as encrypted, so I imagine it's just a bug.
Hey guys,
I have always had my op3 encrypted and I've become used to always entering the pin when booting up, accessing twrp etc. but today when I rebooted into twrp I didn't have to enter any pin to use twrp. When booting up the system I didn't have to enter a pin either.
When I check the settings under Security & Fingerprint it looks as in the attached screenshot, I don't have any options to decrypt or anything either
I'm running OOS 4.1.3, FrancoKernel #23 , Magisk 12, twrp-3.1.0-x_blu_spark_v27.
Is this something that anyone has experienced and know how to fix?
I want to keep my encryption but then, of course, you should have to use the pin.
Cheers!
Then the pin is defaulted and thus you don't need any. I don't need one, too and never did, but all is encrypted (Even locked down with a pin on bootup and fingerprint otherwise)
I believe this is an option you need to setup during the wizard when you initially set up the device. It asks you whether you want to require a pin on startup or not.
But, you can also turn this on by going to settings>security>screen lock.
From there, you click on the area where it says PIN. Confirm your pin, then click PIN again, and there should be an option to require pin for startup. Other than that, you are still encrypted, but it is all bypassed in order for quicker startup.
Sent from my ONEPLUS 3 using Tapatalk
noobtoob said:
I believe this is an option you need to setup during the wizard when you initially set up the device. It asks you whether you want to require a pin on startup or not.
But, you can also turn this on by going to settings>security>screen lock.
From there, you click on the area where it says PIN. Confirm your pin, then click PIN again, and there should be an option to require pin for startup. Other than that, you are still encrypted, but it is all bypassed in order for quicker startup.
Sent from my ONEPLUS 3 using Tapatalk
Click to expand...
Click to collapse
Ah that was it! it had somehow disabled itself, simply going in and enabling "require pin to start device" solved it.
Thanks!
Try removing the lock screen password and setting it up again and it will be back again in twrp.?
If anyone can help that would be awesome - this is the first time i have encountered this problem on an android device.
one of the first things i do is remove encryption on my android phones because
1. i like the option
and 2. i notice a considerable amount of difference.
now starting from Pie we have metadata encryption with file encryption
removing metadata encryption causes 0 problems.
however when i remove file encryption i run into a problem
i am un-able to setup a fingerprint (the option isnt even there anymore)
also when i set up a PIN, i am unable to change it (it says incorrect pin)
when i use the pin to unlock the phone, it says "wrong pin" but it works in unlocking the phone.
i didnt experience this on my oneplus 5/6 or samsung / huawei devices having them decrypted.
does anyone know how we can get fingerprint / pin working without encryption?
i notice the phone is more responsive and snappy without encryption
How does it affect device encryption by enabling or disabling the 'Encrypt using lock screen password' option (in privacy settings)? What is opposite? What password is used for encryption if this turned off?
If this is enabled, then a password is required before running the android.
But when this option was not turned on, the menu showed "encrypted" anyway and the Terminal (termux), after entering 'getprop ro.crypto.state' and 'getprop ro.crypto.type' I received the message 'encrypted' and 'block'. So, the device was encrypt anyway (at least in theory).
The question is what changes the inclusion of this option and is it really worth?
wholegrain said:
... The question is what changes the inclusion of this option and is it really worth?
Click to expand...
Click to collapse
The result will be that Android (and TWRP) will not start until you enter the lockscreen password. If you don't reboot your phone very often, then you may be able to live with the hassle (bootup will be much slower). And you'd better not forget the lockscreen password. But if the bootloader is unlocked, and/or TWRP is installed, nothing stops anyone from formatting the data partition and using the phone for their own purposes.
Does it give you any extra protection over standard encryption + fingerprint or lockscreen password? If your bootloader is locked, then maybe. Is it worth it? That is a matter of opinion - but I personally wouldn't bother with it. The greatest security risk lies in unlocking the bootloader. Once you unlock it, the phone itself is easy to commandeer, even if your data is safe because of encryption.
DarthJabba9 said:
But if the bootloader is unlocked, and/or TWRP is installed, nothing stops anyone from formatting the data partition and using the phone for their own purposes.
Click to expand...
Click to collapse
You mean 'using for their own purposes' with my data or after wiped? Anyway, I enabled this additional authentication. I don't have unlocked bootloader or TWRP. If the phone is turned off, then stranger can wipe (by holding power + volume up) and use it as its own.
I'm interested in what the difference in access to my data by a stranger is when the option is enabled or disabled. When enabled - I understand that when the bootloader is locked and there is no TWRP, the stranger can't access the device's data. When disabled - data supposedly encrypted, but is not the "default" password recoverable too easily?
wholegrain said:
You mean 'using for their own purposes' with my data or after wiped?....
Click to expand...
Click to collapse
Your data cannot exist after the data partition has been formatted. If your bootloader is locked, then you don't need to worry too much - just don't forget your lockscreen password.
As for standard encryption with default password, this enables TWRP to access the encrypted storage without asking for a password. This is what a lot of people expect (and demand). Some people who are very concerned about data security often prefer to have to enter a password, even to start TWRP. It is all down to individual taste.