If you use device encryption, do you then have to enter a password each time you turn the screen on, or only each time you power the phone on after it had been powered down?
And can you later decide to undo the encryption?
After further searching, I've discovered that the device-encryption password is only entered when the device powers up (reboots). However, the UI forces the same password to be used for the unlock screen as for the device encryption, so it's just as though the device-encryption password has to be used for each unlock. (There are hacks to work around that restriction, but they require rooting.)
New question for anyone using device encryption, please: Are you still able to set a long delay (up to one hour) before the lock screen engages, or does it always engage immediately when the device is encrypted, requiring password entry each time you pick up the phone?
Also, still wondering if anyone who's tried it knows whether device encryption can later be reversed/disabled. If so, I'll just go ahead and experiment. But I'd rather not do so if I'd have to factory-reset in order to undo it.
Whenever I try to turn off secure boot for the pattern, the option just resets to "yes". However, whenever I use a PIN instead of a pattern, the option stays on "No". I'm really annoyed about having to wait longer with the secure boot. I am on the latest version of RR. Is there a workaround as of now, or do I have to stick with using a PIN for the time being?
The message "Android is upgrading..." always show up every time I reboot the device.
This happens to me too but it's very strange because it seems a pattern lock I had entered persists across factory resets. So now I have to enter both my old pattern and then my new PIN to unlock my phone when I boot up.
The pattern lock comes up after the "android is upgrading" box which also flashes "starting apps" then "finishing boot" and this is after the boot animation. After I enter my pattern, it goes to boot animation again, then loads Oxygen OS 3.2.1. The reason I find this strange is because after the factory reset, I used a pin number at the setup instead of a pattern to lock the phone.
Why is my old pattern still there? I don't like the delay caused by android is upgrading and repeated boot animation.
As a note, I originally used adb sideload to upgrade from 3.1.3 to 3.2.1..
I think I figured it out. First I tried this method: http://www.androidexplained.com/oneplus-3-fix-twrp-restore-unlock-bug/
But that didn't work... I realized that this was a device encryption thing because TWRP was asking for my pattern as well; not my new pin.
So I restarted into bootloader, connected to PC and used fastboot format userdata. This actually wiped out the encryption and now when I turn on the phone it doesn't say "Android is upgrading", "Finishing boot..." Nor does it ask me to enter my pattern. This did of course reset the phone so it looked like a first-run screen where I followed through and set up a PIN. It seems fastboot format userdata is more complete than a TWRP factory reset.
However, at this time it looks like my OnePlus 3 is un-encrypted and I have the option to encrypt it now. See attached screenshots. The question is, what will happen after I encrypt the OP3? Will it have an annoying looped boot animation and a request for my PIN or pattern?
Silly22 said:
This happens to me too but it's very strange because it seems a pattern lock I had entered persists across factory resets. So now I have to enter both my old pattern and then my new PIN to unlock my phone when I boot up.
The pattern lock comes up after the "android is upgrading" box which also flashes "starting apps" then "finishing boot" and this is after the boot animation. After I enter my pattern, it goes to boot animation again, then loads Oxygen OS 3.2.1. The reason I find this strange is because after the factory reset, I used a pin number at the setup instead of a pattern to lock the phone.
Why is my old pattern still there? I don't like the delay caused by android is upgrading and repeated boot animation.
As a note, I originally used adb sideload to upgrade from 3.1.3 to 3.2.1..
Click to expand...
Click to collapse
After you boot up after encryption go in security there should be an option to require pattern to start device, if that's disabled you won't have the double boot animation. As far as "Android is upgrading" on every boot, that usually happens if you add an app to system partition. I have Google dialer and GSam root companion so I get two apps upgrading on boot.
Your pin or password will survive factory reset.
Sent from my 1+3
Stop rebooting the device then lol
Sent from my ONEPLUS A3000 using XDA-Developers mobile app
Hey guys -
Need some detective help. I did something to my 10, and I think I did something with the encryption, but I'm not sure how or what.
Follow me here, since I'm not sure what caused it, I'll start at the beginning, and see if anything raises a red flag..
Got phone from HTC, US unlocked version. Got it in.. heck, this past June, I think.
Unlocked bootloader. Got Sunshine, ran it, but never paid and never turned S-OFF.
Never set PIN or Fingerprint.
Installed Viper10 when it was out.
Went to do fingerprint. Got screen saying that for backup, needed to set PIN. Set PIN, then taught it some fingerprints.
Never had data issues, and as far as I know, never encrypted phone. TWRP, when run, did not need me to enter any password or key to access the phone. On bootup, would get PIN prompt, but AFTER Android loaded.
Never got any RUUs, never upgraded Viper10.
Installed CM13 today. Whohoo!
Install went fine, no issues. Restored apps from TiBu, deleted unused bloatware, including the built-in Android keyboard.
Set up other options, and finally got to enter in fingerprints.
It gives me the same screen I got on Viper. This time, though (and I have no idea why), I back out back to Security settings, and enter in PIN there.
Then train fingerprints!
Now, when I reboot system, or boot to TWRP, I get a prompt asking for password (TWRP) or PIN (Android). HOWEVER.. I can enter my pin in TWRP just fine. But not Android. Apparently, since it hasn't booted, Swype doesn't work, and I get no keyboard. Can't enter PIN in at all.
That is my mistake, however, as I removed the built-in Android keyboard. (Something I've done countless times before on other Android versions without issue..)
So I restore Nandroid backup of Viper10. I still get the PIN entry, and STILL have no keyboard.
I see reference in TWRP about PINs not working, so I delete that locksettings.db file (from memory, filename is likely wrong here..)
Phone boots up. Yay. No PIN prompt. Yay.
But now I do NOT have data - as in, it's acting like my phone is unencrypted now.
So, what I'd like to know is -
If NOW my phone is unencrypted, and I'm getting the 'No Data' issue, what was my phone doing BEFORE, when I didn't have to enter PIN, but was getting data?
How can I get BACK to not having to enter PIN and still get data? (In my case, will the instructions for unencrypted work? Or is my phone now 'special'?)
How did I set the PIN the first time on Viper10, and not have it encrypt my phone? I'd like to ultimately get back to THAT scenario - where the lockscreen asks for PIN, but nothing else does (TWRP, Bootup, etc).
Thanks guys!
-Mike
I may be pointing the obvious, but have you do a full wipe before restoring your nandroid? If so, did you try to clean flash your rom to see what happens?
Maybe by removing stock keyboard something got messed up and keeps the keyboard in your nandroid from properly installing.
Yup, I tried restoring the Nandroid several times, some with wiping, some without. Also, I always clean-flash my new ROMs (i.e. ones not restored from nandroid backup, installed new, like going from Viper10 -> CM13)
Going to try again today while at work, see what happens.
During setup in CM13, there should be option to require PIN at startup (It is usually checked by default). Uncheck it and your phone will remain encrypted without requiring a PIN to start.
jackebuehner said:
During setup in CM13, there should be option to require PIN at startup (It is usually checked by default). Uncheck it and your phone will remain encrypted without requiring a PIN to start.
Click to expand...
Click to collapse
Technically correct (encrypted) but effectively incorrect: encryption is moot if a password is not required to decrypt it. It would be like locking your door and leaving the key in it: it's locked but it's not secure.
You need a system keyboard to be able to enter PIN on bootup; hence, the pre-installed keyboard (Google on vanilla, TouchPal on htc) isn't really 'bloatware' as it's necessary. Google makes a good keyboard; TouchPal, though, yeah, necessary bloatware in this case.
Rolo42 said:
Technically correct (encrypted) but effectively incorrect: encryption is moot if a password is not required to decrypt it. It would be like locking your door and leaving the key in it: it's locked but it's not secure.
Click to expand...
Click to collapse
Ah, so in previous ROMs (both OEM and Viper10, it technically WAS encrypted, I just never set the password? .. Huh.
Rolo42 said:
You need a system keyboard to be able to enter PIN on bootup; hence, the pre-installed keyboard (Google on vanilla, TouchPal on htc) isn't really 'bloatware' as it's necessary. Google makes a good keyboard; TouchPal, though, yeah, necessary bloatware in this case.
Click to expand...
Click to collapse
Interesting, thanks for this; good to know. A shame, but good to know that's just how it is.
coyttl said:
Ah, so in previous ROMs (both OEM and Viper10, it technically WAS encrypted, I just never set the password? .. Huh.
Interesting, thanks for this; good to know. A shame, but good to know that's just how it is.
Click to expand...
Click to collapse
Correct. The password is to get at the encryption key; it isn't the encryption key itself.
Bitlocker/SED works the same way. Otherwise, a password change would mean re-encrypting everything.
If you put in the wrong password, it'll look like you have no data.
Hey guys,
I have always had my op3 encrypted and I've become used to always entering the pin when booting up, accessing twrp etc. but today when I rebooted into twrp I didn't have to enter any pin to use twrp. When booting up the system I didn't have to enter a pin either.
When I check the settings under Security & Fingerprint it looks as in the attached screenshot, I don't have any options to decrypt or anything either
I'm running OOS 4.1.3, FrancoKernel #23 , Magisk 12, twrp-3.1.0-x_blu_spark_v27.
Is this something that anyone has experienced and know how to fix?
I want to keep my encryption but then, of course, you should have to use the pin.
Cheers!
Then the pin is defaulted and thus you don't need any. I don't need one, too and never did, but all is encrypted (Even locked down with a pin on bootup and fingerprint otherwise)
I believe this is an option you need to setup during the wizard when you initially set up the device. It asks you whether you want to require a pin on startup or not.
But, you can also turn this on by going to settings>security>screen lock.
From there, you click on the area where it says PIN. Confirm your pin, then click PIN again, and there should be an option to require pin for startup. Other than that, you are still encrypted, but it is all bypassed in order for quicker startup.
Sent from my ONEPLUS 3 using Tapatalk
noobtoob said:
I believe this is an option you need to setup during the wizard when you initially set up the device. It asks you whether you want to require a pin on startup or not.
But, you can also turn this on by going to settings>security>screen lock.
From there, you click on the area where it says PIN. Confirm your pin, then click PIN again, and there should be an option to require pin for startup. Other than that, you are still encrypted, but it is all bypassed in order for quicker startup.
Sent from my ONEPLUS 3 using Tapatalk
Click to expand...
Click to collapse
Ah that was it! it had somehow disabled itself, simply going in and enabling "require pin to start device" solved it.
Thanks!
Try removing the lock screen password and setting it up again and it will be back again in twrp.?