If you use device encryption, do you then have to enter a password each time you turn the screen on, or only each time you power the phone on after it had been powered down?
And can you later decide to undo the encryption?
After further searching, I've discovered that the device-encryption password is only entered when the device powers up (reboots). However, the UI forces the same password to be used for the unlock screen as for the device encryption, so it's just as though the device-encryption password has to be used for each unlock. (There are hacks to work around that restriction, but they require rooting.)
New question for anyone using device encryption, please: Are you still able to set a long delay (up to one hour) before the lock screen engages, or does it always engage immediately when the device is encrypted, requiring password entry each time you pick up the phone?
Also, still wondering if anyone who's tried it knows whether device encryption can later be reversed/disabled. If so, I'll just go ahead and experiment. But I'd rather not do so if I'd have to factory-reset in order to undo it.
If so, would you be so kind as to answer two questions for me?
(1) Do you have to enter your password each time you unlock the screen, or does the phone still let you set a delay of up to an hour (during which time you only need to swipe to unlock)?
(2) Is there an option to revert to a decrypted device, or is factory-reset the only way?
I went ahead and enabled device encryption, so now I can report the answers:
(1) The password-delay setting still works.
(2) There is indeed an option that offers to decrypt the device (though I haven't tried using it).
Hey guys -
Need some detective help. I did something to my 10, and I think I did something with the encryption, but I'm not sure how or what.
Follow me here, since I'm not sure what caused it, I'll start at the beginning, and see if anything raises a red flag..
Got phone from HTC, US unlocked version. Got it in.. heck, this past June, I think.
Unlocked bootloader. Got Sunshine, ran it, but never paid and never turned S-OFF.
Never set PIN or Fingerprint.
Installed Viper10 when it was out.
Went to do fingerprint. Got screen saying that for backup, needed to set PIN. Set PIN, then taught it some fingerprints.
Never had data issues, and as far as I know, never encrypted phone. TWRP, when run, did not need me to enter any password or key to access the phone. On bootup, would get PIN prompt, but AFTER Android loaded.
Never got any RUUs, never upgraded Viper10.
Installed CM13 today. Whohoo!
Install went fine, no issues. Restored apps from TiBu, deleted unused bloatware, including the built-in Android keyboard.
Set up other options, and finally got to enter in fingerprints.
It gives me the same screen I got on Viper. This time, though (and I have no idea why), I back out back to Security settings, and enter in PIN there.
Then train fingerprints!
Now, when I reboot system, or boot to TWRP, I get a prompt asking for password (TWRP) or PIN (Android). HOWEVER.. I can enter my pin in TWRP just fine. But not Android. Apparently, since it hasn't booted, Swype doesn't work, and I get no keyboard. Can't enter PIN in at all.
That is my mistake, however, as I removed the built-in Android keyboard. (Something I've done countless times before on other Android versions without issue..)
So I restore Nandroid backup of Viper10. I still get the PIN entry, and STILL have no keyboard.
I see reference in TWRP about PINs not working, so I delete that locksettings.db file (from memory, filename is likely wrong here..)
Phone boots up. Yay. No PIN prompt. Yay.
But now I do NOT have data - as in, it's acting like my phone is unencrypted now.
So, what I'd like to know is -
If NOW my phone is unencrypted, and I'm getting the 'No Data' issue, what was my phone doing BEFORE, when I didn't have to enter PIN, but was getting data?
How can I get BACK to not having to enter PIN and still get data? (In my case, will the instructions for unencrypted work? Or is my phone now 'special'?)
How did I set the PIN the first time on Viper10, and not have it encrypt my phone? I'd like to ultimately get back to THAT scenario - where the lockscreen asks for PIN, but nothing else does (TWRP, Bootup, etc).
Thanks guys!
-Mike
I may be pointing the obvious, but have you do a full wipe before restoring your nandroid? If so, did you try to clean flash your rom to see what happens?
Maybe by removing stock keyboard something got messed up and keeps the keyboard in your nandroid from properly installing.
Yup, I tried restoring the Nandroid several times, some with wiping, some without. Also, I always clean-flash my new ROMs (i.e. ones not restored from nandroid backup, installed new, like going from Viper10 -> CM13)
Going to try again today while at work, see what happens.
During setup in CM13, there should be option to require PIN at startup (It is usually checked by default). Uncheck it and your phone will remain encrypted without requiring a PIN to start.
jackebuehner said:
During setup in CM13, there should be option to require PIN at startup (It is usually checked by default). Uncheck it and your phone will remain encrypted without requiring a PIN to start.
Click to expand...
Click to collapse
Technically correct (encrypted) but effectively incorrect: encryption is moot if a password is not required to decrypt it. It would be like locking your door and leaving the key in it: it's locked but it's not secure.
You need a system keyboard to be able to enter PIN on bootup; hence, the pre-installed keyboard (Google on vanilla, TouchPal on htc) isn't really 'bloatware' as it's necessary. Google makes a good keyboard; TouchPal, though, yeah, necessary bloatware in this case.
Rolo42 said:
Technically correct (encrypted) but effectively incorrect: encryption is moot if a password is not required to decrypt it. It would be like locking your door and leaving the key in it: it's locked but it's not secure.
Click to expand...
Click to collapse
Ah, so in previous ROMs (both OEM and Viper10, it technically WAS encrypted, I just never set the password? .. Huh.
Rolo42 said:
You need a system keyboard to be able to enter PIN on bootup; hence, the pre-installed keyboard (Google on vanilla, TouchPal on htc) isn't really 'bloatware' as it's necessary. Google makes a good keyboard; TouchPal, though, yeah, necessary bloatware in this case.
Click to expand...
Click to collapse
Interesting, thanks for this; good to know. A shame, but good to know that's just how it is.
coyttl said:
Ah, so in previous ROMs (both OEM and Viper10, it technically WAS encrypted, I just never set the password? .. Huh.
Interesting, thanks for this; good to know. A shame, but good to know that's just how it is.
Click to expand...
Click to collapse
Correct. The password is to get at the encryption key; it isn't the encryption key itself.
Bitlocker/SED works the same way. Otherwise, a password change would mean re-encrypting everything.
If you put in the wrong password, it'll look like you have no data.
My father in law died last weekend and we don't know the pincode of his stock Nexus 5X. We can access his Google account and we know the pincode of his sim card. I hope someone can help us out to get access to his phone. Things we've tried:
- The vingerprint reader was setup but we've tried a lot of possible pins. We've tried his vinger yesterday but because of the attempts the pin is also required now.
- With a pattern lock you'll get a possibility to unlock through the Google account password after some attempts but his phone was secured with a vingerprint and/or pincode. Only the delay between attempts get increased, currently 16 minutes between them.
- The lock option from https://www.google.com/android/devicemanager, but because there is already a pin lock it doesn't work. The pin doesn't change.
- I've tried to access the phone through ADB, booted into the recovery but "adb devices" doesn't see the phone. When I choose to "install update through adb" I see the devices with "adb devices" but I can't use "adb shell", only sideloading works.
- Installing a custom recovery could work but the bootloader is locked, when I unlock it a full wipe will be performed so we still can't access the data.
- From the Play store in the browser on my Mac I've installed the androidlost.com app on the phone, but the app needs to be opened once before it can be used.
- A rubber ducky could help us out, but I don't have one and the time between attempts get increased and increased... it would take weeks, months or years to unlock.
What other possibilities do I have?
First sorry for your lost!
Second, i don´t know for sure, but maybe get the phone to the store where you bought it and explain the situation, maybe they will give a correct advice or like you said the phone is registed in google ( device manager) maybe if you contact them they will help you with that ( the problem is they probably will take a long time to reply or don´t reply at all) or wait for a more expert user than me here in xda,
again, sorry for your lost and hope you solve this problem,
cheers
If the phone was rooted with a recovery installed, YES, you could delete the passcode files and get into it, without root/recovery, you cannot get into it without the password, that is the point of encryption and passwords and all that jazz.... Yes there is probably a way for some high level hacker to do it but good luck finding that.... If you just want to be able to USE the phone, do a factory reset from recovery....
As far as I know, almost nobody else in Xda forums, besides me, seem to talk about this LineageOS bug (perhaps because pretty nobody else fiddles with Privay Guard settings), but it does exist (I´ve read on the internet quite a few reports on this issue). Nevertheless, by sheer luck I've discovered a workaround and I'm willing to share my experience with others.
Even if you´re just curious, the bug is very easily reproducible: Settings --> Privacy&security --> Trust --> Privacy Guard --> Whatsapp (other apps may serve too, but this one for sure) --> External Storage write (or read) permissions --> select "always ask". Now reboot. (WARNING!! DO NOT do this unless you´ve previously done a nandroid backup!!). You'll then get into a bootloop. An infinite bootloop, actually. Why?
Well, LOS 15.1 has a bug concerning ¨ask always¨ permissons for External Storage write/read), causing the system to freeze at reboot time. If the app for which you´ve changed those permissions is NOT set to start at boot time (rarely, because most developers, in their insurmountable egomania, tend to think their apps are the most important in the universe), you may be lucky. Otherwise, the bug prevents the system to successfully boot and, after a few minutes´ long freeze, it shuts down by itself, then tries to boot again; but because it never manages (programs are silly: they don´t think: they´ll never realize the problem), you get into the infinite bootloop I talk about. So, how do you get out of this?
I confess I´m a total ignorant of Android. I just happened to find out this solution by sheer luck. Proceed as follows: while your phone is rebooting, during any of the infinite bootllops try to enter Safe Mode (check online for your phone´s Safe Mode howto). If you manage to, your system should boot fine into Safe Mode. Now, go again to Privacy Guard and set your culprit app´s write/read External Storage permissions to either ´allow´ or ´deny´ (in other words: NOT to ´always ask´). Now reboot, and everything should work fine.
That´s it! Don´t ask me why. I just know the bug exists and this is the less traumatic way of getting out of it.
I hope this information will help somebody!! Cheers.
the bug can be reproduced on Lineage OS 15.1 (lineage-15.1-20180827-nightly) on a Nexus 5X.
hope it'll be fixed soon.
Same bug on 20181126 build.
Privacy guard blocked my devices. Disabling all "always ask" for read/write permission solved.
Thanks for the report and your suggestion.
You saved me from a format.
Thanks