Ok so I'm a little bit of a security freak, I care about how my data are secure on my device and make sure that not a single bit of Google's code is left and tracking me (I debloat roms myself).......... The biggest issue is Encryption
I have both OP3 and 3T
Pre OS setup
OP3:
- OB 28 firmware
- Blu.Spark TWRP 8.61
OP3T
- OB 19 Firmware
- Blu.Spark TWRP 8.61
The issue I faced is that once I set an encryption password I either cannot change it, or a garbage password will be set and I won't be able to boot to my phone again unless I "fastboot format userdata"
- Type 1 issue, Set encryption password but can't change later: happens in all RR and LOS based roms (I even read somewhere that this bug was reported but due to it not being a popular feature the issue was cancelled", they suggested that in order to change it I have to make a complete back up, decrypt, restore back up, and encrypt again with a new password.... And this is a no go for me.
- Type 2 issue, Set encryption password and a rubbish password will be set: this happened to me in a few AOSP based roms (CardinalOS for example), so if I set a pattern for example, the encryption password will not be the same pattern I set, thus I'll be locked out of my phone unless I format userdata
I tried the cryptfs command
"vdc cryptfs changepw password '<old encryption password>' <new password>"
But nothing changes
Not all AOSP roms have this issue tho, PureFusion ROM (which is AOSP based) is fine, and all OOS based roms are fine too
Is there any fix for such issue? I'd love to use another rom,
possibly RR (Currently using FreedomOS), but the encryption issue is bothering me
According to latest part of your post, the "buggy" cryptfs concerns only some custom roms.
How would you solve that issue? It's depending by rom developer, the only attempt you could try is a bug report.
But there's a good risk to be ignored, because many people are not so obsessed by security, developers won't to find time for very rare issues.
DaKing1512 said:
Ok so I'm a little bit of a security freak, I care about how my data are secure on my device and make sure that not a single bit of Google's code is left and tracking me (I debloat roms myself).......... The biggest issue is Encryption
I have both OP3 and 3T
Pre OS setup
OP3:
- OB 28 firmware
- Blu.Spark TWRP 8.61
OP3T
- OB 19 Firmware
- Blu.Spark TWRP 8.61
The issue I faced is that once I set an encryption password I either cannot change it, or a garbage password will be set and I won't be able to boot to my phone again unless I "fastboot format userdata"
- Type 1 issue, Set encryption password but can't change later: happens in all RR and LOS based roms (I even read somewhere that this bug was reported but due to it not being a popular feature the issue was cancelled", they suggested that in order to change it I have to make a complete back up, decrypt, restore back up, and encrypt again with a new password.... And this is a no go for me.
- Type 2 issue, Set encryption password and a rubbish password will be set: this happened to me in a few AOSP based roms (CardinalOS for example), so if I set a pattern for example, the encryption password will not be the same pattern I set, thus I'll be locked out of my phone unless I format userdata
I tried the cryptfs command
"vdc cryptfs changepw password '<old encryption password>' <new password>"
But nothing changes
Not all AOSP roms have this issue tho, PureFusion ROM (which is AOSP based) is fine, and all OOS based roms are fine too
Is there any fix for such issue? I'd love to use another rom,
possibly RR (Currently using FreedomOS), but the encryption issue is bothering me
Click to expand...
Click to collapse
If you really are concerned with security then stay on stock and lock your bootloader. Anything else weakens the security of a device.
But really really. Mobile security is a myth. It is a fear mongering tool used by people to keep you in line. If someone wants your info they will get it and they dont need your device.
this might happen with you , happened with me (✖╭╮✖)
Related
I'd like to enable Google Smartlock for passwords on my Google Pixel C, but when I was running Android N, under Settings/Security it shows my device as encrypted with no option to turn it off. So, I reloaded MM, N still has a lot of bugs I don't feel like messing with on an everyday tablet, but even under MM my device is encrypted with no option to disable it. Smartlock for passwords will not run on an encrypted device, but Google has decided to make encryption part of the OS. Is the only way around this is to unlock the bootloader and flash another ROM?
Rolldog said:
I'd like to enable Google Smartlock for passwords on my Google Pixel C, but when I was running Android N, under Settings/Security it shows my device as encrypted with no option to turn it off. So, I reloaded MM, N still has a lot of bugs I don't feel like messing with on an everyday tablet, but even under MM my device is encrypted with no option to disable it. Smartlock for passwords will not run on an encrypted device, but Google has decided to make encryption part of the OS. Is the only way around this is to unlock the bootloader and flash another ROM?
Click to expand...
Click to collapse
I never encrypt my devices so I couldn't speak about smart lock only working on encrypted devices. I know Marshmallow and up it's required for OEMs to encrypt (85% sure on that - I think it was supposed to start with Lollipop but OEMs weren't required to do so). Not that I don't believe you though, but that just seems weird for Google to "force" encryption but then allow another of their features, Smart Lock, to only work with unencrypted devices?
To answer your question - if you're running stock MM or N on a Google device, by default your data will be encrypted. The only way to decrypt would be to unlock the bootloader, format the data partition and flash a kernel that doesn't force encryption. You don't have to use another ROM per se, you just need a kernel that will keep you decrypted on your first boot.
I've no issue with smartlock on Pixel C, stock N5 and unencryted N9. I've only use trusted location - without GPS I wonder if you are having a problem with your location. Have you got "location" correctly set?
Ok, on your Pixel C, go into settings/Google, then scroll all the way to the bottom where it says Smartlock for Passwords, press it, and tell me what it says. When I do, it says, "This account uses custom passphrase encryption, which is unsupported at this time."
However, if I go to settings/security, I can enable Smart Lock, but just underneath where it says Smart Lock, it says:
Encryption
Encrypt Tablet
Encrypted
I never chose to encrypt anything, but, I guess Google uses encryption by default. Smart Lock can still be used, but Smartlock for Passwords can not.
Rolldog said:
Ok, on your Pixel C, go into settings/Google, then scroll all the way to the bottom where it says Smartlock for Passwords, press it, and tell me what it says. When I do, it says, "This account uses custom passphrase encryption, which is unsupported at this time."
However, if I go to settings/security, I can enable Smart Lock, but just underneath where it says Smart Lock, it says:
Encryption
Encrypt Tablet
Encrypted
I never chose to encrypt anything, but, I guess Google uses encryption by default. Smart Lock can still be used, but Smartlock for Passwords can not.
Click to expand...
Click to collapse
Sorry misunderstood. I think the answer is that using your own passphrase disables Smartlock on Android see: https://support.google.com/chrome/answer/1181035?p=settings_encryption&rd=1
"Some Google features will not be available after you set a sync passphrase
Google Now won’t show suggestions based on sites you browse in Chrome.
You won't be able to view your saved passwords on https://passwords.google.com or use Smart Lock for Passwords on Android.
Your history won't sync across devices. Web sites or URLs that you type in the address bar in Chrome will still sync."
Setting for Google/custom passphrase in chrome browser at chrome://settings/syncSetup
The strange thing is I don't use a custom passphrase, all of my information does sync between all of my devices, and I get Google Now cards based off my search history. However, last night, when I logged into an app, Smartlock for Passwords popped up and asked me if I wanted to save this password, so I guess it's working now. It still shows my tablet as encrypted, so I imagine it's just a bug.
I just rooted my brand new 1+3 and put CM13 on it, with TWRP recovery. I haven't set any sort of screen guard or fingerprint yet, since I'm not sure if that will end up encrypting the disk as well.
I've seen other posts about how people could not use the recovery because it prompted for a password - and typing the PIN didn't work for them. I have already taken a nandroid backup of the original OxygenOS, and saved it elsewhere (i.e. not on the phone). So if I go ahead and set a password, will it cause any problems later, if I have to use the recovery? Is it better to stick to a PIN instead of the pattern lock?
Edit - now when I go into recovery, the log says 'successfully decrypted with default password'. What's this default password? If I set a screen PIN, will it change to the PIN, or is it something else? Will setting the PIN/fingerprint prevent me from mounting data as I can now?
Hey guys -
Need some detective help. I did something to my 10, and I think I did something with the encryption, but I'm not sure how or what.
Follow me here, since I'm not sure what caused it, I'll start at the beginning, and see if anything raises a red flag..
Got phone from HTC, US unlocked version. Got it in.. heck, this past June, I think.
Unlocked bootloader. Got Sunshine, ran it, but never paid and never turned S-OFF.
Never set PIN or Fingerprint.
Installed Viper10 when it was out.
Went to do fingerprint. Got screen saying that for backup, needed to set PIN. Set PIN, then taught it some fingerprints.
Never had data issues, and as far as I know, never encrypted phone. TWRP, when run, did not need me to enter any password or key to access the phone. On bootup, would get PIN prompt, but AFTER Android loaded.
Never got any RUUs, never upgraded Viper10.
Installed CM13 today. Whohoo!
Install went fine, no issues. Restored apps from TiBu, deleted unused bloatware, including the built-in Android keyboard.
Set up other options, and finally got to enter in fingerprints.
It gives me the same screen I got on Viper. This time, though (and I have no idea why), I back out back to Security settings, and enter in PIN there.
Then train fingerprints!
Now, when I reboot system, or boot to TWRP, I get a prompt asking for password (TWRP) or PIN (Android). HOWEVER.. I can enter my pin in TWRP just fine. But not Android. Apparently, since it hasn't booted, Swype doesn't work, and I get no keyboard. Can't enter PIN in at all.
That is my mistake, however, as I removed the built-in Android keyboard. (Something I've done countless times before on other Android versions without issue..)
So I restore Nandroid backup of Viper10. I still get the PIN entry, and STILL have no keyboard.
I see reference in TWRP about PINs not working, so I delete that locksettings.db file (from memory, filename is likely wrong here..)
Phone boots up. Yay. No PIN prompt. Yay.
But now I do NOT have data - as in, it's acting like my phone is unencrypted now.
So, what I'd like to know is -
If NOW my phone is unencrypted, and I'm getting the 'No Data' issue, what was my phone doing BEFORE, when I didn't have to enter PIN, but was getting data?
How can I get BACK to not having to enter PIN and still get data? (In my case, will the instructions for unencrypted work? Or is my phone now 'special'?)
How did I set the PIN the first time on Viper10, and not have it encrypt my phone? I'd like to ultimately get back to THAT scenario - where the lockscreen asks for PIN, but nothing else does (TWRP, Bootup, etc).
Thanks guys!
-Mike
I may be pointing the obvious, but have you do a full wipe before restoring your nandroid? If so, did you try to clean flash your rom to see what happens?
Maybe by removing stock keyboard something got messed up and keeps the keyboard in your nandroid from properly installing.
Yup, I tried restoring the Nandroid several times, some with wiping, some without. Also, I always clean-flash my new ROMs (i.e. ones not restored from nandroid backup, installed new, like going from Viper10 -> CM13)
Going to try again today while at work, see what happens.
During setup in CM13, there should be option to require PIN at startup (It is usually checked by default). Uncheck it and your phone will remain encrypted without requiring a PIN to start.
jackebuehner said:
During setup in CM13, there should be option to require PIN at startup (It is usually checked by default). Uncheck it and your phone will remain encrypted without requiring a PIN to start.
Click to expand...
Click to collapse
Technically correct (encrypted) but effectively incorrect: encryption is moot if a password is not required to decrypt it. It would be like locking your door and leaving the key in it: it's locked but it's not secure.
You need a system keyboard to be able to enter PIN on bootup; hence, the pre-installed keyboard (Google on vanilla, TouchPal on htc) isn't really 'bloatware' as it's necessary. Google makes a good keyboard; TouchPal, though, yeah, necessary bloatware in this case.
Rolo42 said:
Technically correct (encrypted) but effectively incorrect: encryption is moot if a password is not required to decrypt it. It would be like locking your door and leaving the key in it: it's locked but it's not secure.
Click to expand...
Click to collapse
Ah, so in previous ROMs (both OEM and Viper10, it technically WAS encrypted, I just never set the password? .. Huh.
Rolo42 said:
You need a system keyboard to be able to enter PIN on bootup; hence, the pre-installed keyboard (Google on vanilla, TouchPal on htc) isn't really 'bloatware' as it's necessary. Google makes a good keyboard; TouchPal, though, yeah, necessary bloatware in this case.
Click to expand...
Click to collapse
Interesting, thanks for this; good to know. A shame, but good to know that's just how it is.
coyttl said:
Ah, so in previous ROMs (both OEM and Viper10, it technically WAS encrypted, I just never set the password? .. Huh.
Interesting, thanks for this; good to know. A shame, but good to know that's just how it is.
Click to expand...
Click to collapse
Correct. The password is to get at the encryption key; it isn't the encryption key itself.
Bitlocker/SED works the same way. Otherwise, a password change would mean re-encrypting everything.
If you put in the wrong password, it'll look like you have no data.
I downloaded and installed official LineageOS to my Galaxy Note 10.1 (2014 Edition) P-605 from
https://download.lineageos.org/lt03lte
Install TWRP Recovery
Install latest downloaded file from the link given above
Install open gapps (mini)
Everything working fine except
Usb MTP connection is not working
On boot Setting app closes
Less battry life than the stock rom
MTP connection issue is a huge problem for me. Do anyone know a fix? I searched everywhere and couldn't find anything
I confirm all the above issues with the nightly build 2018-02-22.
Let me add another (serious) one: if you encrypt the storage, every time you reboot a bunch of applications go in restart loop, until eventually the device restart. This is basically a bootloop. I will try to wipe cache and dalvik and restart to see if the problem persists.
I'm not used to rant just for the sake of, also considered the amazing work devs do, but this time I'm a bit pissed. I bought this tablet specifically because it is listed in the "Lineage OS supported devices" list. It would be nice to put a big disclaimer if the current build has so many crippling issues.
---------- Post added at 10:39 AM ---------- Previous post was at 10:16 AM ----------
That's annoying... TWRP does not manage to decrypt the storage partition... So I'm pretty much screwed.
I will try to format the storage to remove the encryption, and then re-install the latest Lineage nightly using either adb sideload or a micro-USB pendrive.
OK, kind of works. I started TWRP recovery and formatted all the device (removing encryption), then copied back the lineageOS (I used the last nightly, 2018-02-22) and addonsu zip files using a microUSB stick. Reinstalled everything. It works, the only annoying thing is that by formatting the sdcard I lost the backup I had previously done with TWRP of the original firmware, but that's fine, I was not planning of using it anyway.
- enabled USB debugging, root apps+ADB, enable third-party apps
- added F-Droid repo
- downloaded CryptFS from F-Droid
- Settings -> Security -> set up a temporary password for screen unlock
- Plugged in tablet, Settings -> Security -> encrypt device (using the temporary password above)
- reboot, this time seems to work (modulo the usual annoying "settings app has stopped working" one-time popup)
- changed encryption password with CryptFS (requires root of course)
- Settings -> Security -> changed screen unlock to a normal PIN
Everything seems to work so far: the device asks for the long decryption password at boot but only short PIN to unlock screen.
Planning to install WrongPINshutdown now, to complete anti-theft security setup.
So far so good, except ADB still doesn't work. Keeping a close eye on battery usage.
Coming next:
- testing whether TWRP can decrypt storage
- making sure at least LineageOS can mount USB drives... since MTP doesn't work it would be annoying having to use network or ADB to transfer large files...
---------- Post added at 01:17 PM ---------- Previous post was at 12:59 PM ----------
Babality!
- TWRP still cannot decrypt storage, does not even ask for the passphrase, just does not see the partition
- after trying the above, somehow the encrypted partition header got screwed: if I start Lineage OS, when I'm prompted for the passphrase. I always got "wrong password". Either using the "right" password, or using the old temporary password I used before, or the current device PIN, nothing: everything is "wrong password".
I'm reinstalling everything again and do a couple of final tests before giving up and forgetting about encryption.
I suspect this might be an issue of TWRP. I'm using version 3.0.2-0. I'm installing now the latest version (3.1.1-0) and see if things change.
Also, coming next MTP test.
---------- Post added at 01:37 PM ---------- Previous post was at 01:17 PM ----------
TWRP 3.1.1-0 bootloops tablet... I have to start from Odin again.
F**k all this s**t, my next device's gonna be an Apple :angryface:
I managed to make the double-encryption work: now when I boot the tablet it requests the passphrase, but to unlock the screen just a PIN (however, Wrong PIN Shutdown powers off the tablet after a few wrong PIN trials).
I'm not entirely sure how I did it to be honest, but I suspect the reason is the following: the encryption of the tablet can only be done by setting up a password for screen unlock at first.
Then you use Cryptfs to change the encryption password.
Then you change the screen protection option to "PIN" instead of password. If you are running one of the latest Lineage OS builds, when you are asked "do you want to require a PIN also at boot?", counterintuitively, answer "yes".
THEN you must run Cryptfs again and re-set the storage encryption password. This way it works.
I did not dare starting TWRP again in recovery mode , I'm afraid it would mess up with the encryption.
Keeping an eye on the battery: it's pretty bad to be honest. I was used to my beloved Lenovo tablet, I was using it only as a PDF reader (flight mode, uninstalled all the crap etc) and, with the stock firmware, it had pretty much the same battery life of a real Ebook reader, I could easily leave it in the closet for weeks and find it still charged when I needed it. This Galaxy Note 10.1 is not even close with Lineage 14.1, now I killed all the unnecessary processes and set battery mode to maximum span, let's see if it gets better.
After a few days of test I can confirm poor battery life. Less than two days in complete standby, flight mode, energy saving mode. That really sucks.
I have to add: SIM card not recognized, only WiFi works.
TL;DR: do not install this ROM.
Did anybody test the official LineageOS build for the SM-P605 (lt03lte) ?
Is it working by now?
Has anybody an old (Octobre or Septembre) version of the official LinageOS for SM-P605 (lte03lte)? Unfortunately after the decision to no longer maintain that ROM all older downloads have been deleted and I have some problems with the december version
If anyone can help that would be awesome - this is the first time i have encountered this problem on an android device.
one of the first things i do is remove encryption on my android phones because
1. i like the option
and 2. i notice a considerable amount of difference.
now starting from Pie we have metadata encryption with file encryption
removing metadata encryption causes 0 problems.
however when i remove file encryption i run into a problem
i am un-able to setup a fingerprint (the option isnt even there anymore)
also when i set up a PIN, i am unable to change it (it says incorrect pin)
when i use the pin to unlock the phone, it says "wrong pin" but it works in unlocking the phone.
i didnt experience this on my oneplus 5/6 or samsung / huawei devices having them decrypted.
does anyone know how we can get fingerprint / pin working without encryption?
i notice the phone is more responsive and snappy without encryption