I have Secure Startup encryption enabled on my S9 and all I need to know if that only encrypts the files on the phone only when the whole phone is totally powered OFF or will it encrypt all the system files and personal files even if the phone is powered ON but LOCKED by the Screen Lock?
If that is not the case, will I need to use a third-party app to encrypt my files or even Samsung's Secure Folder app?
Thanks in advance!
Related
I am wondering if there is anyone interested in bringing transparent "SD-card" encryption to the Galaxy Nexus. On Android 4 there's already encryption for the data partition, also the Galaxy Nexus is using MTP for mounting the "SD-Card" on Windows. So using an encrypted "SD-card" on Windows or somewhere else shouldn't be a problem, as transparent encryption shouldn't affect MTP? So this would lead to the following ideas / requirements:
1) We need an option to disable mounting of the internal "SD-card" when an USB connection is established or else everyone can simply read the content, as the encryption is transparent.
2) Encrypt the "SD-Card" in a transparent way, mount it on boot.There are already implementations of transparent encryption, e.g. LUKS Manager. Use the data partition (encrypted by Android's built in encryption) to store a mount script that contains the password to mount the encrypted "SD-card"
3) Optional: Split the "SD-card" in two partitions, leave one unencrypted so we still have a partition we can use to store backups done during recovery etc.
Anyone interested in doing this?
This ain't development. :'(
Sent from my Galaxy Nexus using Tapatalk 2
if u use a secure lockscreen, sequence, pin or password..and ur device is locked, the content of the sdcard doesn not appear when u attach it to the computer, unless u unlock ur device
andQlimax said:
if u use a secure lockscreen, sequence, pin or password..and ur device is locked, the content of the sdcard doesn not appear when u attach it to the computer, unless u unlock ur device
Click to expand...
Click to collapse
Thanks, good information Still would be nice to be able to explicitely prevent the mounting in general like it was possible on Android 2.x. Anyway, one problem solved
I want to use Android Device Encryption (Settings --> General --> Security). My questions are:
1). Is there any issue if my device is rooted and KNOX is disabled (it's still 0x0)
2). If anything to my device and I need to Odin, I assume encryption will NOT prevent me doing so?
3). Bonus question: is there anyway to use PIN when the device is encrypted? I only see "Password" and the rest is greyed out. I don't want to use 6 characters alphanumeric password everytime I want to use my device.
1) Yes, if you're rooted with a 100% stock ROM and recovery, you CAN encrypt.
2) Sort of. It might mess up the encryption. Mine got confused thinking it was still encrypted, but couldn't mount the partition after Odin ran. To fix it, boot to STOCK recovery using the hardware keys (vol+/home/power), and do a factory reset from in there. Note that CWM/TWRP etc will NOT work to fix this issue. It's something to do with the changes Samsung made to the encryption code.
3) Nope. Password only. In theory, it might be possible to do an Xposed module, but I didn't find a good place to hook in to the process. If they would separate the encryption password from the device lock code, this would be easy. I ended up using the No Lock Home Xposed module, which lets you switch to swipe screen lock when you are connected to particular wifi/cell/BT devices.
I'm actually running without encryption now. It makes custom ROMs difficult. I believe if I were running an AOSP derived ROM it would be fine, but using modded stock stuff causes issues. Make sure you do backups to SD or a computer. If something goes wrong with the encryption there is no way to recover without a full wipe, which kills everything on the internal storage, including /sdcard. The external SD card is not affected, unless you encrypted that as well. I like the extra security, but the implementation sucks and is buggy.
Question: I have the Dev Edition Note 4 and am looking for the lock screen fields in SQLite, since they seem to have moved. Does anyone know where they are located now?
Reason: When encrypted, as we all know and hate, you have to use a password with a special character.... That you also have to use as the lock screen... Which sucks. It would be pretty handy to have the scanner for unlocking the screen and the password for decryption on boot.
Background: On the Note 3 you could use SQLITE to change LOCKSCREEN_PASSWORD_TYPE to different codes which enabled the different types of password. For instance 131072 was for PIN. After encryption was in place I was able to change the lock screen type to PIN. However, since no PIN was used during setup it would just act as if any entries didn't match. I want to see if changing to fingerprint scanner would work since the fingerprints, or password in this case, are stored in the phone prior to the change. Hopefully making it so lock screen can be unlocked much easier while encrypted.
Thanks everyone.
Just an update to this for anyone who likes to, or needs to, have FDE enabled on their devices.
If you setup your fingerprint unlock and use a file explorer to go to data/system/ you will see three files called lockscreen.db two in which say -shm and -wal after. Copy those to the SD card.
Then make your way to Terminal Emulator and run the command pkill -KILL daemonsu . This will kill superuser. Making the FDE actually run.
After encryption is complete you can take the lock settings files saved earlier and copy (replace) them back to the data/system/ partition.
That's it. When booting you will have your strong password and be able to use the scanner for screen unlocks.
Now this only works for for device encryption. SD cards seem (?) to decrypt after the boot process and this causes them to not mount correctly. One of the times I was toying around with it the files on the SD were actually corrupted and unrecoverable. So make backups and all that if you decide to figure that out. I typically use encryption manager for things that I want to encrypt on the SD card anyway. Since I use the card in several devices.
Hope this helps anyone who wants or needs FDE on their Note 4 Devs.
Fingerprint scanner is not displaying note 4 - android 5.1.1
blubyu87gt said:
Just an update to this for anyone who likes to, or needs to, have FDE enabled on their devices.
If you setup your fingerprint unlock and use a file explorer to go to data/system/ you will see three files called lockscreen.db two in which say -shm and -wal after. Copy those to the SD card.
Then make your way to Terminal Emulator and run the command pkill -KILL daemonsu . This will kill superuser. Making the FDE actually run.
After encryption is complete you can take the lock settings files saved earlier and copy (replace) them back to the data/system/ partition.
That's it. When booting you will have your strong password and be able to use the scanner for screen unlocks.
Now this only works for for device encryption. SD cards seem (?) to decrypt after the boot process and this causes them to not mount correctly. One of the times I was toying around with it the files on the SD were actually corrupted and unrecoverable. So make backups and all that if you decide to figure that out. I typically use encryption manager for things that I want to encrypt on the SD card anyway. Since I use the card in several devices.
Hope this helps anyone who wants or needs FDE on their Note 4 Devs.
Click to expand...
Click to collapse
Hi, i have a big trouble with my note 4, i had a fingerprint lock screen with a pin pass in case of emergency; the phone just got locked with no reason and it doesn´t show me the fingerprint option and doesn`t get any pin. Im out of my phone, i don`t know what to do, i took some photos yesterday that i need for my job urgently, could you help me?
I am extremely paranoid (just my personality) and am wondering can I do a full device encryption like you can on pc? If so to what extent and how hard would it be to break? I looked into the built in encryption but its bypassable on to many devices. Also is it possible to have it that a password needs to be entered on the device when it's plugged into computer to allow MTP transfer (another password besides lock screen)
elderwolf123 said:
I am extremely paranoid (just my personality) and am wondering can I do a full device encryption like you can on pc? If so to what extent and how hard would it be to break? I looked into the built in encryption but its bypassable on to many devices. Also is it possible to have it that a password needs to be entered on the device when it's plugged into computer to allow MTP transfer (another password besides lock screen)
Click to expand...
Click to collapse
You could encrypt the sd card if you had one.
Sent from my SM-A520W using XDA Labs
iloveoreos said:
You could encrypt the sd card if you had one.
Click to expand...
Click to collapse
I know that but that isn't much and not really what I'm going for, yes SD encryption is something I want along with full encryption so at boot time a password is needed like you can do on windows
elderwolf123 said:
I know that but that isn't much and not really what I'm going for, yes SD encryption is something I want along with full encryption so at boot time a password is needed like you can do on windows
Click to expand...
Click to collapse
There's a setting called secure startup which requires a password at boot. I suppose that would do the same?
Sent from my SM-A520W using XDA Labs
Hey,
i just wanted to ask you whats the safest way to safe erase the data from a phone and how i can look up afterwards if it worked.
Thanks in advance
Delete Google and Samsung accounts.
Encrypt data in settings, security (strong protection). Factory reset from settings.
Afterwards clear the system cache on the boot menu.
Pretty sure there will not be anything readable after that.
sadly i cant find the encryption in the settings. could it be that samsung already enable it as default?
On Pie... on 2nd page of security settings
on my end it looks like this
Which OS version?
Mine is a N10+ running on Pie.
There should be a second page... or it's in another settings option like memory.
Try doing a search in settings for "encryption".
The phone is running android 11.
The search for "Encryption" is not showing anything.
Thanks for replies!
You'll need to do some research.
It may be encrypted by default.
Samsung tells us just how secure the Galaxy S20 processor is
In addition to having Samsung Knox, the secure processor on the Galaxy S20 provides protection against hardware-level attacks.
www.phonearena.com