Develop Bugs

I can't encrypt my GS3.. HelpPlz

I am trying to encrypt my sprint GS3 but the encrypting is not working at all.
I made sure the battery is %100 full. I create a good password of letters and numbers. I select encrypt device and wait for it to finish and reboot. After all that, the device reboots like normally and doesn't ask for password in boot menu.
Only when the phone comes to the home screen does it ask for password to unlock the screen.
Right now I have on it the stock android 4.3 rooted.
My encryption used to work fine before on android 4.2 but I forgot to unencrypted the device before upgrading and I think that's what broke the encryption system.
I don't know what other details I need to include here. I have searched google but I couldn't find any posts that describe my situation.
Please Help.
Thank you!

Phone storage encryption - tips, things to avoid, or general advice?

(Verizon HTC One M9, S-OFF, bootloader *** UNLOCKED ***, Software status: Official, TWRP recovery installed, Android version 5.0.2, HTC Sense version 7.0 Software number 1.33.605.15)
I'm anticipating a requirement in my near future to turn on "Phone storage encryption (Protect content on this phone with a password)" under Settings -> Security. When I did this under similar circumstances on my HTC One M7, it seemed to adversely affect the performance of the phone. I encountered a lot of random freezes at various points (after entering my unlock PIN, waking up the phone, switching apps, even occasionally during phone calls).
In fairness, I had a lot of stuff on internal storage on my old phone - pictures, audio, etc. - that I now store on my 32GB microSD card on the M9. Nonetheless, the prospect of encrypting my internal storage is intimidating, especially because it's apparently a one-way operation, and there's No Going Back if the phone performance starts to lag as the old phone's did.
Has anyone else experienced any similar troubles after turning on Phone storage encryption? Also, I'm not averse to moving off of the HTC stock ROM; I just haven't done it yet. Is there a particular ROM that seems to perform better -- or worse -- with encrypted internal storage?
Thanks.

Good question and I realy would like to join in.
Normaly Google says, since Android 5 Storage encryption should be standard and phones with native Android 5 should have hardware accelerated encryption. But there is no information thats says which phone have this hardware accelerated encryption.
And in addition most phones with native android 5 don't have standard encryption activated.
So is there anyone who tested the M9 with storage ecryption?
\Edit:
This article says AES comes with ARMv8 wich is used in Snapdragon 810 http://www.chip.de/news/Rueckzieher...sselung-in-Android-5.0-Lollipop_76997991.html

encryption disabled dial pad and texting
I have a sprint M9, twrp recovery, rooted, and flashed Viperone ROM.
Everything was working great.
Because of work email needs and the need for Microsoft Exchange, I had to encrypt the phone. So I did.
After encryption, I cannot make outbound calls. I receive calls. Just cannot dial them. Seems like the problem is with the dial pad. Lets me enter the number, but when I hit "call" it just goes away. I cannot type internal phone commands like ##1234## to get information. Just disappears.
Also, I cannot send or receive text messages.
I went into TWRP to revert back to my backup. And of course no backup is there. Everything is encrypted and unreadable by TWRP. I have read a lot on these boards and thank you. I cannot find much written on this subject.
Sprint reports everything is fine and working on their end.
So frustrated. Seems like an easy setting or fix. The dial pad is not reading something from an encrypted file?
Sorry for the ignorant language. I am very new at all this. Any ideas?

crk53 said:
I have a sprint M9, twrp recovery, rooted, and flashed Viperone ROM.
Everything was working great.
Because of work email needs and the need for Microsoft Exchange, I had to encrypt the phone. So I did.
After encryption, I cannot make outbound calls. I receive calls. Just cannot dial them. Seems like the problem is with the dial pad. Lets me enter the number, but when I hit "call" it just goes away. I cannot type internal phone commands like ##1234## to get information. Just disappears.
Also, I cannot send or receive text messages.
I went into TWRP to revert back to my backup. And of course no backup is there. Everything is encrypted and unreadable by TWRP. I have read a lot on these boards and thank you. I cannot find much written on this subject.
Sprint reports everything is fine and working on their end.
So frustrated. Seems like an easy setting or fix. The dial pad is not reading something from an encrypted file?
Sorry for the ignorant language. I am very new at all this. Any ideas?
Click to expand...
Click to collapse
Hi
I know this is late on this thread, but I was wondering if and or how you resolved your dilemma? I'm considering encrypting my HTC m9 on 6.0

DGL2033 said:
Hi
I know this is late on this thread, but I was wondering if and or how you resolved your dilemma? I'm considering encrypting my HTC m9 on 6.0
Click to expand...
Click to collapse
HTC uses proprietary (non-AOSP) encryption. As a result, TWRP won't be able to decrypt your phone if you have encrypted it on a stock or stock-based ROM.
In theory, TWRP can decrypt when encryption is performed with an AOSP ROM (CyanogenMod, CandySiX, et cetera). Unfortunately, encryption - though functional - doesn't behave as expected even on these ROMs. Your phone will indeed be encrypted successfully, but some ROMs (CyanogenMod) won't re-boot after encryption and other ROMs will boot (CandySiX) but still not be decrypted by TWRP.
TLDR: If you want encryption, go for it but know that you're locked into that choice.

computerslayer said:
HTC uses proprietary (non-AOSP) encryption. As a result, TWRP won't be able to decrypt your phone if you have encrypted it on a stock or stock-based ROM.
In theory, TWRP can decrypt when encryption is performed with an AOSP ROM (CyanogenMod, CandySiX, et cetera). Unfortunately, encryption - though functional - doesn't behave as expected even on these ROMs. Your phone will indeed be encrypted successfully, but some ROMs (CyanogenMod) won't re-boot after encryption and other ROMs will boot (CandySiX) but still not be decrypted by TWRP.
TLDR: If you want encryption, go for it but know that you're locked into that choice.
Click to expand...
Click to collapse
Hey, thanks for the quick, informative reply. I may just hold off for now, as I'm likely to root after warranty is up. But,FYI, From what I read in the HTC user guide, I could undo the HTC encryption with a factory reset, which I would probably do when they stop updating, and I move to CM or other ROM at that point. I appreciate the advice greatly, as it sounds like personal experience, or you're well informed on the subject, or both.

DGL2033 said:
Hey, thanks for the quick, informative reply. I may just hold off for now, as I'm likely to root after warranty is up. But,FYI, From what I read in the HTC user guide, I could undo the HTC encryption with a factory reset, which I would probably do when they stop updating, and I move to CM or other ROM at that point. I appreciate the advice greatly, as it sounds like personal experience, or you're well informed on the subject, or both.
Click to expand...
Click to collapse
My pleasure!
To confirm, yes you can absolutely remove encryption via factory reset.

On my U11 (Oreo 8.0/currently stuck on ViperU2.1 as nothing else seems to boot) I can't seem to decrypt my device (its lagging a bit due to encryption I believe.)
It won't allow me to decrypt in Settings, nor will it decrypt on a hard reset, nor allow me to change it after a hard reset. And reflashing Viper still has phone encrypted.
Any tips?

Is my phone currently encrypted? [Pure Nexus ROM]

I have a Nexus 5x that I rooted. For a brief time, whenever I booted into TWRP, it would ask for my pin to decrypt the phone and access data. Now however, it does not. Under security settings, it still says the phone is encrypted. I'm not sure if it's still encrypted or not at this point, and I'm not sure what I might have done to disable the encryption. I used to have to enter a pin when I turn it on before it fully boots, like it wouldn't even get to my proper lock screen before I entered it. Now it'll boot to my lock screen, but if I try to use my finger print scanner to unlock it, it'll prompt me for my pin the first time.
Any advice on finding out if it's truly encrypted or not, and if not, how to renable the encryption? If there's any other info needed please let me know.
EDIT: Issue was solved by turning off Taskers accessibility service.

Boot into twrp. Does it ask for your pin? If so, encrypted. If not, unencrypted.
My phone is unencrypted and requires me to enter my password at the lockscreen on a cold boot. In pretty sure that is expected behavior.
Sent from my Nexus 5X using Tapatalk

PiousInquisitor said:
Boot into twrp. Does it ask for your pin? If so, encrypted. If not, unencrypted.
My phone is unencrypted and requires me to enter my password at the lockscreen on a cold boot. In pretty sure that is expected behavior.
Sent from my Nexus 5X using Tapatalk
Click to expand...
Click to collapse
It doesn't ask for my pin... but it does say it's encrypted under the security settings. How do I go about reactivating encryption this case? Any ideas? Thanks for the reply.

Flashing the stock boot image will then encrypt data on next boot.But I have no idea if your rom works with stock kernel.
Search your rom's thread

PiousInquisitor said:
Boot into twrp. Does it ask for your pin? If so, encrypted. If not, unencrypted.
My phone is unencrypted and requires me to enter my password at the lockscreen on a cold boot. In pretty sure that is expected behavior.
Sent from my Nexus 5X using Tapatalk
Click to expand...
Click to collapse
So the phone showing a status of "Encrypted" inside android security is inaccurate if we're on the PureNexus ROM?

IamFuzzles said:
I have a Nexus 5x that I rooted. For a brief time, whenever I booted into TWRP, it would ask for my pin to decrypt the phone and access data. Now however, it does not. Under security settings, it still says the phone is encrypted. I'm not sure if it's still encrypted or not at this point, and I'm not sure what I might have done to disable the encryption. I used to have to enter a pin when I turn it on before it fully boots, like it wouldn't even get to my proper lock screen before I entered it. Now it'll boot to my lock screen, but if I try to use my finger print scanner to unlock it, it'll prompt me for my pin the first time.
Any advice on finding out if it's truly encrypted or not, and if not, how to renable the encryption? If there's any other info needed please let me know.
Click to expand...
Click to collapse
I would guess that you are encrypted with the default password. If you change the password, TWRP would probably ask you for a PIN/password.

So I looked into it some more, and it seems that because I granted Tasker accessibility access, it prevented proper encryption. Turning off Taskers accessibility access fixed the issue. Thanks for the help all.

Questions about encryption of an unlocked OP3

Hey Guys,
When I got my OP3 I unlocked the bootloader right away and installed FreedomOS to get rid of the bloatware. As this is my first device, which comes with a locked bootloader and decryption, I have some questions about this topic. I was wondering that the encryption does not make any sense when you unlock your bootloader, because if somebody steals your phone, he can just enter twrp and access all your data. Then I flashed CM and after that TWRP was asking me to set a pin or pattern to lock my phone. Now I've to unlock my phone every time I want to enter the recovery or boot the system with a pattern, which is great, because now the encryption is not worthless anymore. Now I'm asking myself if this feature is somehow integrated into CM or was it just random that I found this feature? Is there any way to get this also with OOS installed? What things do I have to note to not accidentally make my phone unencryptable with the pattern? Is this even possible, maybe by flashing a new recovery or so?
Thanks in advance

Gerrit507 said:
Hey Guys,
When I got my OP3 I unlocked the bootloader right away and installed FreedomOS to get rid of the bloatware. As this is my first device, which comes with a locked bootloader and decryption, I have some questions about this topic. I was wondering that the encryption does not make any sense when you unlock your bootloader, because if somebody steals your phone, he can just enter twrp and access all your data. Then I flashed CM and after that TWRP was asking me to set a pin or pattern to lock my phone. Now I've to unlock my phone every time I want to enter the recovery or boot the system with a pattern, which is great, because now the encryption is not worthless anymore. Now I'm asking myself if this feature is somehow integrated into CM or was it just random that I found this feature? Is there any way to get this also with OOS installed? What things do I have to note to not accidentally make my phone unencryptable with the pattern? Is this even possible, maybe by flashing a new recovery or so?
Thanks in advance
Click to expand...
Click to collapse
If your phone is encrypted, TWRP has to prompt you to decrypt the /data partition before it can be mounted. This isn't a CM feature, it should act like this with any ROM if phone encryption is enabled. I've flashed most every rom and version of twrp in this forum and they all seem to work fine with the encryption enabled. I have not flashed multiboot yet as that requires your phone to be completely unencrypted. Not sure if that answers your question.
If security is your concern though, I would recommend switching to a passphrase instead of pattern for encryption unless your pattern is very long and complex. I recommend a passphrase of at least 16 characters.

kennonk said:
If your phone is encrypted, TWRP has to prompt you to decrypt the /data partition before it can be mounted. This isn't a CM feature, it should act like this with any ROM if phone encryption is enabled. I've flashed most every rom and version of twrp in this forum and they all seem to work fine with the encryption enabled. I have not flashed multiboot yet as that requires your phone to be completely unencrypted. Not sure if that answers your question.
If security is your concern though, I would recommend switching to a passphrase instead of pattern for encryption unless your pattern is very long and complex. I recommend a passphrase of at least 16 characters.
Click to expand...
Click to collapse
Ok I see, than I was getting something wrong there, thank you. The thing is FreedomOS stated that the phone is encrypted but I was never asked for the pattern by TWRP...

Gerrit507 said:
Ok I see, than I was getting something wrong there, thank you. The thing is FreedomOS stated that the phone is encrypted but I was never asked for the pattern by TWRP...
Click to expand...
Click to collapse
When you first booted up your stock phone and went through setup it asks if you want to secure the phone using pin/pattern/passphrase. I think that is where it is created then that key is written somewhere, not on the data or system partitions because is persists between wipes, and that is where TWRP and all future roms are authenticating you.

kennonk said:
When you first booted up your stock phone and went through setup it asks if you want to secure the phone using pin/pattern/passphrase. I think that is where it is created then that key is written somewhere, not on the data or system partitions because is persists between wipes, and that is where TWRP and all future roms are authenticating you.
Click to expand...
Click to collapse
Ok, I can not remember this... Then I guess the phone just stated it was encrypted and wasn't... And how can I change this pattern or unencrypt the phone?

Gerrit507 said:
Ok, I can not remember this... Then I guess the phone just stated it was encrypted and wasn't... And how can I change this pattern or unencrypt the phone?
Click to expand...
Click to collapse
Here is how to decrypt without losing data. http://forum.xda-developers.com/oneplus-3/how-to/unencrypt-oxygenos-loosing-data-t3412228
There is another article I think I saw it on the OnePlus forums about how to decrypt and wipe which will let you change the passphrase I think.
Basically if you decrypt, then flash Oxygen or Hydrogen without SuperSU it will force you to re-encrypt. At least that is my understanding as I haven't decrypted yet.
Good luck

kennonk said:
Here is how to decrypt without losing data. http://forum.xda-developers.com/oneplus-3/how-to/unencrypt-oxygenos-loosing-data-t3412228
There is another article I think I saw it on the OnePlus forums about how to decrypt and wipe which will let you change the passphrase I think.
Basically if you decrypt, then flash Oxygen or Hydrogen without SuperSU it will force you to re-encrypt. At least that is my understanding as I haven't decrypted yet.
Good luck
Click to expand...
Click to collapse
As far as I understood it, it's all about wiping userdata, which I did before flashing Freedom OS. This might explain why I had no encryption... Still strange that it did not prompt me again to set a new one...
edit: FreedomOS has supersu, but systemless... I also flashed supersu right after CM which is even more strange...

Gerrit507 said:
As far as I understood it, it's all about wiping userdata, which I did before flashing Freedom OS. This might explain why I had no encryption... Still strange that it did not prompt me again to set a new one...
Click to expand...
Click to collapse
Yeah I have wiped userdata and system and clean reflashed like 20-30 times in the last few weeks and I've never been prompted to recreate the initial passphrase I set for encryption.

kennonk said:
Yeah I have wiped userdata and system and clean reflashed like 20-30 times in the last few weeks and I've never been prompted to recreate the initial passphrase I set for encryption.
Click to expand...
Click to collapse
But I never had to decrypt in TWRP... It's mysterious As far as I understand the guide he just wipes userdata and the encryption is gone... Is there somebody who knows for sure where the key is located actually?
edit: Seems like the encryption key is coupled to your password
When a user elects to change or remove their password in settings, the UI sends the command cryptfs changepw to vold, and vold re-encrypts the disk master key with the new password.
Click to expand...
Click to collapse
https://source.android.com/security/encryption/
I can confirm that. I changed my pattern and unlocked the phone with it at booting.
If I remove my password it still says "encrypted" in security but I don't have to enter any pattern at boot.

Mine says "Encrypted" under Settings > Security & Fingerprint > Encryption but I can boot into TWRP and browse the entire file system without ever entering my pin code.

dcdruck1117 said:
Mine says "Encrypted" under Settings > Security & Fingerprint > Encryption but I can boot into TWRP and browse the entire file system without ever entering my pin code.
Click to expand...
Click to collapse
Sounds like you have the same issue like I had. It seems to me like an issue in OOS.

This is awesome. I thought rooting and unlocking the bootloader to install custom ROMs would need the phone to be decrypted -- great, great news!
So without knowing the passphrase a possible attacker can't get to the data even when the bootloader is unlocked and OS rooted?

kanttii said:
This is awesome. I thought rooting and unlocking the bootloader to install custom ROMs would need the phone to be decrypted -- great, great news!
So without knowing the passphrase a possible attacker can't get to the data even when the bootloader is unlocked and OS rooted?
Click to expand...
Click to collapse
Yes, all your data is being decrypted after your enter the passphrase.

Does anyone have any idea how I can encrypt my phone if it already says Settings > Security & fingerprint > Encryption > Encrypt phone = "Encrypted"? It's clearly not actually encrypted because I do not have to enter any pin to boot or read data in TWRP.

dcdruck1117 said:
Does anyone have any idea how I can encrypt my phone if it already says Settings > Security & fingerprint > Encryption > Encrypt phone = "Encrypted"? It's clearly not actually encrypted because I do not have to enter any pin to boot or read data in TWRP.
Click to expand...
Click to collapse
Go to lock screen settings and set it up again. You will be prompted if you want to enter pin every reboot.

proag said:
Go to lock screen settings and set it up again. You will be prompted if you want to enter pin every reboot.
Click to expand...
Click to collapse
Hey, thanks! The "require PIN to start device" screen doesn't make any mention of encryption, so I was under the impression that it was far more basic and wasn't at all related to encryption. I tried it though and now TWRP does ask me to decrypt my data partition, so it does work. Thanks for the assist!

been following this thread and i had a quick questions - so it looks like if you unlock BL and run a custom ROM, you can still have the security of encryption, but does this ONLY apply to the USERDATA partition?
for example, could someone launch TWRP recovery on your phone and flash something into the SYSTEM partition without ever touching your userdata partition (ie, a keylogger or malware)?

It seems to me that only the data partition is encrypted, but someone correct me if I'm wrong. I looked at the Android full disk encryption page and I only see mentions of the data partition.

dcdruck1117 said:
It seems to me that only the data partition is encrypted, but someone correct me if I'm wrong. I looked at the Android full disk encryption page and I only see mentions of the data partition.
Click to expand...
Click to collapse
so system is never encrypted? i guess at that point the stock recovery stops you from flashing malware but \TWRP wont

dcdruck1117 said:
It seems to me that only the data partition is encrypted, but someone correct me if I'm wrong. I looked at the Android full disk encryption page and I only see mentions of the data partition.
Click to expand...
Click to collapse
Your internal storage is mounted into your data partition actually. I think this means it's also encrypted.
2x4 said:
so system is never encrypted? i guess at that point the stock recovery stops you from flashing malware but \TWRP wont
Click to expand...
Click to collapse
I see no reason behind encrypting system, it's used read-only anyway as long as you don't flash something to it.
edit: Ah I see now what you mean. But if you have stock recovery you can also simply flash twrp over it or flash something to system via adb... I don't know if it would even be possible technically to encrypt system. Anyway I think the only solution would be to lock the bootloader I think. I don't know what actually happens if you lock your bootloader again while on twrp and custom rom, might brick your device

Encrypted M9, Lineage updates

I had issues in the past with encrypting my M8, was using clockworkmod and Cyanogen, and could not process updates without fully wiping.
Ultimately I accepted this because I cannot live with having the phone not encrypted.
I now have a new M9, Running TWRP and Lineage 14.
All is working beautifully, no complaints, however I would like to encrypt the phone so I started doing research if this new setup would have issues.
Seems there is mixed advice on different device models having various issues with encrypted images and TWRP not being able to properly update automatically or manually.
Anyone have an M9, encrypted, TWRP and the latest Lineage.
If so known working versions of TWRP to use or avoid? Any required firmware levels, OS build dates, etc?
Just looking for yes, I am doing it and it works on x+y+x configuration, or No, this is going to end in misery.
Not instructions per se unless there are some specific points that lead to a definitive success / failure.
any advice appreciated.

Hi, I have super inactive on the forum for a very long and I signed in for the first time in a few years to answer this.
I also ran into an issue with encryption and lineage os. I found an answer online that I can confirm worked for me.
I am running the latest nightly (Nov 7) and have no issues with installing updates through the settings menu. I am not sure which time version of twrp I am on at the moment and I can't check right now.
I also have a himaul. As Markus said, the last CM13 was able to encrypt properly. That gives us a time-consuming workaround:
Do a fresh install of cm-13.0-20161218-NIGHTLY-himaul. (I got it from https://archive.org/download/cmarchive_nighlies )
Set a PIN and encrypt the phone normally through settings. (I did not try a password or pattern.)
twrp should be able to decrypt properly. Perform the default (i.e., rm -rf, non-formatting) wipe.
adb sideload lineage-14.1-20170516-nightly-himaul-signed
LOS will boot to the standard decryption prompt and should succeed with the PIN from step 2.
LOS will not have a screen lock enabled. I set the same PIN from step 2 and was able to decrypt with it on the next boot. I changed my PIN to another value and was able to decrypt with the new PIN on the next boot.
If you do not set a PIN in step 2, you will still get a PIN prompt in step 5, but there will be no correct answer and you'll have to start over.
This procedure gave me a himaul running the latest LOS nightly that believes it is properly encrypted. I uploaded a logcat from the CM13 encryption run that succeeded as encryption.cm13.log
Click to expand...
Click to collapse
Source https://jira.lineageos.org/plugins/servlet/mobile#issue/BUGBASH-457 (click to view older comments)
I was able to change the decryption pin (using "cryptfs" from the play store) to a password required upon boot and and I was able to set a pattern lock to unlock the screen.
Edit: To clarify, I ran into a boot loop issue upon trying to encrypt the phone with lineage installed. I can use the automatic updating without issues(so far)

Thank you very much for the input!
I am on the newest twrp-3.1.1-0-hima, and the latest nightly lineage (11/7) as well.
No play store, no google app anything, just a basic subset of productivity tools, and blazing fast performance.
Trying to decide if I want to chance this, this weekend, I will report back for posterity success/fail or at least if I chicken out.
This M9 is running amazingly smooth as is, I hate to toast it, but that's how we learn and the price we pay for not being charged by ATT to be their product
Thanks again for the input, and still would love to hear other's success/fail stories if theyhave them.

Well, to anyone that wants to go there, I can tell you that if you just tell the phone to encrypt, it will not complain, however when it is complete, you will never see the OS again....
Had to reload from scratch, and restore everything I backed up before hand. I did not have time to go back and try alternative ways or methods, maybe next weekend...

The solution I linked worked for me personally, its unfortunate that you couldn't get it to work. Did you do the correct type of wiping ? There is one that deletes the files but leave encryption in tact while the other type is formatting which removes encryption. Also did you give your phone some time to rebuild the dalvik/art cache after installing lineage os?