Advantages/disadvantages of encrypting phone

Hi,

If I have my phone secured with an 8 digit pin, is there added security from encrypting? Like if the phone is stolen?

From normal operation, if encrypted, when you unlock and the phone decrypts, the data can still leak between apps and ultimately online.

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

Hi,

Yes : if thieves can’t unlock the phone, they have no choice except rebooting (TWRP for example).
Then, they can’t get access to your data.
This is fortunate, because they can include some poor obfuscated passwords (like your email’s).

BUT : you should keep USB debug deactivated (easy backdoor), and keep USB doing nothing when plugged.

Can you elaborate, please ?

Thanks for the comprehensive answer, and the tip for USB debug.

But, for those dodgy clever people who can get the data out of locked phones, can’t they see your pin code, which is stored on the phone, and if so, they have the key to decrypt.

With regard data leaking between apps,I have been corresponding with Konrad, the writer of TrackerControl and he says this " This is correct, and a disappointing limitation of Android.

Apps can exchange information with other apps, and thereby circumvent
the permission system. "

There is very little downside to keeping your phone not encrypted.
AOSP mandates encryption by default for a good reason.

I strongly recommend encrypting your phone.

If not encrypted it is absolutely trivial for anyone to access all of your files.
It takes less than 30 seconds to remove the PIN/password from a phone with no encryption.

Even with encryption with an unlocked bootloader it is possible for a more skilled attacker to replace your system image with one that will record or send off your data.
As any system image can be flashed.

This is why verifying recovery + locked bootloader + verified boot + encryption is so absolutely critical.
Without all four anyone with access to your phone can get all your data in minutes.

@smu44
Keeping ADB enabled has little value for recovery purposes as in a -user system it only works when the device is unlocked, USB file transfer is enabled and the user has confirmed the host keys. And even then in -user you wouldn’t have root for anything.
ADB has no say in whether or not to encrypt or can aid in anyway.

That’s not that simple :wink:
As far as I could understand, your pin code (let’s say “password”) is used to validate against a keystore entry, which contains the key to decrypt the ext filesystem.
For the reference, here is a part of TWRP decrypt code : android_bootable_recovery/Decrypt.cpp at android-10.0 · TeamWin/android_bootable_recovery · GitHub. You can see it’s far from simple.
Ok, some well-known secret services could achieve with the decryption. But if this is your concern you should not use an AOSP-based device :wink:
One more thing : deleting the locksettings.db file on an encrypted device will not allow access to the data, it will simply prohibit any future access to them (it happened to me …).

About Konrad statement : I agree with that, but I think it’s not relevant to the encryption subject.
Encrypting your phone is a comprehensive security measure for data storage, not related to programs interoperability.
In other words : yes the programs can exchange data (copy/paste is the simplest form), but not directly read other’s storage.
Encryption is made to protect the whole data storage from “external” (read : offline) raw reading.

I find these kinds of topics most interesting.

I used to know some very interesting people in my home country. They would never give up and found ingenious ways to hack domestic electrical equipment, to get it to do what they wanted, removing and reading chips, writing their own software etc.

Didn’t matter what the hardware manufacturer or service provider did, they found a way round it!

I am waiting for my phone to charge, so I can run the encryption.

I wonder why encryption isn’t on by default, with the option to opt out.

2 Likes