ITandME blog


Full disk encryption with Android

In an effort to balance higher security with a constantly accessed device, I've derived the following solution for Android smartphone users.

Based on documentation I found online the default password for Androids full device and SD drive encryption setup is whatever the current screenlock pin. For screenlock a numeric PIN helps provide basic security for a device while remaining fairly easy to use. The draw back to PINs is they are not full blown passwords, often being limited to only a few characters. This is not ideal for true data protection, so I've derived the following method tested on Android 5.

0. If device is currently encrypted but you want to change to a different password, you will need to decrypt the device before proceeding. This may take some time, so plug it in and leave it alone.

1. After decryption completes (if needed), go ahead and reset your current PIN to an actual password/passphrase under your ScreenLock settings. This will allow for creating a strong alpha-numeric pass.
2. Under Security, re-encypt your phone using this strong pass. I'd recommend full device, but there is a faster option as well if you are willing to sacrifice some security. (Note: If most data is on a storage device like an SD, even full device encryption shouldn't take more than a few minutes depending on internal storage levels)

3. Once encryption is complete, you should be brought to your device login. Login with new pass in order to get into your phone. Once inside you can change your screenlock password back to something more simple like a numeric PIN. This will not effect your encryption password, which will still need to be keyed in each time you reboot your phone.

That's it. Your phone is now set with a heavy encryption password, yet a simpler screenlock PIN. Decryption still works if you ever need to change it again, only you use your current screenlock password to decrypt when already logged into the device.
Note: I'd advise encrypting your SD/SIM as well with the stronger password. It follows the same general process.

HOME