With data breaches, leaks and hacks occurring on a regular basis, users are paying more and more attention to online security and encryption technology. However, someone gaining physical access to your device is an often-overlooked avenue of attack. To protect against this, we’ll show you how to encrypt Android devices and keep your apps, accounts and personal data safe.
How to Enable Encryption on Android
Enabling device encryption on your Android device is a very straightforward process, and many phones even have it enabled right out of the box. In order to complete the encryption process, your phone must be unrooted (we’ll discuss this more later), plugged in and have at least 80 percent battery remaining.
If the process is interrupted for any reason, you’re likely to lose access to all the data on your device. Thus, it’s advisable to run a full backup first, just to be safe. The best way to go about backing up your data is by using an online backup service app, so head over to our best online backup for mobile guide if you don’t already have one.
Although a dedicated backup service is always your best bet, there is also a built-in backup feature in Android itself. While not as good as, say, IDrive (read our IDrive review), which is our top pick for mobile backup services, it’s still good enough for a one-time job, so head over to our guide on how to backup Android to learn all about it.
The device encryption process varies slightly depending on what version of Android you have, so follow the relevant steps below for your Android version. It may also vary depending on what company built your device, as different OEMs (original equipment manufacturers) sometimes have different menu options.
If you’re not sure what version of Android is running on your phone, you can easily check this by entering the settings, tapping “about phone” and scrolling down to the section labelled “Android version,” where you should see the version number.
Encrypting Android 4.4 and Lower
If your device is running Android 2.3 (Gingerbread), then your best bet for accessing the encryption feature is by signing up for Microsoft Exchange and encrypting your device that way. Alternatively, if your phone is a Samsung Galaxy S, S2 or S Plus, you can download an app to enable encryption without the need for an Exchange account.
For Android 3.0 (Honeycomb) and up, the process is significantly easier. You first need to enable the lock screen, which you can find by entering the settings and then selecting “security.” From here, tap “screen lock” and choose your preferred method of authentication.
Once the lock screen is set up, you can return to the security settings and tap “encrypt phone.” You’ll be given an initial warning, followed by a prompt for your method of authentication (for example, your PIN).
After dismissing the second warning, your device will begin the encryption process. This should take about an hour and the process cannot be interrupted, so make sure to leave the device alone until it’s finished. Once complete, the device will reboot, and all your data should now be encrypted and protected from potential theft.
How to Encrypt Android 4.4 And Lower
- Open the Android settings from the apps menu
- Tap “security”
- If no lock screen is set, tap “screen lock”
- Choose your preferred method of authentication (slide, pattern, PIN or password)
- Return to security settings
- Tap “encrypt phone”
- Dismiss the first warning
- Enter your PIN or password
- Dismiss the second warning
- Wait for your phone to be encrypted
Encrypting Android 5.0 and Higher
If your Android device is running version 5.0 and higher, chances are encryption is already enabled by default. If it’s not, the steps to enable it are once again fairly straightforward. The exact names of the menus can vary a bit depending on your phone’s manufacturer, but overall there shouldn’t be too much of a difference.
Start by entering the Android settings and navigate to the “security” menu (sometimes called “security & location”). From here, you might already see an entry to encrypt your phone. If not, look for a menu called “encryption & credentials,” where you’ll find the aforementioned setting.
If your phone is already encrypted by default, it will say so here, and if so, your work is done and you can disregard the rest of the steps. On the other hand, if it’s not encrypted, proceed by tapping the “encrypt phone” setting, at which point you’ll be presented with two separate warnings covering all the precautions mentioned earlier in this article.
Once you’ve tapped through these warnings, your phone will begin the encryption process. This should take about an hour to finish, so simply put your phone down and leave it alone until the process is complete. This is important, as any interruption can result in the complete loss of all your data, with no way to recover it, as it will have been already partially encrypted.
Although Android 5.0 and up does not require users to turn on a lock screen to enable device encryption, it’s still highly recommended that you do so anyway, as an encrypted phone without some form of authentication is not really protected at all.
How to Encrypt Android 5.0 and Above
- Enter the Android settings
- Tap “security” or “security & location”
- Select “encryption & credentials” and/or “encrypt phone”
- Dismiss the warnings
- Wait for your phone to be encrypted
What Happens When You Encrypt Your Phone
In basic terms, encryption is a process that uses a key to “scramble” a user’s data, making it unreadable to anyone without the key to “unscramble” it again.
Obviously there’s a lot more to it behind the scenes, with different forms of encryption performing the intended task in different ways. For a more in-depth look at encryption technology, in general, check out our description of encryption.
Devices running Android 6.0.1 (Marshmallow) and earlier use full-disk encryption based on dm-crypt and are protected by an AES 128-bit key. Because nothing on the disk can be read without authentication, no apps will be able to perform their tasks if your device has rebooted and you haven’t yet entered your password.
For the most part, this isn’t a huge problem. However, in the case of an unexpected reboot, some apps, such as alarms and reminders, will not go off until users authenticate themselves.
Encryption Changes in Android 7.0
This problem was solved with Android 7.0 (Nougat), which changed the encryption process to a file-based one and introduced “direct boot,” allowing certain apps (such as alarms) to operate in a limited capacity, even without signing into the device with your password or PIN. The new file-based encryption also upped the key size to AES 256-bit, greatly improving security.
With either method, encryption is one-way, which means that once you’ve completed the process and encrypted your device, there’s no way to turn it off again without performing a complete factory reset on the encrypted device.
Furthermore, you may experience a slight hit to performance — especially if your device is old — as all the files on your phone must be decrypted in real time as you attempt to access them. However, for newer and more powerful devices, this should barely be noticeable, as they should be more than capable of performing the extra computations.
If your device is rooted — meaning you’ve gained full admin access (or root access) to the Android subsystems — it can’t be encrypted straight away. Rather, you’ll first have to unroot your device and then enable encryption before subsequently rooting it again.
This is incredibly important to bear in mind, as attempting to encrypt a rooted device can have catastrophic consequences for any data you haven’t backed up.
Can I Encrypt My Android Phone?
Encryption was added to Android phones all the way back in version 2.3 (Gingerbread), which was released in 2010. That said, the setting was not easily accessible without some hacks before version 3.0 (Honeycomb) on tablets and version 4.0 (Ice Cream Sandwich) on smartphones, both released in 2011.
Thus, unless you’re running a version of Android from almost a decade ago, you should be able to easily encrypt your device and ensure that your personal data is protected. On the other hand, if you’re still using a device running Android 2.3, the process becomes significantly more complicated, requiring third-party applications and accounts.
There you have it, everything you need to know about encrypting your Android phone or tablet. For new devices, chances are device encryption is already enabled, but if not, it’s one of the biggest steps users can take toward ensuring they’re protected if their device is stolen or lost.
As a final warning, make sure that you take the recommended precautions before starting the encryption process. Backup your sensitive data using the best cloud storage for Android, such as Sync.com, which is an excellent choice (read our Sync.com review).
You also need to ensure that the device isn’t rooted, and take care to leave it alone and plugged in until it’s finished encrypting. Failure to follow these precautions can result in the loss of all your data, with no way to recover it again.
Subscribe to our monthly newsletter for updates on reviews, articles and investigations.
What do you think of our guide? Did you find it easy to follow, or were any of our steps unclear? Perhaps you ran into some error or problem not covered in this guide? Let us know in the comments below, and check out our guide on how to encrypt text messages, too. Thank you for reading.
Let us know if you liked the post. That’s the only way we can improve.
Google introduced full-device encryption back in Android Gingerbread (2.3.x), but it has undergone some dramatic changes since then. On some higher-end handsets running Lollipop (5.x) and higher, it’s enabled out-of-the-box, while on some older or lower-end devices, you have to turn it on yourself.
Why You Might Want to Encrypt Your Phone
Encryption stores your phone’s data in an unreadable, seemingly scrambled form. (To actually perform the low-level encryption functions, Android uses dm-crypt, which is the standard disk encryption system in the Linux kernel. It’s the same technology used by a variety of Linux distributions.) When you enter your PIN, password, or pattern on the lock screen, your phone decrypts the data, making it understandable. If someone doesn’t know the encryption PIN or password, they can’t access your data. (On Android 5.1 and above, encryption doesn’t require a PIN or password, but it’s highly recommended since not having one would reduce the effectiveness of the encryption.)
Encryption protects the sensitive data on your phone. For example, corporations with sensitive business data on company phones will want to use encryption (with a secured lock screen) to help protect that data from corporate espionage. An attacker won’t be able to access the data without the encryption key, although there are more advanced cracking methods that make it a possibility.
If you’re an average user, you may think you don’t have sensitive data on your phone, but you probably do. If your phone is stolen, that thief now has access to your email inbox, your home address, and any number of other pieces of personal information. Granted, most thieves would also be deterred from accessing your data by a standard unlock code—encrypted or not. And, most thieves are more interested in wiping and selling the phone than accessing your personal data. But, it never hurts to keep that stuff protected.
Things to Consider Before Enabling Encryption
Most newer Android phones ship with encryption already turned on by default. If this is the case for your phone, there is no way to disable encryption. But if you’re using a device that doesn’t have encryption enabled out of the box, there are some things to consider before enabling it:
- Slower Performance: Once a device is encrypted, the data has to be decrypted on-the-fly every time you access it. Therefore, you may see a bit of a performance drop once it’s enabled, though it’s generally not noticeable for most users (especially if you have a powerful phone).
- Encryption is one-way: If you enable encryption yourself, the only way to undo the process is by factory resetting the device and starting over from scratch. So make sure you’re sure before you start the process.
- If you’re rooted, you’ll need to temporarily unroot: If you try to encrypt a rooted phone, you’ll run into problems. You can encrypt your rooted phone, but you’ll have to unroot it first, go through the encryption process, then re-root afteward.
These aren’t meant to deter you from encrypting your phone-—just to give you an idea of what caveats it comes with. For most people, we think the added protection is well worth it.
How to Enable Encryption in Android
Before you get started, there are a few things worth noting:
- Encrypting the device can take an hour or longer.
- Your device’s battery must be at least 80% charged. Android won’t even start the process otherwise.
- Your device must be plugged in throughout the entire process.
- Again, if you’re rooted, be sure to unroot your phone before continuing!
Basically, make sure you’ve got plenty of time and battery before you start the process. If you interfere with the process or end it before it’s finished, you will likely lose all your data. Once the process is started, it’s best to just leave the device alone and let it do its thing.
With all the caveats out of the way, you’re ready to encrypt your device.
Start by heading into the Settings menu and tapping on “Security,” again keeping in mind that the wording may be slightly different. If your device is already encrypted, it will show up here. Some devices will also allow SD card contents to be encrypted, but by default Android just encrypts on-board storage.
If the device isn’t encrypted, you can start the process by tapping the “Encrypt phone” option.
The next screen will present a warning to let you know what to expect once the process is finished, most of which we’ve already talked about in this article. If you’re ready to proceed, hit the “Encrypt phone” button.
One more warning will present itself (seriously, they want to make sure you know what’s happening here), which tells you not to interrupt the process. If you’re still not scared away, one more tap of the “Encrypt phone” button will do the trick.
The phone will then reboot and start the encryption process. A progress bar and estimated time till completion will show up, which should at least provide an idea of how long you’ll be without your beloved handset. Just wait, it’ll all be okay soon. You can do this. You’re strong.
Once it’s finished, the phone will reboot and you’re back in business. If you set up a lock screen password, PIN, or pattern, you’ll have to put it in now so the device will finish the boot process.
If you haven’t set up a PIN or password, now is a good time to do so. Head into your device’s Settings > Security menu. From there, select the “Screen Lock” option (keep in mind that the wording may be slightly different for non-stock Android handsets, like Samsung Galaxy devices).
Choose Pattern, PIN, or Password to set your security.
You’ll be asked if you want to require the PIN, password, or pattern at startup. This is up to you, but we recommend choosing yes, since this increases the security of your device.
Note that even with a fingerprint reader, you can’t use a fingerprint to unlock a device on first boot—you’ll have to put in the password, PIN, or pattern. After the device has been decrypted with the correct security unlocking method, the fingerprint reader can be used to unlock the screen moving forward.
From now on, your device will be encrypted, but if you ever want to disable it, you can do so by performing a factory reset. If you have a newer device that has encryption enabled out of the box, there’s no way to remove said encryption—not even with a factory reset.
You may not think much about encryption day to day, but it’s the reason the FBI can't easily get at the data on the iPhones that come into its possession; it also means if someone steals your phone, they won't be able to get anything off it without the PIN code.
In terms of individual apps, it stops anyone from snooping on your WhatsApp and Signal conversations when they’re in transit from one device to the other—and that includes anyone who works at WhatsApp or the Signal Foundation. In short, it makes it much, much harder for anyone to get at your photos, messages, documents, and everything else you've got stored on your phone. Here’s how to make sure it’s working for you.
It was the 2014 release of iOS 8 that encrypted every iPhone back to the 4S by default. Much to the chagrin of various law enforcement agencies, that encryption has only gotten tougher over time.
Everything on an iPhone is locked down as soon as you set a PIN code, a Touch ID fingerprint, or a Face ID face—your PIN, fingerprint, or face acts as the key to unlock the encryption, which is why you're able to read your messages and view your files as soon as your phone is unlocked.
This is also why you should never leave your phone lying around unlocked if you value the data on it. You can configure the screen lock on your iPhone by going to Face ID & Passcode—or Touch ID & Passcode—on the iOS Settings menu. If you go the PIN route, use at least a six-digit alphanumeric code. Anything shorter, or using numbers only, is too easy for forensic devices to brute-force.
Encryption extends to backups of your iPhone made through Apple's own software too, whether that's on the web in iCloud, or in iTunes or Finder on a connected computer. (Tap your name at the top of the iOS Settings screen, then iCloud and iCloud Backup to set which one you're using.) You can choose to leave local iTunes or Finder backups unencrypted if you want, via the tick box labeled Encrypt local backup on the Summary or General tab.
However, there’s a crucial distinction between data on your iPhone and data in your iCloud backups. While the latter are encrypted and thus protected against hackers, Apple does hold its own key to decrypt them and will pass the data on to law enforcement if forced to. Apple will also use it to help you regain access to your backup if you lose it. If that’s a concern for you, keep your backups stored locally on a Windows or Mac laptop.
The encryption picture used to be patchy for Android, but in the past three or four years most new Android smartphones—including the popular Samsung Galaxy and Google Pixel lines—have come with encryption enabled by default. You can check this under Advanced and Encryption and Credentials in the Security page of Settings.
As with iOS, the PIN code, fingerprint, or face that you've set up to unlock your phone acts as the decryption key, unscrambling the data on your phone and allowing you to read it. From Settings in Android, pick Security then Screen lock to set this up.
Only the cheapest, low-end Android devices—usually the ones sold in developing nations—aren't encrypted, to ease the demands on the scarce system resources of those phones. That is starting to change now too, with the latest encryption protocols able to be run by even low-end devices.
If you're using Google's own cloud services (you can double-check by going to Settings, then System, Advanced, Backup), your backups are fully encrypted as well—and there's no way in through the back, as there is with Apple's iCloud backups. Even Google can't access your data in the cloud.
If you're using a different cloud backup service with your Android phone, you need to check whether it supports encryption for its backups and whether they're stored on the web or on a connected computer. If you can't find a satisfactory answer, or there's no sign of any encryption, you can always switch to Google's built-in option.
Messaging App Encryption
While your phone’s encryption protects the files on the device, plenty of data finds its way out into the ether. Here it's important to look out for end-to-end encryption, where data is protected while it's being transferred and when it's being stored. This type of encryption will thwart hackers, law enforcement, and the tech companies themselves from snooping on your messages. Just remember, though, that it won’t hide your data if someone manages to get access to your device itself.
In terms of security practices and comprehensiveness, Signal leads the way for end-to-end encrypted messaging apps, while iMessage and WhatsApp also offer the feature. Facebook Messenger, Telegram, and Skype also offer end-to-end encrypted conversation modes, but they're not switched on by default.
Consider cloud backups of your messages as well. We’ve already talked about how Apple can theoretically get at some of your data if it's stored in an iCloud backup, which Paul Manafort learned the hard way in court. If you're backing up WhatsApp messages to Google Drive in the cloud, it's important to note that these backups aren't encrypted when they're stored.
In other words, always check the small print for the apps and services you use. Instagram messages aren't encrypted, for example, although it's something Facebook is apparently working on. End-to-end encryption has also been promised for messages inside Gmail for years, but it isn't here yet.
Using services without end-to-end encryption doesn't mean your data is necessarily at a high risk of being exposed, and any kind of encryption is better than none. But it does mean government agencies or the app developer might be able to get at your data, if needed. As always, the fewer apps and services you're using, the better.
More Great WIRED Stories
This is how you know if your phone is protected by encryption
WHEN WE THINK of phone security, the first things that come to mind would be the likes of our PIN, lock screen, fingerprint scanners and passwords.
What you might not have considered is encryption, a method that scrambles up all your information so it doesn’t make sense to anyone except those possessing the necessary key needed to decrypt it.
In short, it prevents anyone from gaining access to your phone’s info unless they physically have your phone and know your PIN or password.
Thankfully it’s now becoming a standard feature for both your phone and services like WhatsApp and iMessage use encryption. If you’re unsure whether your device is encrypted, it’s very easy to check.
If you’re an iPhone owner, the good news is it’s enabled by default, but you can make it stronger by having a PIN or password protecting your account. Data encryption on your iPhone is tied into your PIN or password so it’s recommended you go for a 6-digit PIN instead of the weaker 4-digit option, or go for a complex password entirely.
If you want to change it, go into Settings > Touch ID & Passcode > Change Passcode to update it.
If you want to see if your device is encrypted, go into Touch ID & Passcode and scroll all the way to the bottom. Down there, it should say ‘Data protection is enabled’.
If you’re an Android user, automatic encryption will depend on the type of phone you’re using. Newer Android devices have it enabled by default thanks to the introduction of Lollipop and Marshmallow, but you should check just in case. Thankfully, it’s easy to set up if it isn’t.
Go to Settings > Security and you will see the Encrypt Phone option. If your phone is already encrypted, it will say so but if not, tap on it and follow the instructions.
Your contributions will help us continue to deliver the stories that are important to you
A word of warning: Depending on the type of smartphone you have, encryption can affect the overall speed of your phone as encrypted files take a bit longer to open up than non-encrypted.
If you do that and you want to revert to the standard, you will have to factory reset your device, which will wipe your phone clean. If you have a low- or mid-range device, it’s worth considering this first before you do anything.
Read: There’s a way to get a more accurate read of your phone’s reception >
Read: The last Video Cassette Recorder EVER is about to roll off the production line in Japan… >
To encrypt s9 how samsung
Why is my Android device showing as unencrypted in Device Insight even when it's fully updated and encrypted?
To ensure an updated and encrypted device will show as encrypted in Device Insight in the Duo Admin Panel:
- Navigate to Settings > Security > Screen Lock on your Android device.
- Enable password, PIN, or pattern to be required upon device startup.
- Note: If you have a Samsung Device, you will additionally need to enable "Secure startup":
- Navigate to Settings > Lock screen and security > Secure startup.
- Choose Require PIN when device turns on.
- Note: If you have a Samsung Device, you will additionally need to enable "Secure startup":
- Close and reopen Duo Mobile.
Encrypt your Android smartphone for paranoid-level security
For anyone who needs a mobile device with higher-than-usual security, there are a number of options. One such option is to encrypt your entire device. This means that every time you power your phone on, you'll need either a numeric pin or password to decrypt the device. An encrypted device is far more secure than an unencrypted one. When encrypted, the only way to get into the phone is with the encryption key. That means your data is going to be safe, should you lose your phone.
Unfortunately, an encrypted Android device does come with a few pitfalls:
- Performance: The performance of your device will take a slight hit. Because of that, I do not recommend encrypting older or slower devices. The Moto X is a solid candidate for encryption.
- One way: The encryption process is one way. Once encrypted, you cannot undo this. The only way to disable encryption is via factory reset.
- Time involved: The encryption process takes about an hour (or longer, depending upon how much data you have), so you'll need a fully-charged device or have that device plugged in. Also, make sure you have plenty of time to start and finish.
If, after reading those warnings, you still want to encrypt your device, let's move forward.
Note: The following steps will work with nearly all Android devices. I will demonstrate using the Verizon-branded Samsung Galaxy S4. Some device instructions may vary (depending upon the device).
Step 1: Fully charge, or plug in your phone
I cannot emphasize this enough. You must either have a full charge or the ability to plug your device in for the entire time the encryption process runs. If you don't, you run the risk of losing data.
Step 2: Back up your data
Although the Android platform makes it incredibly simple to restore data (even moving from phone to phone), that system can only go so far. You'll want to make sure you back up any important data to a cloud service or an external memory card.
Step 3: Begin the encryption
Here's how you begin the encryption:
- Open the app drawer
- Click Settings
- Tap the More tab
- Tap Security
- Tap Encrypt device
At this point, you must select the Set screen lock type. Warning: Whatever screen lock type you choose will be used for starting the device and getting past your lock screen. Should you select to use a strong password, you'll be typing that password every single time you wake up your phone. This can be a bit cumbersome -- but if you're looking for very strong security on your device, this is the way to go.
Step 4: Walk through the encryption wizard
After you tap the Set screen lock type button, you'll have to select what type of screen lock to use (Figure A).
Select the type of screen lock for encryption.
The next window will be determined by the type of encryption you select. I chose Password, so I had to enter (and confirm) a password (Figure B).
Enter a password for encryption.
As I mentioned earlier, select a strong password here, otherwise it defeats the purpose of encryption all together. Once you've confirmed your password, you'll then be informed if your phone has enough charge for the process. Even if they device is plugged in, it must have a minimum of 80% charge before the Encrypt device button will be available (Figure C).
When your phone is over 80% charged, you can tap the Encrypt device button.
Tap the Encrypt device button, and you'll be prompted for your password. Once you've done that, tap the Encrypt device button again, and step away from the phone. It will immediately restart and begin the process of encryption. Do NOT interrupt the process. Leave the phone plugged into the charger while the encryption process takes place. Once the phone prompts you for your encryption password, the process is complete.
I will say, on the Samsung Galaxy S4, the encryption completed within about 20 minutes and no noticeable hit on performance.
If you're looking to get the highest possible encryption from your Android smartphone, the built-in device encryption is solid. Just use caution when setting it up and do not forget your encryption password.
Do you use encryption on your Android device. Share your experience in the discussion thread below.
You will also like:
- Wall mount faucet undermount sink
- Mandalorian season 2 free episode
- For rent san diego
- 1994 toyota pickup side mirror
- David webb fox news wife
- Unfinished gun cabinet kits
Encrypting your Android device
- 2 minutes to read
Device encryption protects your files and folders from unauthorized access if your device is lost or stolen. It makes the data inaccessible and unreadable to people who don't have a passcode.
Before you can access school or work resources, your organization might require you to:
Follow these steps to encrypt your device. Your device may restart several times. The name and location of the encryption option will vary depending on your device manufacturer and Android version.
- Open the Settings app.
- Type security or encrypt in the search bar to find related settings.
- Tap the option to encrypt your device. Follow the onscreen instructions.
- When prompted, set a lock screen password, PIN, or other authentication method (if allowed by your organization).
- To recheck settings, open the Company Portal or Microsoft Intune app.
- Company Portal users: Select your device and tap Check device settings.
- Microsoft Intune users: You'll have to wait until the page updates, but when it does, your encryption status should change to compliant.
Enable secure startup
Secure startup protects your device by requiring a password or PIN each time the device is turned on.
The name and location of the secure startup option can vary depending on your device manufacturer and Android version.
- Open the Settings app.
- Type secure startup in the app's search bar. a. If that doesn't bring up a matching result, try searching for Strong protection.
- Tap Secure startup > Require PIN when device turns on.
- When prompted, enter your device PIN.
- If you're going through device setup/enrollment, return to the app and select CONTINUE. If you received this message outside or after enrollment:
- Company Portal app users: Open the app, select your device, and then tap Check device settings.
- Microsoft Intune app users: Open the app, wait until the screen loads, and then your encryption status should change to compliant.
Set startup passcode
Once you encrypt your device and enable secure startup, you'll be prompted to set your device PIN, password, or other authentication method (if allowed by your organization). Competing that step will satisfy the startup passcode requirement.
To set a lock screen on your device or change the type that you're currently using:
- Open the Settings app.
- Type screen lock in the app's search bar.
- Tap Screen lock type.
- Tap the screen lock type you want to use and follow the onscreen instructions to confirm.
Issue: The encryption button is disabled.
Thing to try:
- Make sure your device is fully charged and plugged in. Encryption may take a while and requires a full battery.
Issue: You see a message saying that you still need to encrypt your device.
Things to try:
Still need help? Contact your company support (check the Company Portal website for contact information), or write the Microsoft Android team.