Menu
homePhoto and video

Encrypting data on Android devices. Encryption failure problem on Android

Starting with Android 4.2, you can encrypt your entire device using the Android operating system itself. However, you do not need to purchase or install any additional applications. Everything is done using the operating system itself, and Internet access is not required for this. You can encrypt your data at any time you deem appropriate.

Android encryption

Encryption works like this: after enabling encryption, all data on the device and on the memory card will be encrypted. Of course, if someone unlocks your device, they will still have access to the data, but this will save your data if someone tries to steal the memory card or read the data without turning on the smartphone from its internal memory. He won't succeed, since the data will be encrypted.

When you turn on your smartphone, you will need to enter a password to decrypt the data. Without entering the password, the smartphone will not boot further. This is not just a PIN code, it is a key that encrypts your data.

There are some things you should know about device encryption:

  • Encryption is only possible in one direction. Once encrypted, the device cannot be decrypted. You can only reset it to factory settings, but in this case you will lose all data.
  • Encrypting the entire device slows down the smartphone. In principle, in the era of 8-core processors and with a RAM capacity of 1 GB or more, this will not cause you any trouble. On weaker devices the “braking” will be noticeable.
  • Encrypting your device will not save your data in the event that someone asks to view your smartphone, and at that moment either installs a Trojan, or simply manually sends some data of interest to their phone. Only a cryptocontainer can protect you from such cases: after all, to access the data inside the container, you will need to enter another password that the attacker does not know.

If you want to encrypt your entire device, go to Settings, Security, then click the Encrypt phone (or Encrypt tablet) button under Encryption. Then follow the instructions.

Encryption failure on a tablet is an error that can only happen on those devices where such a function was initially enabled. This useful option is used to encrypt all data stored in the gadget’s memory. The device PIN code is used as a master decryption key for tablets, which selects the OS as its source. And since no system works perfectly, without errors, you need to know if encryption fails on your tablet, what to do?

Encryption failure: what to do?

If the model that is responsible for the encryption procedure is loaded one of the very first, an error occurs. It is he who will not allow all other modules and options to make settings and load a full-fledged operating system. To solve the problem, you can try the following steps step by step:

  1. Without turning off the device, carefully remove the microSD. It is on it that the data will not be encrypted, and therefore it is they that can remain accessible. Do not press Reset. This is the worst thing a user can do for their tablet. Otherwise (if the button was pressed anyway), you can say goodbye to all the data stored in the /data directory, as well as in the /sdcard folder.
  2. Use the Reset button only after removing the microcard. If the problem cannot be solved after the first try, experts advise rebooting the system several times. in some cases, the key may not be loaded correctly due to an error in the code, which is located on the external card. In the vast majority of cases, the actions taken will not bring any benefit, but this is where you still need to start.
  3. If the failure cannot be resolved, you will need to reset the OS to factory level or roll it back. After this, you can install the cryptographic module. To complete this task, you will need an external card with a capacity of at least 8 GB. It is recommended to transfer all important documents to it. Type 0M in swap and download ICS. After connecting, you can clear the cache and make a full backup of the information stored on the device. After installing ICS, you can reboot your device.

Do you use your Android smartphone (tablet) to save personal photos, read important emails, make online purchases with your credit card, edit and transfer important documents? If your answer is yes, then you should think about encrypting your device.

Unlike iPhones, Android devices don't automatically encrypt data stored on them, even if you use a passcode to unlock the device, but if you're running Android Gingerbread 2.3.4 or higher, it's easy to enable encryption.

Encrypting your phone means that if the phone is locked, the files are encrypted. Any files sent and received from your phone will not be encrypted unless you use additional methods.

The only difference between an unencrypted and an encrypted phone from a user's perspective is that you will now have to use a password to unlock the phone (tablet).

If your phone is not encrypted, then the password is just a screen lock. In fact, in this case, the password simply locks the screen - that is, it does nothing to protect the files stored on the device. So, if attackers find a way to bypass the lock screen, then they gain full access to your files.

If the phone is encrypted, the password is the key that decrypts the encrypted files.

That is, when the phone is locked, all data is encrypted, and even if attackers find a way to bypass the lock screen, then all they find is encrypted data.

How to enable encryption on an Android device?

1. Open the Settings menu.

2. In Settings, select Security > Encryption (Encrypt device).

3. As required, you must enter a password of at least six characters, at least one of which is a number.

As soon as you set a password, the process of encrypting your files will begin. Encryption may take an hour or more, so you must turn on the charger before encryption begins.

Once the encryption process is complete, you're done! Make sure to save your password in a safe place because you will now need it every time you want to access your phone. Please note that if you forget your password, there is currently no way to recover it.

In fact, encryption of Android devices, along with obvious advantages, also has significant disadvantages:

  1. Imagine having to dial a complex password every time you want to make a call. I wonder how long it will take for you to get tired of it?
  2. You will not be able to decrypt an encrypted device; this is simply not provided. To decrypt, there is only one way - to reset the phone to factory settings. In this case, of course, all your data will be lost. This will look especially interesting if you forget to make a backup copy first.

Thus, today there is a difficult choice - either you encrypt your device and put up with huge inconveniences, or you get ease of use, but at the expense of security. Which path will you choose? I don't know. Which path would I choose? I can’t answer either. I just do not know.

Vladimir BEZMALY , MVP Consumer Security, Microsoft Security Trusted Advisor

An error like this can only appear if the user initially turned it on (on a tablet or other mobile device).

This function protects personal data stored in the memory of the Android device. Encryption in this case is performed by the ICS system using a master key with a depth of 128 bits. If a password or PIN code is set to unlock the screen, then Android by default selects it as the “source” for creating a decryption master key.

After enabling the encryption function, each time the OS is rebooted, the device will request the specified password or PIN.

However, no system works without errors and periodically the Android encryption also fails here, which makes unexpected changes to the 16 kilobyte master key.

Such a failure can occur at any time, so to ensure you do not lose the necessary information, always save backup copies of your data. To do this, for example, you can make a backup to your Google account.

Otherwise, the cost of decrypting the card will be much more expensive than the cost of all the information stored in the phone’s memory (which will need to be decrypted). In the worst case, decryption will take so much time that the information will long ago lose its relevance.

Android encryption error: what to do?

So, what should you do if your phone says “encryption failed”? This message appears before the graphical shell is loaded for the reason that the module responsible for encryption (Cryptfs) is loaded one of the first. It allows all other modules to decrypt settings, read data from the cache and load a full version of the OS.

  1. 1. First, you need to remove the microSD card from the device. Due to Google's policy, information on it is not encrypted by default, and, accordingly, this data may still remain accessible.

The worst thing you can do now is press the only soft button on the screen - Reset phone.

After activating it (in most cases), you can say goodbye to the information stored in the /data and possibly /sdcard folder.

  1. 2. After removing the card, try rebooting your Android device using the mentioned button. If you were unable to resolve the encryption failure on your tablet the first time, try a few more times: perhaps the key is simply not loaded correctly due to an error in the code located on the external card.

Unfortunately, in most cases, rebooting does not fix the encryption failure, since either the internal card of the Android device or its controller is damaged.

  1. 3. If restarting the phone/tablet did not help resolve the encryption failure, you should “roll back” the firmware and install a new version of the cryptographic module so that the device can be used.

To do this, you will need an external card, preferably at least 8 GB (you can use an “old one” if all important data has been backed up from it), on which temporary partitions /data and /sdcard will be saved.

  1. 4. Insert the microSD card into your Android device.

The next stage is preparing the phone for flashing. To do this, you need to go into Android recovery mode. Depending on the model and manufacturer of the device, this mode can be accessed in different ways, but the most common key combination is to simultaneously press the power and volume down buttons and hold for one or two seconds.

In recovery mode, find the properties of the SD card and divide it into segments that will be allocated to the above sections. For the /data area, 2 GB of memory should be enough.

For "swap" select 0M. The card preparation process will take some time - during this time you can download the latest version of ICS that matches your phone/tablet model.

After downloading, save it to an already partitioned SD card.

At this point, the recovery mode should enable the ability to

The FBI tried through court to twist the hands of Apple, which did not want to create code to bypass its own security system. A critical vulnerability has been discovered in the Android kernel, allowing superuser access to bypass all security mechanisms. These two events, although unrelated, coincided in time, clearly demonstrating the differences in the security systems of the two popular mobile operating systems. Let's put aside for a moment the issue of a critical vulnerability in the Android kernel, which is unlikely to ever be fixed by most manufacturers in already released models, and consider the data encryption mechanisms in Android and Apple iOS. But first, let’s talk about why encryption is needed in mobile devices at all.

Why encrypt your phone?

An honest person has nothing to hide - the most popular leitmotif that sounds after every publication on the topic of data protection. “I have nothing to hide,” many users say. Alas, much more often this only means the confidence that no one will bother to get into the data of a particular Vasya Pupkin, because who is interested in them at all? Practice shows that this is not so. We won’t go far: just last week, the career of a school teacher who left her phone on the table for a moment ended with her dismissal. The students instantly unlocked the device and took out photographs of the teacher in a form that is condemned by the puritanical morality of American society. The incident served as sufficient grounds for the teacher's dismissal. Stories like this happen almost every day.

How unencrypted phones are hacked

We won't go into detail, just keep in mind: data from an unencrypted phone can be recovered in almost a hundred percent of cases. “Almost” here refers rather to cases where the phone was attempted to be physically damaged or destroyed immediately before the data was removed. Many Android and Windows Phone devices have a service mode that allows you to drain all data from the device’s memory via a regular USB cable. This applies to most devices on the Qualcomm platform (HS-USB mode, which works even when the bootloader is locked), on Chinese smartphones with MediaTek (MTK), Spreadtrum and Allwinner processors (if the bootloader is unlocked), as well as all smartphones manufactured by LG (there in general a convenient service mode that allows you to merge data even from a “bricked” device).

But even if the phone does not have a service “back door”, data from the device can still be obtained by disassembling the device and connecting to the JTAG test port. In the most advanced cases, the eMMC chip is removed from the device, which is inserted into a simple and very cheap adapter and operates using the same protocol as the most common SD card. If the data was not encrypted, everything can be easily extracted from the phone, down to the authentication tokens that provide access to your cloud storage.

What if encryption was enabled? In older versions of Android (up to 4.4 inclusive), this could be bypassed (with the exception, however, of devices manufactured by Samsung). But in Android 5.0, a strong encryption mode finally appeared. But is it as useful as Google thinks it is? Let's try to figure it out.

Android 5.0–6.0

The first device running Android 5.0 was the Google Nexus 6, released in 2014 by Motorola. At that time, 64-bit mobile processors with the ARMv8 architecture were already actively promoted, but Qualcomm did not have a ready-made solution on this platform. As a result, the Nexus 6 used the Snapdragon 805 chipset, based on Qualcomm's own 32-bit cores.

Why is it important? The fact is that processors based on the ARMv8 architecture have a built-in set of commands to speed up stream data encryption, but 32-bit ARMv7 processors do not have such commands.

So watch your hands. There are no instructions for accelerating crypto in the processor, so Qualcomm has built a dedicated hardware module into the system logic set to perform the same functions. But something didn’t work out for Google. Either the drivers were not completed at the time of release, or Qualcomm did not provide the source codes (or did not allow them to be published in AOSP). The details are unknown to the public, but the result is known: the Nexus 6 shocked reviewers with its extremely slow data read speed. How slow? Something like this:

The reason for the eight-fold lag behind its “younger brother”, the Motorola Moto X 2014 smartphone, is simple: forcibly enabled encryption, implemented by the company at the software level. In real life, Nexus 6 users on the original firmware version complained about numerous lags and freezes, noticeable heating of the device and relatively poor battery life. Installing a kernel that disables forced encryption immediately solved these problems.

However, firmware is such a thing, you can finish it, right? Especially if you are Google, have unlimited finances and have the most qualified developers on your staff. Well, let's see what happened next.

And then there was Android 5.1 (six months later), in which the necessary drivers for working with the hardware accelerator were first added in the preliminary version of the firmware, and then removed again in the final version due to serious problems with sleep mode. Then there was Android 6.0, at the time of its release users had already lost interest in this game and began to disable encryption by any means, using third-party kernels. Or don’t disable it if a read speed of 25–30 MB/s is enough.

Android 7.0

Okay, but could Android 7 fix a serious problem with a flagship device that is almost two years old? It’s possible, and it’s been fixed! The ElcomSoft lab compared the performance of two identical Nexus 6s, one running Android 6.0.1 with the ElementalX kernel (and encryption disabled), while the other was running the first preview version of Android 7 with default settings ( encryption enabled). The result is clear:

Continuation is available only to subscribers

Option 1. Subscribe to Hacker to read all materials on the site

Subscription will allow you to read ALL paid materials on the site within the specified period.