Yet Another Blog

May 30, 2014

Tuning Android Disk Encryption Feature

Filed under: Android, Security, Software — Tags: , , , , — guilleml @ 3:04 pm

I use my phone, like most of you, as my personal assistant so it carries all kind of information regarding banks, passwords, services, purchases, friends, photos, etc. Most of this information is private and I am very concerned about what would happen if someone gain access to this package of private information. Probably they would only want the hardware, but let’s be honest, if I couldn’t keep myself from taking a look to a lost phone and I know it can be done, no matter what password are you using, I expect anyone would do the same and they might have other intentions, as stealing passwords.

I was looking for a way to avoid this if my phone is stolen or lost. Of course I use cerberus but I need a way to really be sure no one can extract my information. Of course I’m not thinking in NSA or USA Gov as we all know they already have access to all of this.

Like linux, Android support crypted filesystems natively. http://www.saout.de/misc/dm-crypt/ is used in order to crypt, decrypt and manage the volume.

Android encryption feature will crypt all user data in order to avoid anyone to access your storage unit without a password.

It’s important to note that if you want to disable this feature you’ll need to reset your phone and restore all your data.

System Performance

In a nexus4 I haven’t noticed any performance impact but when installing apps. Installing apps is a little slower process but in the general use the interface, apps loading and use is unnoticeable.

How to Enable Android Disk Encryption Feature

You can enabled Android disk encryption feature under Security settings.

Screenshot_2014-05-26-13-41-05

This process needs pin screen lock so it will ask you to set a pin. You cannot use face recognition unlock or leave unlocked the phone.

This pin will be used to crypt the password that will be used to crypt all the volume. Google decided so in order to avoid users to remember several passwords just to boot and unlock their phones, the problem is that a 4 digits password is quite easy to break using brute force so we’ll see how to change this password to improve security.

Once you’ve selected the encryption feature and configured the password the system will reboot itself and begin the crypting process. This process may be long, so be sure to be able to let the phone working and connected to the AC charger for an hour or so.

When completed, the phone will ask for the password when booting, when it asks for it, type your pin code previously selected.

Install Cryptfs Password app from the Play Store to help you to change the password. You’ll need to be root so this process can be done.

Screenshot_2014-05-30-16-46-12

Just introduce your pin and your new safe long password using alphanumeric characters and symbols, this way you’ll have a secure password to mount the crypted phone storage memory and a 4 digits pin to unlock the screen making a brute force attack much more difficult to carry out.

With this, not so popular, feature you can be sure your data won’t be stolen if you lose your phone.

I found information about this process and link to the app from nelenkov’s blog.

Blog at WordPress.com.