Full Device Encryption on Android 4.0

After upgrading my mobile device to the Nexus S from Google, I was poking around in the security settings when I found something new. Android 4.0 now has full-device encryption capabilities. This means that while enterprises wishing to gain the usefulness and beauty of information design presented by mobile BI vendors like Roambi but have been skeptical of data security now can rest at ease.

The full-device encryption and Android 4.0 isn’t easy however. Device owners must secure their device with a password or pin, so no fun face-unlock capabilities but for many used to dealing with corporate BlackBerrie’s I’m sure this is a minimal sacrifice.

After going to Settings > Security to enable encryption, you must provide a password or pin. The next step is for your device to reboot and encrypt all of its contents. During this time you’ll see the following screen:

This process will take about an hour. Once this process finishes you’ll now be required to enter your password to decrypt the device anytime you reboot it. Here is what that screen looks like:

That’s all I’ve got so far, I’ll update this post with more details as I get them. The main thing here, and reason I posted this is to draw attention to Android 4.0 device security for mobile BI vendors. Anyone serious about mobile BI and Data Security should start adopting this platform.

  • doe the full disk encryption include all system files??

  • Good question. Based on the message the device popped up during the process I am leaning towards yes. I think there are some more details on the android forums. If you find out please reply with what you found.

    Thanks!

  • DAVe3283

    With the device encrypted, does it restrict the types of lock screens you can use? Can you still use “Slide” or “Pattern”, or are you required to use “Password” or “PIN”?

    • Anonymous Coward

      Yes it does restrict you to password or PIN. From a security perspective I’m sure this is good news, but from a user perspective it annoys me endlessly.

  • M.E.

    Why can I not set it up with a PIN on Android 4.0 on Samsung Galaxy SII? Does anyone have the same issue

    • Same issue here. It only accepts a password, not a PIN.

      Anyone knows if I can define a different PIN to unlock the screen? Or the boot password must be the same to unlock the screen?

  • Cesar

    does anyone know if the new HTC One X with android 4.0 supports full device encryption? or has HTC screwed this up aswell.

  • Gordy

    I have the Galaxy Nexus i9250 which is now fully encrypted.. works fine just lengthens a cold start-up or reboot, otherwise no real impact.
    Question – does anyone know whether and how to change the encryption password?

  • Frank

    OK, this may now seem like the most stupid question on Earth, but I haven’t found an answer on the mighty internet…. so please be gentle.

    Let’s assume I set a PIN and encrypt the phone / tablet. When I boot it, I need to provide the PIN to decrypt it to boot. What I usually do is to change passwords / PINs every once in a while, usually on a fixed schedule. Will I still be able to change my PIN? And when I change the PIN, will then the unlock-at-boot PIN also be changed accordingly?

    Thanks! 🙂

  • “OK, this may now seem like the most stupid question on Earth, but I haven’t found an answer on the mighty internet…. so please be gentle.

    Let’s assume I set a PIN and encrypt the phone / tablet. When I boot it, I need to provide the PIN to decrypt it to boot. What I usually do is to change passwords / PINs every once in a while, usually on a fixed schedule. Will I still be able to change my PIN? And when I change the PIN, will then the unlock-at-boot PIN also be changed accordingly?

    Thanks! :)”

    Yes-you can change your PIN/Password (whichever was set when you encrypted).

    When you do change your PIN/Password it changes the encryption boot password.

    If you would like a long, complex, secure pre-boot encryption password combined with a simpler pin or password use the application called cryptfs password changer from the Play store to change the encryption password whilst leaving your phone lock/unlock PIN the same. Only downside is that you need Root access and if you change your PIN/password the boot encryption password will be changed to match this so you need to reset that with the Cryptfs software.

  • 4zs

    I have CM9RC2
    Settings – Security – Encrypt phone. I see what in the first picture is, but no progress bar and actually nothing happens. Is this missing from CM? What apk file is for encrypting in /system/app?

    • Xavier Tridento

      I have the same issue. did you ever find a solution?

  • My corporate email account is asking me to encrypt my mobile else i wont be able to open my emails. When i tried to encrypt my device and it was done. It showed me exactly the same screen which you showed in second snapshot. However, Now my SIM is not readable to phone. Means all tabs which are designed in the phone for SIM setting are disabled now. I had restore factory data and reset my phone. Now SIM is enabled. What can i do to use my corporate email and mobile network/SIM at one time. Please, please please if anyone know any workaround of it, kindly let me know.

  • JFYI..it only took 10 mins to perform the whole process of encryption

  • Xavier Tridento

    my tablet just sits there after i hit the button to encrypt. t does not show any notification and it sat there for 3 days. it just shows the little gear android logo and sits there. its an azpen 470 tablet. please help. email me back at wiccanelwolfx@gmail.com

    • BenT

      did you get a resolution? I have the same thing happening

Free 5 Day Video Course | Tableau Quick Start

Everything you need to become dangerous :)

x