Hi,
I just bought Samsung Galaxy Note 3 and want to setup it like my old Galaxy Nexus. Also I want to stay with fully stock ROM for a while so I need to perform everything without root.
I need encryption set on my phone. Problem was that for some reason Samsung ROM does not allow PIN unlock on encrypted device. Password wasn't convenient so I searched for workaround for this.
Solution was to install Tasker+Secure Settings and change lock type to PIN just once. Everything was perfect, PIN lock was set permanently. BUT, when I rebooted the phone I wasn't able to decrypt storage with old password. My device can be only decrypted with new PIN now.
How the hell that could be? I believed that when I set encryption password it will be used for decryption. Obviously for me now, it's not.
My question is: what encryption key is used for data decryption in Android? You can change password or PIN and decrypt device with it easily. In other words: what data (encryption key) should be hacked in order to decrypt the phone and where is it?
Related
So, turned on device encryption because it's company policy that portable devices containing sensitive data have to be encrypted. So now it prompts me for my password during start up. All well and good. But now I'm trying to figure out how to change my password. In the security settings, clicking on the encryption area does nothing. Not critical now but sooner or later I will need to change that password or if I sell the device, probably decrypt it first.
Not a word about encryption in the manual. Anyone have any idea on how to change that password? Will a factory reset result in a decrypted device?
Edit: Ok, turns out the startup password after encryption is the same as the screen lock password.
Hi,
I have CM10 running on my rooted Galaxy Nexus and I just enabled the disk encryption. However, I can't find any options what happens after a few failed attempts? I would like to reset and wipe my phone so that it will be usable, but without any of my data. Cerberus is flashed, so I think I'll have a better chance at recovering my phone if it's usable and not completely locked.
I have set a profile with tasker + secure settings to shutdown after 3 failed PIN attempts (which is different than the encryption password), so I should be save there and a thief would be forced to guess my much safer encryption password.
I know that I can do it with cerberus, but only manually.
Bonus point: Is there any possibility to use a pattern instead of a PIN for the display lock? It's unavailable after encrypting..
Nobody?
In which file is the fingerprint data stored on 4.4.2 on S5 Mini 800F?
In case one forgets the password or pattern on Android, the phone can be unlocked by deleting the password/gesture file in data/system.
After reboot one can access the phone with any password or pattern and set a new one.
Several methods are described here at XDA and YouTube.
Samsung came up with the S5 Mini that has the fingerprint scanner.
Fingerpritn scanner does not recognise anymore, no alternative password to use, no google related account.
In order to get access back I assume I need to delete the file that stores the fingerprint data - just like the approach as described with the password and pattern.
Is it correct to assume that after deletion of the file containing the fingerprint data and after a reboot ANY fingerprint swipe will give access to the phone and that a one can set again the fingerprint security?
Many thanks to your help in this matter which will also interst others as more and more fingerprint accessed devices are expected to hit the market.
What options are almost as secure as "secure startup" (PIN on boot)? How close?
So I have a bootloader unlock, TWRP'd HTC 10 and I know that the Nexus 6P and many newer devices allow you to enable secure startup. When you set security to PIN, MM asks you if you want to require the PIN to boot the device. If you say yes, during boot the number keypad will be presented and you have 30 tries to enter the right PIN or it erases your device. Unfortunately, with this option enabled when I flash themes (tried different ROMs, different sources), it almost always hangs just before presenting this keypad with a message that says "Preparing Settings". The screen is normal with secure startup, but after a time it proceeds to the keypad. Anyway, I want to be secure so I've left it enabled and then I forget, flash a theme, and bang - phone is screwed up.
I believe that if I don't enable this then the data system is encrypted, and I know when I boot into TWRP it asks for a PIN to decrypt and mount data. If I encrypt my SD and store the TWRP backups there, (or password protect the backups) wouldn't that protect me from someone getting into one of those? At least the data partition? And any malcontent couldn't generate a new one including data to browse because they wouldn't be able to mount data in the first place without the PIN, right? If all this is true then I'm not sure what they could get with just the system partition (and boot and recovery of course)...
Can anyone shed light onto whether secure startup is really buying me anything with these other precautions in place, and if you think secure startup is worth it? Thanks!
If I had to be flat out honest. I personally think that is over kill. People are not after the data on the device and cant get past a simple password lock.
90% of the time the device is wiped before it is ever booted completely after it is stolen.
Hi all,
I just tryed to add a company account to my phone. During this process I was asked to add a new Administrator. Just after confirm, the phone unmonted the SD card and wanted to encrypt the phone. How to reverse?
The phone is still not encrypted and I don't want the encryption. But I cannot mount my SD card without encryption and I cannot change any security setting (only password is available as lock screen - till now I have a PIN). And, I cannot clear the certificate memory (Clear credentials is grayed).
I removed the exchange account, but this does not help.
I'm using a stock GT-I9506 with 5.0.1
Thanks for any help.
solved
I fount the solution. After selecting password as lock screen I started the encryption. During the last confirmation I aborted. After that all was like before.