Close

What are you looking for?

cancel
Showing results for 
Search instead for 
Did you mean: 

Security ... encryption

(Topic created on: Thursday)
258 Views
davehorne
Big Cheese
Options

I was watching a video to learn more about US Customs and their right to examine the phones of everyone entering the US and was advised to encrypt my phone.  

I naturally assumed my backups were encrypted but when I looked in my security settings, I had to enable that.

I was given a 28 character code that I was forced to write down (since I couldn't do a screenshot), and I now assume that I have even more protection.  

I would have thought this setting was by default on, but it wasn't.   Aren't backups by Samsung encrypted to begin with?

Watch4 Classic
Galaxy S25 Ultra / 1T / Microsoft Launcher / Spigen Liquid Air case / Samsung Silicone case
15 REPLIES 15
AndrewL
Moderator
Moderator
Options

@davehorne: While personal data stored on Samsung Cloud is protected, the Enhanced Data Protection option is Samsung's security function to protect your personal information considered as valuable data. This feature allows your specific data with E2EE (end-to-end encryption) technology to be stored in the Samsung Cloud.

If you would like to learn more then please take a look at the link below. 

https://www.samsung.com/uk/support/mobile-devices/what-is-the-enhanced-data-protection-feature-on-th...

arianwen27
Black Belt 
Options
That adds protection to backups, not the phone itself.

Default protection, samsung secures your backups.

Enhanced protection, you secure your backups.

Means if samsung gets hacked or if samsung is legally forced to give up your data, if you have the keys, the data is still secure. Also means if you lose that code, you can't unlock your own backups.

For phone encryption, android phones have been encrypted since android 10. I'm running android 16 right now. You can enable auto blocker if you want some extra security. Samsung phones are also sorta double encrypted, so are more secure than normal android. Oh and if you're on one ui 8 beta, you can enable advanced protection in the google part of settings to try and stop celibtite machines, more on that later.

Specifically for airports, the us has laws where they can legally force you to unlock your phone using biometrics. So using lock down mode to disable biometrics can stop them forcing an unlock. If they really want to get into your phone, they'd confiscate it and hack into it using a celibrite device. That is a little box that uses exploits to hack into phones. Nothing you can do to stop that other than keep your phone updated. Technically it is much harder to hack into a phone if the phone is in BFU mode, aka reboot it and don't unlock it. But shutting your phone down before you reach customs is really suspicious.

For uk airports, uk law means you MUST unlock any device if told to. Not doing so is a 2 year prison sentence. The actual law is you must provide encryption keys if told to. Meaning any electronic device you have you can be forced to unlock for police and airport staff. The protection for this is, uhh, don't have anything private or personal on your phone.

Honestly having a second travel phone is the best solution
davehorne
Big Cheese
Options

Thanks. 

Watch4 Classic
Galaxy S25 Ultra / 1T / Microsoft Launcher / Spigen Liquid Air case / Samsung Silicone case
0 Likes
MistyPigeon
Explorer
Options
Wouldn't a second travel phone be expensive unless its a Galaxy A or refurbished Galaxy J7 Prime?and arianwen,can you add protections to protections of the backup?im heavily privacy focused at most with recent phones this day and age
0 Likes
arianwen27
Black Belt 
Options
I'll explain in a little more detail.

Normal backups: your phone encrypts your backup data with a key samsung has, samsung then stores the key.

This is easy and always allows you to recover your data, since samsung has the key. You can't lose the key. Downsides are samsung if they wanted, can access your backup data, they wouldn't, but they could. If someone hacks samsung, they could take the key to the data. If some legal proceeding forces samsung to give up your backup data, they can unlock it.

Backup with enhanced data protection enabled: your phone generates a key, encrypts the backup data with that key then sends the backup to samsung. Samsung has no way to tell what the data is or decrypt the data, only you can.

This means only you can access the data, no matter what samsung or any legal thing does, the backup data on samsung servers cannot be read unless by you. The downside is if you lose the key your phone generated, the data is lost forever.

Now backup is explained, onto the physical phone stuff.

Since every country technically has a way to legally unlock your phone, a second phone is the only true way to keep privacy. It's a kinda extreme measure though since it costs due to needing a second phone.

Also if you're thinking of using samsung secure folder, that can be accessed either by law or a hack device, so don't try that as an idea.

To clarify, random people can't hack your phone, there are companies that create phone hacking devices and only sell them to police and governments. So while I say all this is possible, it would never happen unless some government or police said so.

In terms of general device protection. Use a long pin or password as the unlock method. If using a pin, don't have it auto unlock without pressing ok. Having to press ok means attackers don't know the pin length.

Have auto blocker on set to max, if on the beta, enable advanced protection too.

In the google part of settings, delete your advertising ID and turn off diagnostic data for google and samsung within your phone.

Make sure to make full system backups using a pc. In the smart switch app you can enable extra backup security, backup to a pc you own, now you have a secure local backup.

If security is your worry, google offers the advanced protection program. You need physical hardware keys to enable it. It basically locks your google account to only login if you physically prove it's you with a usb device
MistyPigeon
Explorer
Options
So on the travel phone you do backup with enhanced data protection and VPN (Cyberghost/Surfshark,etc,etc) and keep the bootloader locked?
0 Likes
arianwen27
Black Belt 
Options
On the travel phone just don't keep any data on it. The idea is your phone can always be accessed, so keep your personal data at home. Enhanced data protection only affects backups and the bootloader doesn't really have anything to do with keeping your data safe. An unlocked bootloader lets you install other operating systems on your phone, but doing so wipes all data on your phone.

Keep developer mode off, don't connect to free WiFi, you don't need to bother with a vpn unless you really like free wifi.

For the average person, your phone would never be searched and you'd be fine. It's just all of what I've explained is possible and could happen
0 Likes
MistyPigeon
Explorer
Options
And for browser old Tor Beta apkmirror?
0 Likes
MistyPigeon
Explorer
Options
Is Samsung servers vulnerable or have they been hacked/hijacked/leaked before?or not?
0 Likes