07-12-2020 11:46 PM
I've just bought a Tab A7 and there's an option to encrypt an external SD card (which I'm not using at the moment) but there doesn't appear to be any way to encrypt the internal storage, which seems a bit strange as I've been able to do that on every other Android device I've ever owned.
With recent devices, just setting a PIN seems to enable it as then it prompts me for the PIN after I switch it on, before it boots to the OS but on the A7 it boots to the Home screen without asking me for the PIN.
Solved! Go to Solution.
14-12-2020 12:09 AM
A long time ago, enabling encryption took hours as the hardware wasn't available to make it instant and as I recall, disabling it involved formatting the storage but for some years now, devices have had chips that make it possible to instantly enable/disable encryption. It's not true that the storage is encrypted regardless of whether a PIN or password is set though. If you think about it, it would be pretty useless security if anyone could decrypt a device by just turning it on, without needing a PIN/password.
I did a Google search too and found that apparently since Android 7 they have been moving towards File-Based Encryption (FBE) rather than Full-Disk Encryption (FDE), which means that the device can boot to the OS but the user's files are encrypted and inaccessible until the PIN/password is entered.
https://source.android.com/security/encryption/file-based
I've never seen this on any previous device, even recent Android 9 phones that I've bought which still use FDE and can't boot without the PIN. I can see there are benefits for multi-user devices from using FBE but personally I don't share my devices with anyone else and FBE raises concerns about whether its actually encrypting all the files containing my personal data, or whether some of those files might be stored on the unencrypted partitions. So it would be better if devices offered the choice of enabling FDE instead of only offering FBE, especially with tablets where the concerns about phones rebooting themselves and being unable to receive calls until the user enters the password don't apply.
12-12-2020 04:27 AM
12-12-2020 08:12 AM
I've set a PIN but like I said, it boots to the Home screen without asking me for it, so it obviously hasn't encrypted the internal storage, because it wouldn't be able to boot without asking me for the PIN if it was encrypted. I just have to enter the PIN after its booted to unlock the screen, like I have to do if I leave it inactive and it locks the screen.
12-12-2020 12:50 PM
12-12-2020 01:40 PM
Because it is obvious. If the internal storage was encrypted then it would need me to provide the code (i.e. the PIN or password) to decrypt it. That's how my current phone and my previous tablets work. They request the PIN shortly after turning them on and then it boots into the OS. If the Tab A7 was encrypted, it couldn't boot without me providing the code to decrypt it. Are you saying that with your tablet it asks for the PIN before it boots into the OS, or does it boot into the OS and then ask you for the PIN to unlock the screen (which is what my A7 is doing)?
My screen lock setting is set to PIN. There's no separate "Encrypt device" option and it was my understanding that all Android devices automatically encrypted themselves whenever a PIN/password was set, as there's no performance penalty from enabling encryption these days. So there's no downside and it provides valuable protection for portable devices and the data they hold, as it makes it impossible to boot the device or access the data stored on it without the code.
12-12-2020 02:25 PM
14-12-2020 12:09 AM
A long time ago, enabling encryption took hours as the hardware wasn't available to make it instant and as I recall, disabling it involved formatting the storage but for some years now, devices have had chips that make it possible to instantly enable/disable encryption. It's not true that the storage is encrypted regardless of whether a PIN or password is set though. If you think about it, it would be pretty useless security if anyone could decrypt a device by just turning it on, without needing a PIN/password.
I did a Google search too and found that apparently since Android 7 they have been moving towards File-Based Encryption (FBE) rather than Full-Disk Encryption (FDE), which means that the device can boot to the OS but the user's files are encrypted and inaccessible until the PIN/password is entered.
https://source.android.com/security/encryption/file-based
I've never seen this on any previous device, even recent Android 9 phones that I've bought which still use FDE and can't boot without the PIN. I can see there are benefits for multi-user devices from using FBE but personally I don't share my devices with anyone else and FBE raises concerns about whether its actually encrypting all the files containing my personal data, or whether some of those files might be stored on the unencrypted partitions. So it would be better if devices offered the choice of enabling FDE instead of only offering FBE, especially with tablets where the concerns about phones rebooting themselves and being unable to receive calls until the user enters the password don't apply.
14-12-2020 05:29 AM
14-12-2020 10:11 AM
The PIN prompt always came up after it booted to the OS, as I said before " I just have to enter the PIN after its booted to unlock the screen". Now I know that they're using FBE instead of FDE, I understand why it doesn't need a PIN to boot but I'm not particularly happy about it!
The tablet seems to have an intermittent fault with the touchscreen not responding properly anyway, so I'll have to return it and get a replacement. I'd probably get a different tablet if I could find one that still offers FDE as an option but that seems unlikely.
26-12-2020 10:19 AM