Hello,
I remember when i set up A1 in firstboot, it asked if i want to be prompted with a password before booting android, to which i said no.
So this in effect, must have encrypted with the default password on first boot. This lets the system boot, and core services started, if the device gets rebooted
without my knowledge(so that i recieve calls and sms) VS, if it asks password before booting(uses my pin as password instead of default password), the core services arent available untill i put my pin in.
This issue was supposed to get solved through Nougat's FBE.
So my question is that, does Mi A1 uses FBE, so that even if i had opted for my pin as password before booting, i would not be blocked of using core services like phone and sms, with OS waiting at pin prompt?
Thanks.
as i have researched more, A1 does not support FBE.
read this excellent writup
In the above article, it shows how to convert to file based encryption. This option in the developer settings is missing from A1.
this is the first major disappointment with A1. Was shocked on system setup to see this. Didn't expect this from a phone expected to receive updates upto P.
ashjas said:
as i have researched more, A1 does not support FBE.
read this excellent writup
In the above article, it shows how to convert to file based encryption. This option in the developer settings is missing from A1.
Click to expand...
Click to collapse
Why do you think ? What encryption does it use ?
It uses FDE. This can be seen when you reboot the device - the black background and basic keyboard. This is FDE.
FBE would boot the device in an intermediary state with wallpaper, full keyboard.
Now if you ask me FDE seems a bit more secure - you can be sure that everything on the device's data partition is encrypted and the only available function is emergency call.
FBE encrypts certain folders but more code is running at startup so you can in theory receive notifications and stuff for certain apps. I certainly don't need stuff running before i authenticate.
gradinaruvasile said:
It uses FDE. This can be seen when you reboot the device - the black background and basic keyboard. This is FDE.
FBE would boot the device in an intermediary state with wallpaper, full keyboard.
Now if you ask me FDE seems a bit more secure - you can be sure that everything on the device's data partition is encrypted and the only available function is emergency call.
FBE encrypts certain folders but more code is running at startup so you can in theory receive notifications and stuff for certain apps. I certainly don't need stuff running before i authenticate.
Click to expand...
Click to collapse
So when the phone was set up in a way, where there was no password asked during (in the middle of) the boot process, how easy would it be for thiefes to access data stored on a A1 ? And how much would it help them if bootlocker was unlocked ?
When you reboot the phone, and you do not have a FDE password set up, the phone still asks for a PIN aftrer booting, with the text "Unlock for all features and data". This sounds like FBE to me.
- PIN is probably from the SIM card. My A1 never asked anything until i set up a password. But mine came with Android 7.1.1 so it is a possibility that some to come with later versions (that have FBE?)?
- FDE is usually enabled anyway on Android 7.1+ but it has a default password set ("default_password" AFAIR). So if you run TWRP for example, even without installing it,it will acces your data because it knows this default password. If you specify a custom password the disk will not be unlocked without it.
- A locked bootloader brings additional security. The idea behind it is to have a verified boot chain - if someone gets hold of your phone to not be able to flash custom system apps on it.
The partitions are checksummed and verified via dm-verity. So at boot time any unauthorized alterations (done, say, with booted TWRP, installed Magist and root then re-locked bootloader afterwards) will trigger a "System Destroyed" message.
The above will be all disabled if you unlock the bootloader and install TWRP. As for now TWRP (or any other loader) cannot ensure system consistency. It is possible to flash stuff on your device by restarting it and launching TWRP. If you have a strong encryption password set up your data partition will still be inaccesible to them but if you get your phone back and start it up the malware will start and do nasty stuff like siphoning all your data, passwords etc (because you can flash system apps that can see everything on the device).
After restart, it asked me for a PIN and then for SIM PIN, (even when draw pattern was my configured way for unlock). It never again asked me for PIN, only right after reboot. Why else would I be asked for a PIN only after reboot, if not because of FBE?
Hello. Many people wonder if they can use fingerprint without keeping any lock on phone. Answer is YES!
HOW TO DO?
1. Setup any lock (pattern or pin) and your fingerprint too ofcourse
2. Reboot into recovery or use any root browser.
3. Go to data/system folder.
4. If you have setup pattern lock then delete pattern.key file and if you have setup pin lock them delete pin/password.key file (Don't worry this won't harm your phone) and restart your phone.
5. Congratulations! Now you can unlock with fingerprint without any lock on your phone
Note: This is just a small trick and many may find this useful while many already know this. This is applicable on all android devices and mostly all versions too. Enjoy!
Thanks
Could you make an instruction also for Oreo ROMS?
Thank you in advance.
harshjain00 said:
Hello. Many people wonder if they can use fingerprint without keeping any lock on phone. Answer is YES! ....
Thanks
Click to expand...
Click to collapse
Thanks for the nice tutorial. I was using the "Lockscreen Disabler" Xposed module for this. If you select "No lockscreen", then you can unlock with fingerprint and there is no lock. If you change your mind, just select "Deactivate this mod" and it will be stock. That's without any reboot.
Hi there,
is it possible to encrypt the tablet using the stock rom? Can't find the option in the settings, only to encrypt the sd card.
It's encrypted by default:
Settings >> Biometrics & Security >> Other Security Settings >> Strong Protection
LeGi0NeeR said:
It's encrypted by default:
Settings >> Biometrics & Security >> Other Security Settings >> Strong Protection
Click to expand...
Click to collapse
Maybe they meant FDE rather than just the FBE that most new devices use?
Android Source Documents
OhioYJ said:
Maybe they meant FDE rather than just the FBE that most new devices use?
Click to expand...
Click to collapse
No, the encryption of Galaxy Tab S5e is definitely File-based one (FBE) because no Secure Startup menu is available...
or just type getprop ro.crypto.type in Termux and you can see the answer (file)
LeGi0NeeR said:
No, the encryption of Galaxy Tab S5e is definitely File-based one (FBE) because no Secure Startup menu is available...
or just type getprop ro.crypto.type in Termux and you can see the answer (file)
Click to expand...
Click to collapse
Yeah, most new devices are FBE. My thought was the OP was asking for a way to enable FDE. However you could be right FBE confuses some users as they don't realize the device is still encrypted as it doesn't ask for a password on boot.
I've got FDE on my S9, didn't know FBE existed. Thanks for clarifying things for me!
yeahhh.... it´s "bull´hit"..
i need a solution to disable the wifi-password encryption on g930f > oreo.....
the "ro.secure storage.support=false" in the build.prop is not working anymore....
because, i have hundreds (yes> over 100 wifi pswds. [and count on]) in use.....
so i have to use the "wifi viewer" in the app store to see the required pswd....
but on s7>oreo the pswd. ist encrypted.....
solution????
kind regards,
chris
... no solution???
I have kept my phone from locking for a day because I Forgot the lockscreeen passsword while changing it on LGK20+, I'm roooted is there any way to disable/delete the lockscreeen pin using twrp? I read an article online that says I can delete a few files ending in .key and i willl be able to set a new passsword can any1 confirm that or have an easier way to disable my lockscreeen pin ( i've prevented it from locking so far),,,...
Pitchblack Recovery, which you can download from a thread on our K20plus forum, has an option within advanced tools with several useful scripts one of which is removing Fingerprint/PIN passwords. It deletes some specific files but I'm not sure of the full extent of these scripts.