I've added my lockscreen pattern, but I'm not seeing an option for encrypting the phone anywhere in the settings. I've added the pattern to needed at startup, but again, not seeing anywhere to encrypt the phone, unless it's set that way as default and I'm missing it. Anyone know of a way to find out for sure what the encryption status is?
scottricketts said:
I've added my lockscreen pattern, but I'm not seeing an option for encrypting the phone anywhere in the settings. I've added the pattern to needed at startup, but again, not seeing anywhere to encrypt the phone, unless it's set that way as default and I'm missing it. Anyone know of a way to find out for sure what the encryption status is?
Click to expand...
Click to collapse
I'm fairly sure it's encrypted by default.
Make sure you encrypt your sd card.
Sent from my LG-H872 using Tapatalk
Saythis said:
I'm fairly sure it's encrypted by default.
Click to expand...
Click to collapse
It looks like it.
https://www.reddit.com/r/lgg6/comments/6a0tbb/encryption/
My US997 is not encrypted, I can boot into TWRP and see my files without typing in the PIN like I had to on my Nexus 6P.
No option in settings that I can find besides encrypting the SD Card.
Anyone get this figured out?
Does anyone have the option to encrypt their phone (not sd card)?
cory733 said:
Anyone get this figured out?
Does anyone have the option to encrypt their phone (not sd card)?
Click to expand...
Click to collapse
I just got a used/refurbished US997 the other day. From what I remember, it came with Android 7.0 and the first time I booted it up it asked me to create a pattern to start the phone (encrypt like our old 6Ps). Once setup it downloaded a major system update and restarted, and asked me for the pattern to start the phone. Once it booted up again it installed another major system update and when THAT rebooted it no longer asked for a pattern to start the phone.
I wonder if it is just the most recent version of 7.1.2 that removed the encryption? I'm pretty sure there is a way to unpack the boot images to see (I was doing this trying to revive my 6P bootloop). I too would like to encrypt my phone given that it doesn't seem to impact performance any more. Perhaps once we get Android 8.0 it will be brought back.
How do you like the G6 compared to the 6P? I'm still getting used to a few items but installing the Google Now Launcher really helped. I find the fingerprint scanner/power button combo to be really lacking (ergonomics and usability) compared to the 6P and I really miss the power button short cut to launch the camera.
Also, what's the point of TWRP? When I was trying to revive my 6P everyone kept mentioning it, but I don't quite understand why I should install that.
Thanks for the detailed response, I'll probably just leave it alone then until we get an update.
For TWRP, I installed it flash Magisk, and whatever else I might want to flash later. Always good to have an efs backup somewhere safe also. If you had a complete backup from twrp of your 6p, it may have helped you fix whatever you were having a problem with.
Compared to the 6p I love it because it fits in my pocket and has an sd card slot. The lack of mods/ dev support for this phone amazes me though.
After some more research, trying some more stuff, I came across some more info:
I turned off OEM unlocking in developer options then turned it back on. This message appears when enabling OEM unlocking: "Warning: device protection features will not work on this device while this setting is turned on."
Then I came across this thread about an S7 where someone mentions that if you enable OEM unlocking, you will lose access to Secure Startup:
https://forum.xda-developers.com/galaxy-s7/help/root-secure-startup-t3729184
Edit: looking through the fulmics thread, which i believe currently uses 7.0? There are posts in there about encryption/secure start not working either.
Can someone with a locked bootloader check to see if they have this setting? Should be settings - fingerprints and security - encryption / secure start.
cory733 said:
After some more research, trying some more stuff, I came across some more info:
I turned off OEM unlocking in developer options then turned it back on. This message appears when enabling OEM unlocking: "Warning: device protection features will not work on this device while this setting is turned on."
Then I came across this thread about an S7 where someone mentions that if you enable OEM unlocking, you will lose access to Secure Startup:
https://forum.xda-developers.com/galaxy-s7/help/root-secure-startup-t3729184
Edit: looking through the fulmics thread, which i believe currently uses 7.0? There are posts in there about encryption/secure start not working either.
Can someone with a locked bootloader check to see if they have this setting? Should be settings - fingerprints and security - encryption / secure start.
Click to expand...
Click to collapse
Ah, you may be onto something there. I did enable unlocking in the developer options, but if I remember correctly I need to perform an ABD or Fastboot command to actually unlock it, right?
u.of.ipod said:
Ah, you may be onto something there. I did enable unlocking in the developer options, but if I remember correctly I need to perform an ABD or Fastboot command to actually unlock it, right?
Click to expand...
Click to collapse
Yes, the fastboot command is what unlocks it. I think the oem unlock setting just allows you to be able to unlock it with fastboot.
cory733 said:
Edit: looking through the fulmics thread, which i believe currently uses 7.0? There are posts in there about encryption/secure start not working either.
Can someone with a locked bootloader check to see if they have this setting? Should be settings - fingerprints and security - encryption / secure start.
Click to expand...
Click to collapse
Yes I have and use that option on my stock ROM, it's available with unlocked bootloader as well. I understand that on stock the G6 is encrypted by default.
TWRP cannot mount the encrypted /data or at least couldn't when I last tried. So when you flash TWRP and try to install a custom ROM that currently works only after formatting /data (where you have to confirm with "yes") and that kills the encryption.
The custom ROMs set Force Encryption = off so that the bootloader does not complain.
The combination of an unlocked bootloader and unencrypted /data is a no go for me, because anyone who knows how to boot into recovery can simply use the TWRP file manager to get/reset fingerprint and password data and can turn off the lock screen. Everything is plain open, I've tried.
I was not able to re-enable encryption on either Fulmics or LOS. Fulmics shows the Secure Boot option but on the next start the keyboard to enter the password crashes (loop) and never comes up so I got stuck and had to reinstall. On LOS official the option to encrypt is available but not functional (yet, they say).
So I'm back on stock. My main interest with alternative ROMs is to get security updates where LG fails badly but I hope it gets better once Oreo is out given that the G6 has been registered for Google's business programme. I'd love to use LOS once it encrypts.
It's a bit sad because e.g. LOS encrypts a Samsung I have just fine but there you go - I'm not bright enough to improve LOS for the G6. The Fulmics guys are simply not interested in encryption, never got a reply when I raised the keyboard issue even though I sponsored quite a sum. I assume Fulmics cannot re-enable encryption, because it's based on stock. Stock (contrary to LOS) has no dedicated encryption option for /data and does not need it normally because it comes encrypted. Fulmics install has to format not just wipe the partition so encryption gone and no way back.
I got encryption back by returning to stock using LG Bridge.
Thanks for that reply, that clears things up a lot.
So now that you're on stock, you didn't flash TWRP? You mentioned that formatting data is what kills the encryption, but do we need to format data to flash magisk? Could I flash stock, unlock, flash twrp, leave data encrypted, then flash magisk? Then just install the app manually after booting?
I only need twrp for efs backup, which I now have, and to install magisk.
Rooted/encrypted stock is all I'm looking to achieve right now.
Moldeb said:
Yes I have and use that option on my stock ROM, it's available with unlocked bootloader as well. I understand that on stock the G6 is encrypted by default.
TWRP cannot mount the encrypted /data or at least couldn't when I last tried. So when you flash TWRP and try to install a custom ROM that currently works only after formatting /data (where you have to confirm with "yes") and that kills the encryption.
The custom ROMs set Force Encryption = off so that the bootloader does not complain.
The combination of an unlocked bootloader and unencrypted /data is a no go for me, because anyone who knows how to boot into recovery can simply use the TWRP file manager to get/reset fingerprint and password data and can turn off the lock screen. Everything is plain open, I've tried.
I was not able to re-enable encryption on either Fulmics or LOS. Fulmics shows the Secure Boot option but on the next start the keyboard to enter the password crashes (loop) and never comes up so I got stuck and had to reinstall. On LOS official the option to encrypt is available but not functional (yet, they say).
So I'm back on stock. My main interest with alternative ROMs is to get security updates where LG fails badly but I hope it gets better once Oreo is out given that the G6 has been registered for Google's business programme. I'd love to use LOS once it encrypts.
It's a bit sad because e.g. LOS encrypts a Samsung I have just fine but there you go - I'm not bright enough to improve LOS for the G6. The Fulmics guys are simply not interested in encryption, never got a reply when I raised the keyboard issue even though I sponsored quite a sum. I assume Fulmics cannot re-enable encryption, because it's based on stock. Stock (contrary to LOS) has no dedicated encryption option for /data and does not need it normally because it comes encrypted. Fulmics install has to format not just wipe the partition so encryption gone and no way back.
I got encryption back by returning to stock using LG Bridge.
Click to expand...
Click to collapse
I have my LG G2 encrypted with LineageOS and TWRP can decrypt the data, in fact it asks for password just after entering recovery.
G2? Why should that be relevant for G6? Totally different hardware...
---------- Post added at 07:25 AM ---------- Previous post was at 07:11 AM ----------
cory733 said:
Thanks for that reply, that clears things up a lot.
So now that you're on stock, you didn't flash TWRP? You mentioned that formatting data is what kills the encryption, but do we need to format data to flash magisk? Could I flash stock, unlock, flash twrp, leave data encrypted, then flash magisk? Then just install the app manually after booting?
I only need twrp for efs backup, which I now have, and to install magisk
Click to expand...
Click to collapse
I don't have TWRP right now, used to have it of course. I've not tried to just root but you can try using Zefie's unofficial version (the official can cause corruption). You'll see whether TWRP can mount the required volumes rw. If TWRP cannot mount or asks a password and yours doesn't work, you have run into LG's ex works encryption...
Moldeb said:
G2? Why should that be relevant for G6? Totally different hardware...
Click to expand...
Click to collapse
Maybe you are running a different version of TWRP or unofficial build?
On my LG G2 D802 I've installed twrp-3.2.1-0-d802-bump-blastagator-signed.zip and it prompts for decrypting password. Try this same version in case it helps on your LG G6. It should look something like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I know what it looks like, will certainly not install any G2 (D802) software on a G6 (H870) and don't recommend anyone does unless they want to brick their G6.
Moldeb said:
I know what it looks like, will certainly not install any G2 (D802) software on a G6 (H870) and don't recommend anyone does unless they want to brick their G6.
Click to expand...
Click to collapse
Look for the version for your G6, I'M NOT TELLING YOU TO USE THE G2 VERSION OF COURSE YOU SHOULDN'T DO THAT WHERE DO I SAY SUCH THING.
All the time basically. The positive experience on your G2 is as irrelevant as on my Samsung where encryption also works. Not on the G6 and I've tried the official TWRP as well as Zefie's. The problem is not that the password dialogue is missing but that your password will not work because LG seems to use something else for stock encryption.
Which is why all ROMs ask to format and not just wipe /data.
Moldeb said:
All the time basically. The positive experience on your G2 is as irrelevant as on my Samsung where encryption also works. Not on the G6 and I've tried the official TWRP as well as Zefie's. The problem is not that the password dialogue is missing but that your password will not work because LG seems to use something else for stock encryption.
Which is why all ROMs ask to format and not just wipe /data.
Click to expand...
Click to collapse
I think I have the same problem. So basically, it's not possible to use a custom ROM with encryption? I
Related
Hi,
I bought the Samsung Galaxy S5 and the fingerprint reader works reasonably well (as in it works, nothing in comparison to apple though, so don't buy it for the fingerprint reader ) for unlocking the screen...
However its a work requirement that my phone has full device encryption, as phones are regularly stolen where I travel.... it seems when I enable encryption I lose the ability to use the fingerprint reader to unlock the phone .... I bought this hoping that I could avoid having to type in my complex password just to unlock the screen, as I got so tired of doing that with my S2
Is there any mods to enable finger print reader screen unlock + full device encryption at boot time for the Galaxy S5 yet? ... I saw some references to pattern unlock / pin with device encryption... but I would think the fingerprint reader is different...
Thanks!
S5 Full disk encryption with fingerprint unlock
I also have this question. I believe on the Nexus 5 it at leasts lets you use face unlock with full device encryption. And I read on one article that you should be able to do this but i do not think the author actually tried this. I will say from my own personal experience that you can infact decrypt the device after encrypting it without doing a complete wipe of the device and you can restore the use of fingerprints to unlock your phone. It seems like for security minded people this would be a great feature but if it is unable to be used with full device encryption it seems a little pointless to me. Being forced to use a PIN or password to use encryption is a big pain point for android users who want some type of security.
Yes I can't believe that no one has really complained about this yet - but I guess encryption isn't' that important to people as I imagined
androidpleb said:
Yes I can't believe that no one has really complained about this yet - but I guess encryption isn't' that important to people as I imagined
Click to expand...
Click to collapse
I am having the same pain, as I use my S5 for BYOD.
It makes no sense when you can use fingerprint to make payments with paypal but not unlocking the phone when it is encrypted.
Hope Samsung can enable this feature in next update.
I'd like this too.. as well as, the iPhone has a cydia app (that a friend of mine showed me), that you can basically disable the power button from turning off the phone while it is fingerprint locked. That would definately be nice to have on the S5 (since it's done through an app). That would have stopped the person who stole my wife's S4 from turning it off when it was blasting the locator ring at them!
sorphin said:
I'd like this too.. as well as, the iPhone has a cydia app (that a friend of mine showed me), that you can basically disable the power button from turning off the phone while it is fingerprint locked. That would definately be nice to have on the S5 (since it's done through an app). That would have stopped the person who stole my wife's S4 from turning it off when it was blasting the locator ring at them!
Click to expand...
Click to collapse
I can't believe that the fingerprint sensor can't be used if encryption is enabled whatsoever. I could understand the iPhone model, requiring a pin before a fingerprint can be used, but by disabling fingerprint lockscreen, boot unlock, and SD unlock, the fingerprint sensor is now wholly useless for convenience.
It's too trivial to extract data from an unencrypted Android. By not supporting encryption with a measure of covenieve, I don't see the point in including a fingerprint sensor whatsoever given the current software limitations.
Please, someone, figure out what sqlite/settings need to be changed so we can make decent use of our phones fingerprint sensor.
After some experiments, i found out a procedure to enable FDE and fingerprint lockscreen. Root is required (or at least I guess, I didn't try with a non-rooted system...).
These are the steps:
1) set up fingerprint lockscreen
2) with a root explorer, go to /data/system folder, and backup locksettings.db, locksettings.db-shm and locksettings.db-wal to sd card
3) set up password lockscreen
4) encrypt the device
5) when encryption is done, restore the backed-up files to /data/system: you should have fingerprint lockscreen again (no reboot needed, just turn the screen off, and magically the password should be vanished )
CAVEAT 1: with my system configuration, I wasn't able to encrypt the device directly: the encryption procedure started, but after reboot nothing happened, the device just booted normally. I don't know the exact reason, in some forums they suppose that it happens on kitkat when the device is rooted. I was able to bypass the problem only adding these steps to the procedure:
...
3b) with TWRP, backup the /system partition, and restore the stock non-rooted /system
4) encrypt the device
4b) restore the original rooted /system partition
...
I don't know if steps 3b) and 4b) are always necessary, let me know...
If you need these steps, don't worry if before restoring your custom /system partition the encryption password isn't recognized, just restore the partition and all will work fine
CAVEAT 2: once encrypted, I didn't find a way to unencrypt the device, because the unencrypt ion procedure starts, but after reboot the device is still encrypted, similar to what described in caveat 1. I tried to replace the /system partition with the stock one, but the encryption password was no longer recognized.
CAVEAT 3: the current TWRP (2.7.1) isn't able to mount S5 encrypted data partition, and restoring an image made with online nandroid backup doesn't seem to work either. So, if you want to make an image of your phone (and I suggest to do it ), do it before encryption
Boot Loop
fabiokino said:
After some experiments, i found out a procedure to enable FDE and fingerprint lockscreen. Root is required (or at least I guess, I didn't try with a non-rooted system...).
These are the steps:
1) set up fingerprint lockscreen
2) with a root explorer, go to /data/system folder, and backup locksettings.db, locksettings.db-shm and locksettings.db-wal to sd card
3) set up password lockscreen
4) encrypt the device
5) when encryption is done, restore the backed-up files to /data/system: you should have fingerprint lockscreen again (no reboot needed, just turn the screen off, and magically the password should be vanished )
CAVEAT 1: with my system configuration, I wasn't able to encrypt the device directly: the encryption procedure started, but after reboot nothing happened, the device just booted normally. I don't know the exact reason, in some forums they suppose that it happens on kitkat when the device is rooted. I was able to bypass the problem only adding these steps to the procedure:
...
3b) with TWRP, backup the /system partition, and restore the stock non-rooted /system
4) encrypt the device
4b) restore the original rooted /system partition
...
I don't know if steps 3b) and 4b) are always necessary, let me know...
If you need these steps, don't worry if before restoring your custom /system partition the encryption password isn't recognized, just restore the partition and all will work fine
CAVEAT 2: once encrypted, I didn't find a way to unencrypt the device, because the unencrypt ion procedure starts, but after reboot the device is still encrypted, similar to what described in caveat 1. I tried to replace the /system partition with the stock one, but the encryption password was no longer recognized.
CAVEAT 3: the current TWRP (2.7.1) isn't able to mount S5 encrypted data partition, and restoring an image made with online nandroid backup doesn't seem to work either. So, if you want to make an image of your phone (and I suggest to do it ), do it before encryption
Click to expand...
Click to collapse
I get samsung boot loop using the above instructions
Pierreseoul said:
I get samsung boot loop using the above instructions
Click to expand...
Click to collapse
Hi guys! Did someone try this solution? I unfortunately have the same issue and unlock my device each time make me crazy!
Thanks in advance.
Same problem
I purchased a Galaxy S5 and I have the same problem, unfortunately I cannot root my phone due to security policies in my company. :crying:
I hope Samsung will solve the issue. :fingers-crossed:
Have anyone contacted to Samsung Support Center?
Pierreseoul said:
I get samsung boot loop using the above instructions
Click to expand...
Click to collapse
What is the consequence of boot loop if you are using stock boot loader? Odin mode required to recover? Something less drastic? What device model are you using?
I found a possible solution that involves deactivating SuperSU and running encryption from there. Still investigating. I am thinking that the solution from @fabiokino will work in this case too.
I'm curious about this aswell.
Doesn't anyone know a working solution?...
It is really frustrating the very least. I can't believe there isn't a way (or if there is, a guide) to do this (with or without root access).
I have also heard it is doable on the Note 4. See this post for example http://forum.xda-developers.com/showpost.php?p=57103664&postcount=7.
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
How?
healpowah said:
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
Click to expand...
Click to collapse
Can you explain how please? I'm on stock lollipop as well and cannot use fingerprint scanner with FDE. Wondering if there's a process to it?
Thanks!
healpowah said:
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
Click to expand...
Click to collapse
Nice to see this, hope it will work on my Galaxy tab S too
Did you see this?
https://www.jethrocarr.com/2013/12/29/encrypting-disk-on-android-4/
GermanDoerksen said:
Can you explain how please? I'm on stock lollipop as well and cannot use fingerprint scanner with FDE. Wondering if there's a process to it?
Thanks!
Click to expand...
Click to collapse
Unluckily the trick showed in the previous link only encrytps the main device and not the micro SD
Joker87 said:
Unluckily the trick showed in the previous link only encrytps the main device and not the micro SD
Click to expand...
Click to collapse
Well for me that really wouldn't be a problem. I don't have an SD card so I'm okay with just FDE. Thing is I really really don't want to root my phone... No particular reason other than every older android device I've done it on always ends up slow and buggy after a few months use until I reflash with stock ROM. I would like my phone to stay buttery smooth for once..
GermanDoerksen said:
Well for me that really wouldn't be a problem. I don't have an SD card so I'm okay with just FDE. Thing is I really really don't want to root my phone... No particular reason other than every older android device I've done it on always ends up slow and buggy after a few months use until I reflash with stock ROM. I would like my phone to stay buttery smooth for once..
Click to expand...
Click to collapse
You could root then unroot it after you have encrypted it
Joker87 said:
You could root then unroot it after you have encrypted it
Click to expand...
Click to collapse
you're right... plus it's not really the "rooting" process that makes it slow, it's installing another ROM. Having a rooted phone doesn't necessarily have any performance impact... just opens up a few things for me. Interesting. Thanks! Unfortunately I've already encrypted so now I have to find that thread about how to decrypt lol.
Thanks!
So, I accidentally encrypted my device when I booted a kernel that had "force encryption." Ooops. When I rebooted, it immediately started encrypting. (No prompts.)
I tried to decrpyt, but it kept asking me for a password (which I never set up) and then would say that the password was correct (no matter what I typed), but something is corrupted in my data... and that I had to factory reset.
Sure. Bite me, Google!
Steps to recover:
1. Power off
2. Boot into the bootloader
3. Boot into TWRP recovery. TWRP see's all my data fine and doesn't ask for a pw.
4. Backup the phone.
5. Use adb to pull the backup off the phone.
6. Go back into fastboot and run: fastboot format userdata.
7. Boot the phone normally (with a kernel that doesn't force encryption.)
8. (the only reason to boot here is so that android creates the proper /data directory structure.)
7. Back into TWRP...
8. adb again to push the TWRP backup back to the phone
9. Restore the backup made in step 4.
10. Reboot again. Success. Done. Everything works fine and I'm not encrypted.
So much for security, Google. Pfft...
Forgive my ignorance, I am not yet a n6 owner. What, are the disadvantages of encryption?
almahix said:
Forgive my ignorance, I am not yet a n6 owner. What, are the disadvantages of encryption?
Click to expand...
Click to collapse
Read and write speeds are slower as all data is decrypted and then encrypted as it is used.
Sent from my Nexus 7
EverDawn4 said:
Read and write speeds are slower as all data is decrypted and then encrypted as it is used.
Sent from my Nexus 7
Click to expand...
Click to collapse
Also due to the extra number crunching overhead, more battery burning.
I see how that is a negative. I'm surprised there isn't an easier way to disable encryption. I expect by tbe time I get one early next year some awesome dev will resolve that.
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Sent from my Nexus 6
garyd9 said:
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Click to expand...
Click to collapse
Encryption does have some positives, such as more protection of your data. How you describe and what you didnt doesnt show it as having much positives though
You claim it is worthless, because you could use root access and unlocked fastboot to push and pull data and all that, but can you really do all that so easily and get by the encryption without any root access and a locked bootloader? What about a not yet authorized ADB and you cant get into the device because it is locked and encrypted (in this scenario we are trying to break the encryption, not just go into the ROM and hit accept). I think everything is easier when you already have things unlocked and full system access.
Seems pretty secure to me. By the time you got to where you wanted to be, all data on the device was gone.
Mission: Accomplished.
The ONLY requirement to repeat my steps is either an installed custom recovery or an unlocked boot loader.
I'd agree with your argument if google allowed a non-encrypted fs if/when a boot loader was unlocked (which would be simple as /data is formatted on unlock anyway.)
Instead, google forces the encryption unless you swap boot partitions
Who's to say that the boot loader lock can't be worked around by someone determined? We haven't tried yet for the simple reason that the effort seems futile when we can so easily do it with fastboot. However, boot loader locks HAVE been worked around to boot custom recoveries on other devices such as Samsung and LG phones.
Once your in recovery, as I explained above, all the supposedly encrypted data is accessible.
Sent from my Nexus 6
garyd9 said:
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Sent from my Nexus 6
Click to expand...
Click to collapse
It can be bypassed because you are using the default encryption key. If you set a pin or a password it changes the encryption key and you need to enter that in recovery to access the partition.
No positives... Lol
rbox said:
It can be bypassed because you are using the default encryption key. If you set a pin or a password it changes the encryption key and you need to enter that in recovery to access the partition.
Click to expand...
Click to collapse
How many "typical" users will set a pin or password? Those same users, if they are concerned about data security, would be manually enabling encryption already.
Google (and Apple) came up with this "great" idea to force encryption on by default (and, at least in Google's case, make it the ONLY choice without modifying the system boot partition.) They claim they did this to protect data. What protection is there if Google allows the "typical" user to use the "default encryption key" and it's so easy to get the data even if "encrypted?"
I think what I'm getting at here is that I was extremely disappointed that it was so easy for me to get at my "encrypted" data using back door methods. I suspect that MOST people won't set up any extra keys/pins, and will allow the default key. They'll see that the device is "encrypted" and feel some FALSE sense of security. In fact, those people are facing a performance penalty of some degree in order to have that FALSE security.
Here's how I think Google should have done things:
1. First and foremost, don't use software encryption. Require the encryption system to have some form of hardware acceleration.
2. Instead of 'forceencryption', the fs manager should default to encryption ON if the bootloader is locked, and default to OFF if the bootloader is unlocked. The result would be that unlocking the bootloader (which nukes the /data partition and causes it to be reformatted) would start with an un-encrypted userdata partition. (The user could still enable encryption.)
3. In conjunction with #2, if there's no encryption key provided by the user, then DON'T ENCRYPT. I honestly believe that a false security is WORSE than none at all, and apparently the "default" encryption key is all but useless.
On the other hand, I hope my first post in this thread helps some user (or dev) who accidentally encrypts their filesystem while playing with kernels. Up until then, it was believed that once the userdata became encrypted, there was no way to reverse it.
Keep in mind, we XDA users are not typical users so of course we could figure this out. Secondly anyone even remotely interested in security has a password on their phone. Lastly, a question, does encryption prevent people from plugging your phone into a PC and seeing your data?
SymbioticGenius said:
Keep in mind, we XDA users are not typical users so of course we could figure this out. Secondly anyone even remotely interested in security has a password on their phone. Lastly, a question, does encryption prevent people from plugging your phone into a PC and seeing your data?
Click to expand...
Click to collapse
A counter-question: Who (or what) is google trying to "protect" us from with forcing encryption on?
No, encryption doesn't seem to block normal MTP access. Basically, an "encrypted" device (with no password), once booted, appears the same as a non-encrypted device (just a bit slower on data access.) The portion of /data presented as the "internal sd card" is accessible via MTP regardless of if encryption is on or off. (other portions of /data aren't accessible via MTP.)
With adb functional, unix permissions will block quite a bit, and once you add root to the mix, the entire phone can be accessed. (selinux probably introduces more restrictions, but I'm not familiar with them.)
Again, that leads back to the question of just who google is trying to protect us from. If the phone is encrypted (with no password) by default, and can easily be decrypted if no password was provided, then what good is the encryption? Why suffer the overhead of encryption when it doesn't serve any effective purpose?
TWRP tries the default password. If you had changed it, TWRP wouldn't have worked at all.
That was not a fair assessment of the encryption used on Android.
I actually don't think it's a big deal especially since you didn't have a password. Encryption without a password is like a door without a lock.
Also I'm assuming that once a password is active that MTP will be disabled without said password?
Again.... The point is that android is forcing encryption on even without a password. I KNOW I have no password, but if having no password makes encryption useless, why FORCE it to be on?
Sent from my Nexus 6
I think it's better than the current, if you encrypt you must use a password 24/7 mode. I prefer it this way because it's currently how I use my phone. I have a pin when I feel it's necessary (work sometimes, phone charging on a table, bar hopping, etc.) or basically whenever someone might be able to access my phone without my noticing. Otherwise I have my pin off. This works almost exactly how I've been wanting it for years. As long as when my pin is active people can't plug my phone in and view my stuff.
Hello, on my Galaxy, the encryption function is gone and i was told it's because i rooted the device. Other function aren't working and few troubles comes in. I need to know if this is the same with the LG G6. Let me know, thanks
You can root LG G6 without losing any function, you van even keep encryption (although there are some problems with the recovery)
I'm not sure if you may not be able to see DRM protected content, as I've never used it
Actually, i said wrong : it's not that encryption is gone, it's here. What's gone is the option to have your pattern/pin asked during boot. That's a security i can't live without. So after rooting, is this option still available on the G6 stock rom (wether it's nougat, oreo..)?
goja said:
Actually, i said wrong : it's not that encryption is gone, it's here. What's gone is the option to have your pattern/pin asked during boot. That's a security i can't live without. So after rooting, is this option still available on the G6 stock rom (wether it's nougat, oreo..)?
Click to expand...
Click to collapse
On G6 if you set a pattern, you need it to unlock the phone after booting, always. Also, there is another extra option (see image)
I would say that the option is still here on unencrypted phones, but I can't confirm 100% since I have the phone encrypted. (on nougat)
Hey.
I unlocked the bootloader (unlock oem under developer options, and with vol up + down when plugging the usb cable in + vol up for 5sec)
When I try to flash the according TWRP tar I get an error on my tab5se, it says "Only official released binaries are allowed to be flashed(recovery)
And Odin says "Fail! (Auth)"
I got no clue where to go from here.
I want to install Lineage 17.1 onto the Tab5se.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
lvlanson said:
When I try to flash the according TWRP tar I get an error on my tab5se, it says "Only official released binaries are allowed to be flashed(recovery)
Click to expand...
Click to collapse
LuK1337's Instructions need to be followed exactly, dont add anything, dont skip anything (Dont wipe anything unless listed). Did you flash the VBMeta image?
OhioYJ said:
LuK1337's Instructions need to be followed exactly, dont add anything, dont skip anything (Dont wipe anything unless listed). Did you flash the VBMeta image?
Click to expand...
Click to collapse
I was following faulty instructions. I came across this post a little later and added the VBMeta after I managed to install TWRP. Weirdly I did work and I could manage to install Lineage OS17.1 by now.
Thanks for your assistance
lvlanson said:
I was following faulty instructions. I came across this post a little later and added the VBMeta after I managed to install TWRP. Weirdly I did work and I could manage to install Lineage OS17.1 by now.
Thanks for your assistance
Click to expand...
Click to collapse
When that happens it means you skipped a step, usually this means you didnt flash something and boot system to verify OEM unlocking is still on, or atleast thats my experience.
I'm having the same message, but in an early stage. I can't even flash vbmeta.tar. Any idea how to solve this?
svierkant said:
I'm having the same message, but in an early stage. I can't even flash vbmeta.tar. Any idea how to solve this?
Click to expand...
Click to collapse
have you found a solution?
kaho_tam said:
have you found a solution?
Click to expand...
Click to collapse
i need some help , i currently have an s8 everytime i try to flash twrp i get an error saying "only official binaries are allowed to be flashed (recovery) .i downloaded a new stock firmware an flashed it an everything went fine ,but when i went to flash twrp i got the same error (please help)
romell0018 said:
i need some help , i currently have an s8 everytime i try to flash twrp i get an error saying "only official binaries are allowed to be flashed (recovery) .i downloaded a new stock firmware an flashed it an everything went fine ,but when i went to flash twrp i got the same error (please help)
Click to expand...
Click to collapse
i got same problem. my usb debug is on and oem unlock is on. already flashed the stock firmware and when i try to install twrp in odin i got error of only official binary allowed. please help
Same
ling12fanny said:
i got same problem. my usb debug is on and oem unlock is on. already flashed the stock firmware and when i try to install twrp in odin i got error of only official binary allowed. please help
Click to expand...
Click to collapse
Same problem for me as well, S9+ G956F/DS
oh man, I'm having the exact same issue and all I could find (none of which has worked) is to somehow get rid of the triggered Knox security (boo, Samsung). I'll update you all if I manage to get something working but... I think it's a lost cause so far
Hi XDA Forums,
I SOLVED THIS ISSUE:
All we've to do it to turn the phone on and fulfil these 3 requirements: All these 3 requirements can be found in the settings of the phone (Hereby I'm talking specifically about Samsung devices) and for mine it's Samsung Galaxy S9+.
- Enable Developer Mode, enable USB Debugging.
- From the same developer option, enable the OEM Unlocking (however may require reboot and reset).
- When the device reboots, turn on the device, go to the phone, go to the phone's settings and change the date manually to 2 August 2019.
Once you've change the date which is the last step then you can go back to the DOWNLOAD mode and install your demanded files (Recovery etc).
Thank you XDA.
Alyaan Khalique said:
Hi XDA Forums,
I SOLVED THIS ISSUE:
All we've to do it to turn the phone on and fulfil these 3 requirements: All these 3 requirements can be found in the settings of the phone (Hereby I'm talking specifically about Samsung devices) and for mine it's Samsung Galaxy S9+.
- Enable Developer Mode, enable USB Debugging.
- From the same developer option, enable the OEM Unlocking (however may require reboot and reset).
- When the device reboots, turn on the device, go to the phone, go to the phone's settings and change the date manually to 2 August 2019.
Once you've change the date which is the last step then you can go back to the DOWNLOAD mode and install your demanded files (Recovery etc). If one may face problems, contact me on my whatsapp: +92 3159006552.
Thank you XDA.
Click to expand...
Click to collapse
I got super excited and immediately wanted to test it out but I still get FAIL in Odin when I try to flash TWRP and "Only official released binaries are allowed to be flashed (RECOVERY)" at the bot left in Download mode under all the text. Weirdly enough though, every time I change the date and restart the phone, it goes back to 28 June 2021 (this may be when I tried installing the stock firmware again but it didn't work either... why can't I just connect to the Samsung servers and automatically get the correct version for my phone, which also doesn't have stuff like jackpotlte in the description... I know I can get the correct firmware from sammobile but I feel like it should be more REAL )
nasko7 said:
I got super excited and immediately wanted to test it out but I still get FAIL in Odin when I try to flash TWRP and "Only official released binaries are allowed to be flashed (RECOVERY)" at the bot left in Download mode under all the text. Weirdly enough though, every time I change the date and restart the phone, it goes back to 28 June 2021 (this may be when I tried installing the stock firmware again but it didn't work either... why can't I just connect to the Samsung servers and automatically get the correct version for my phone, which also doesn't have stuff like jackpotlte in the description... I know I can get the correct firmware from sammobile but I feel like it should be more REAL )
Click to expand...
Click to collapse
Was the wifi turned on when you changed the date? Please Turn the wi-fi on, and then repeat the same requirements I mentioned above. When you're in Downloading mode install TWRP and IA it will be done.
It will definately work out, It was showing me the exact same issue but then I changed the date, powered off, booted it into download mode and installed the TWRP and even setted up the ROM (Noble ROM 1.5 By AlexisXDA). Also once you change the date to 2 August 2019, and you confirm it's changed. Then you have to turn the phone off and boot it into download mode (dont restart) but download TWRP via Odin and boot into the RECOVERY MODE directly.
Also if OEM unlock option is not being displayed in DEV options, changing the date to 2 August 2019 will show automatically unhide the option. The point when TWRP will be installed successfully, still don't let in boot to the system, go to the Recovery mode) i.e new TWRP.
Try to repeat the methods with the WI-FI on and let me know here again.
Alyaan Khalique said:
Hi XDA Forums,
I SOLVED THIS ISSUE:
All we've to do it to turn the phone on and fulfil these 3 requirements: All these 3 requirements can be found in the settings of the phone (Hereby I'm talking specifically about Samsung devices) and for mine it's Samsung Galaxy S9+.
- Enable Developer Mode, enable USB Debugging.
- From the same developer option, enable the OEM Unlocking (however may require reboot and reset).
- When the device reboots, turn on the device, go to the phone, go to the phone's settings and change the date manually to 2 August 2019.
Once you've change the date which is the last step then you can go back to the DOWNLOAD mode and install your demanded files (Recovery etc). If one may face problems, contact me on my whatsapp: +92 3159006552.
Thank you XDA.
Click to expand...
Click to collapse
2 August 2019 doesn't always work. To find out what date you should change to, go to
"About Phone" and search for Android Security Patch Level, at the very bottom of the list.
Alyaan Khalique said:
Hi XDA Forums,
I SOLVED THIS ISSUE:
All we've to do it to turn the phone on and fulfil these 3 requirements: All these 3 requirements can be found in the settings of the phone (Hereby I'm talking specifically about Samsung devices) and for mine it's Samsung Galaxy S9+.
- Enable Developer Mode, enable USB Debugging.
- From the same developer option, enable the OEM Unlocking (however may require reboot and reset).
- When the device reboots, turn on the device, go to the phone, go to the phone's settings and change the date manually to 2 August 2019.
Once you've change the date which is the last step then you can go back to the DOWNLOAD mode and install your demanded files (Recovery etc). If one may face problems, contact me on my whatsapp: +92 3159006552.
Thank you XDA.
Click to expand...
Click to collapse
Can't believe this actually worked.. thank you.
I was working with my tablet SM-T295 after I noticed that start lag after android 11 update, so.. I tried to downgrade it from 11 to 9, and that using TWRP, after backup data, I flashed it, and Odin exe said that the operation successfully done, but my tablet didn't did because it saying SECURTY FAIL : RECOVERY.img , so I tried booting it, and it surprisingly booted up! But I let it turned on until I goes to eat first, and I'm back... I founded that she turned off herself, I tried booting it up but it saying this...(jpeg)
Really need help, this is my main device.
El Khalil Bouzelmate said:
I was working with my tablet SM-T295 after I noticed that start lag after android 11 update, so.. I tried to downgrade it from 11 to 9, and that using TWRP, after backup data, I flashed it, and Odin exe said that the operation successfully done, but my tablet didn't did because it saying SECURTY FAIL : RECOVERY.img , so I tried booting it, and it surprisingly booted up! But I let it turned on until I goes to eat first, and I'm back... I founded that she turned off herself, I tried booting it up but it saying this...(jpeg)
Really need help, this is my main device.
View attachment 5558213
Click to expand...
Click to collapse
Have seen such messages in the past but don't remember the exact sequence of steps.
Always try flashing the vbmeta file from Odin whenever you get an official error. If error still persists, then flash TWRP once and then the stock recovery.
i'm stuck while installing vbmeta with odin :
<ID:0/003> vbmeta.img
Usually you can't flash your device with custom os using Odin directly, you need at least a recovery mode like TWRP, the first thing you need is TWRP recovery for your device model, then install it in your device using Odin toolkit, after that you gonna remove the nand from your device by deleting system data using TWRP, but be sure you already had the Firmware galaxy tab S5e in your PC in case you want to use your tablet again, after deleting sys data, cache...get an SD card (at least 4gb) and put the custom os in the SD card, then put it in your tablet, and select install option in TWRP, select the custom os, and start installing the os.
Alyaan Khalique said:
Hi XDA Forums,
I SOLVED THIS ISSUE:
All we've to do it to turn the phone on and fulfil these 3 requirements: All these 3 requirements can be found in the settings of the phone (Hereby I'm talking specifically about Samsung devices) and for mine it's Samsung Galaxy S9+.
- Enable Developer Mode, enable USB Debugging.
- From the same developer option, enable the OEM Unlocking (however may require reboot and reset).
- When the device reboots, turn on the device, go to the phone, go to the phone's settings and change the date manually to 2 August 2019.
Once you've change the date which is the last step then you can go back to the DOWNLOAD mode and install your demanded files (Recovery etc).
Thank you XDA.
Click to expand...
Click to collapse
i want to kiss you all over your face, its 6:36 in the morning, i've been trying to fix this problem for the past 6 hours
Hello,
I recently went through the ROOT process for H872 (T-Mobile version) and was able to install custom ROMs (PixelExperience_Plus_h872-10.0-20200326-2210-UNOFFICIAL & Havoc-OS-v3.7-20200711-h872-Official).
Every time I try to "Encrypt" the phone, phone asks for pin, restarts, shows android logo, reboots again and then gets stuck in bootloop (up to LG G6 ThinQ logo).
Only way to recover from this state is to boot into TWRP to format the data; and reflash everything.
Bootloader is unlocked.
Using TWRP 3.2.3 Nebula_Alph_20180813 (one from the root instruction).
Please let me know if there is a way to to enable encryption.
Thanks!
Unfortunately force encryption won't work in Custom ROMs. That's why I am on stock
SkylineDiT said:
Unfortunately force encryption won't work in Custom ROMs. That's why I am on stock
Click to expand...
Click to collapse
Thanks for the reply.
Yes, looks like you are correct.
Wonder if there is a ROM with default encryption.
tejtank said:
Thanks for the reply.
Yes, looks like you are correct.
Wonder if there is a ROM with default encryption.
Click to expand...
Click to collapse
Maybe Fulmics lol, But I dont know if there is version for H872. And Fulmics is outdated. You can try to debloat Stock ROM. Put Nova or other launcher
SkylineDiT said:
Maybe Fulmics lol, But I dont know if there is version for H872. And Fulmics is outdated. You can try to debloat Stock ROM. Put Nova or other launcher
Click to expand...
Click to collapse
Thanks for response.
Anyway to hide or bypass the encryption status ?
Stock Image = Encryption works but outdated security patch
Custom ROM = Encryption doesn't work but updated security patch
Not sure which is better... both have some risk
Encryption helps when you lost your phone, without passcode you cant access data
New security patch - helps in app or ir OS security, it harder to hack or to use holes in software to get access to various data when phone is use.
SkylineDiT said:
Encryption helps when you lost your phone, without passcode you cant access data
New security patch - helps in app or ir OS security, it harder to hack or to use holes in software to get access to various data when phone is use.
Click to expand...
Click to collapse
So in your opinion, encryption is priority over security patch?
tejtank said:
So in your opinion, encryption is priority over security patch?
Click to expand...
Click to collapse
For me encryption is priority, because I have sensitive data on a phone: banking app, email client and so on