With data breaches, leaks and hacks occurring on a regular basis, users are paying more and more attention to online security and encryption technology. However, someone gaining physical access to your device is an often-overlooked avenue of attack. To protect against this, we’ll show you how to encrypt Android devices and keep your apps, accounts and personal data safe.
How to Enable Encryption on Android
Enabling device encryption on your Android device is a very straightforward process, and many phones even have it enabled right out of the box. In order to complete the encryption process, your phone must be unrooted (we’ll discuss this more later), plugged in and have at least 80 percent battery remaining.
If the process is interrupted for any reason, you’re likely to lose access to all the data on your device. Thus, it’s advisable to run a full backup first, just to be safe. The best way to go about backing up your data is by using an online backup service app, so head over to our best online backup for mobile guide if you don’t already have one.
Although a dedicated backup service is always your best bet, there is also a built-in backup feature in Android itself. While not as good as, say, IDrive (read our IDrive review), which is our top pick for mobile backup services, it’s still good enough for a one-time job, so head over to our guide on how to backup Android to learn all about it.
The device encryption process varies slightly depending on what version of Android you have, so follow the relevant steps below for your Android version. It may also vary depending on what company built your device, as different OEMs (original equipment manufacturers) sometimes have different menu options.
If you’re not sure what version of Android is running on your phone, you can easily check this by entering the settings, tapping “about phone” and scrolling down to the section labelled “Android version,” where you should see the version number.
Encrypting Android 4.4 and Lower
If your device is running Android 2.3 (Gingerbread), then your best bet for accessing the encryption feature is by signing up for Microsoft Exchange and encrypting your device that way. Alternatively, if your phone is a Samsung Galaxy S, S2 or S Plus, you can download an app to enable encryption without the need for an Exchange account.
For Android 3.0 (Honeycomb) and up, the process is significantly easier. You first need to enable the lock screen, which you can find by entering the settings and then selecting “security.” From here, tap “screen lock” and choose your preferred method of authentication.
Once the lock screen is set up, you can return to the security settings and tap “encrypt phone.” You’ll be given an initial warning, followed by a prompt for your method of authentication (for example, your PIN).
After dismissing the second warning, your device will begin the encryption process. This should take about an hour and the process cannot be interrupted, so make sure to leave the device alone until it’s finished. Once complete, the device will reboot, and all your data should now be encrypted and protected from potential theft.
How to Encrypt Android 4.4 And Lower
- Open the Android settings from the apps menu
- Tap “security”
- If no lock screen is set, tap “screen lock”
- Choose your preferred method of authentication (slide, pattern, PIN or password)
- Return to security settings
- Tap “encrypt phone”
- Dismiss the first warning
- Enter your PIN or password
- Dismiss the second warning
- Wait for your phone to be encrypted
Encrypting Android 5.0 and Higher
If your Android device is running version 5.0 and higher, chances are encryption is already enabled by default. If it’s not, the steps to enable it are once again fairly straightforward. The exact names of the menus can vary a bit depending on your phone’s manufacturer, but overall there shouldn’t be too much of a difference.
Start by entering the Android settings and navigate to the “security” menu (sometimes called “security & location”). From here, you might already see an entry to encrypt your phone. If not, look for a menu called “encryption & credentials,” where you’ll find the aforementioned setting.
If your phone is already encrypted by default, it will say so here, and if so, your work is done and you can disregard the rest of the steps. On the other hand, if it’s not encrypted, proceed by tapping the “encrypt phone” setting, at which point you’ll be presented with two separate warnings covering all the precautions mentioned earlier in this article.
Once you’ve tapped through these warnings, your phone will begin the encryption process. This should take about an hour to finish, so simply put your phone down and leave it alone until the process is complete. This is important, as any interruption can result in the complete loss of all your data, with no way to recover it, as it will have been already partially encrypted.
Although Android 5.0 and up does not require users to turn on a lock screen to enable device encryption, it’s still highly recommended that you do so anyway, as an encrypted phone without some form of authentication is not really protected at all.
How to Encrypt Android 5.0 and Above
- Enter the Android settings
- Tap “security” or “security & location”
- Select “encryption & credentials” and/or “encrypt phone”
- Dismiss the warnings
- Wait for your phone to be encrypted
What Happens When You Encrypt Your Phone
In basic terms, encryption is a process that uses a key to “scramble” a user’s data, making it unreadable to anyone without the key to “unscramble” it again.
Obviously there’s a lot more to it behind the scenes, with different forms of encryption performing the intended task in different ways. For a more in-depth look at encryption technology, in general, check out our description of encryption.
Devices running Android 6.0.1 (Marshmallow) and earlier use full-disk encryption based on dm-crypt and are protected by an AES 128-bit key. Because nothing on the disk can be read without authentication, no apps will be able to perform their tasks if your device has rebooted and you haven’t yet entered your password.
For the most part, this isn’t a huge problem. However, in the case of an unexpected reboot, some apps, such as alarms and reminders, will not go off until users authenticate themselves.
Encryption Changes in Android 7.0
This problem was solved with Android 7.0 (Nougat), which changed the encryption process to a file-based one and introduced “direct boot,” allowing certain apps (such as alarms) to operate in a limited capacity, even without signing into the device with your password or PIN. The new file-based encryption also upped the key size to AES 256-bit, greatly improving security.
With either method, encryption is one-way, which means that once you’ve completed the process and encrypted your device, there’s no way to turn it off again without performing a complete factory reset on the encrypted device.
Furthermore, you may experience a slight hit to performance — especially if your device is old — as all the files on your phone must be decrypted in real time as you attempt to access them. However, for newer and more powerful devices, this should barely be noticeable, as they should be more than capable of performing the extra computations.
If your device is rooted — meaning you’ve gained full admin access (or root access) to the Android subsystems — it can’t be encrypted straight away. Rather, you’ll first have to unroot your device and then enable encryption before subsequently rooting it again.
This is incredibly important to bear in mind, as attempting to encrypt a rooted device can have catastrophic consequences for any data you haven’t backed up.
Can I Encrypt My Android Phone?
Encryption was added to Android phones all the way back in version 2.3 (Gingerbread), which was released in 2010. That said, the setting was not easily accessible without some hacks before version 3.0 (Honeycomb) on tablets and version 4.0 (Ice Cream Sandwich) on smartphones, both released in 2011.
Thus, unless you’re running a version of Android from almost a decade ago, you should be able to easily encrypt your device and ensure that your personal data is protected. On the other hand, if you’re still using a device running Android 2.3, the process becomes significantly more complicated, requiring third-party applications and accounts.
There you have it, everything you need to know about encrypting your Android phone or tablet. For new devices, chances are device encryption is already enabled, but if not, it’s one of the biggest steps users can take toward ensuring they’re protected if their device is stolen or lost.
As a final warning, make sure that you take the recommended precautions before starting the encryption process. Backup your sensitive data using the best cloud storage for Android, such as Sync.com, which is an excellent choice (read our Sync.com review).
You also need to ensure that the device isn’t rooted, and take care to leave it alone and plugged in until it’s finished encrypting. Failure to follow these precautions can result in the loss of all your data, with no way to recover it again.
Subscribe to our monthly newsletter for updates on reviews, articles and investigations.
What do you think of our guide? Did you find it easy to follow, or were any of our steps unclear? Perhaps you ran into some error or problem not covered in this guide? Let us know in the comments below. Thank you for reading.