Pattern Unlock an Encrypted Android Phone

We’re all familiar with the possibility of data security breaches. Web sites get hacked, passwords get compromised, laptops get stolen. To mitigate these risks, we (try to) use strong passwords, keep our computers under lock and key, and encrypt our personal data. But what about our phones? They are increasingly relied on as mini-computers in our pockets, replete with email accounts, banking apps, and sensitive Dropbox files. Many apps store usernames and passwords in plain text.

What happens if your phone gets stolen? Many people don’t have any security or lock screen enabled at all. Others simply use a pattern or short PIN that is easily cracked in minutes. Android offers encryption, but it’s turned off by default. It’s also very inconvenient. To be effective, encryption requires a strong password, and Android (4.x) requires that you enter this password to unlock your phone when it boots-up, and also every time you unlock the screen.

The problem is that once you encrypt your phone, Android (again, versions 4.x – maybe this will change in a future release!) disables the ability to lock/unlock it with a pattern (annoyingly) or with a different, shorter PIN (perhaps understandably). Having to type in a long password every time you want to use your phone makes this is a non-starter for most users.

Ideally, we would enter a strong password to unlock and decrypt the phone at boot-up, and then use a simpler, user-friendly security mechanism (such as a pattern) to unlock the phone throughout the day. This would balance the benefits of strong-password encryption with the practicalities of making the phone accessible throughout the day.

Android 4.x doesn’t allow this, but we can do it through a backdoor. I validated this tutorial with a Nexus 4 running Android 4.4.4 and a computer running 64-bit Windows 8.1. However, the same basic steps apply to Linux and Mac as well as other versions of Android and Android phones.

Encrypt the phone and allow pattern unlocking

  1. On the phone, go to Settings > Security > Screen Lock and set up your desired pattern to unlock the phone.
  2. Connect the phone to a computer that has ADB on it. The phone must be rooted and needs to have USB debugging enabled. I provide instructions on how to root a phone, turn on USB debugging, and install ADB on a computer in this previous post.
  3. Launch a command prompt from the ADB directory, which is something like c:/Android/android-sdk/platform-tools/
  4. At the command prompt, run: adb shell
  5. This should load a shell command prompt. To get root access, at this shell prompt run: su
  6. This should load a root prompt. At it, run the following command (replacing PASSWORD with your desired password): /system/bin/vdc cryptfs enablecrypto inplace PASSWORD
  7. The phone should restart and encrypt itself. This process can take up to an hour, so be patient.
  8. If the encryption process doesn’t begin after the restart, repeat steps 4 – 6. Immediately after hitting Enter to run the command in step 6, unplug the phone from the computer and plug it into a wall charger. Do it quickly. This allowed the encryption process to start on my phone, instead of just rebooting into the OS like normal.

cmd-android-encrypt

Once the encryption process is completed, the phone will reboot and ask you to enter your password to unlock/decrypt it. Once it boots up, you can go on using your pattern to unlock it like normal. Your personal data is protected and encrypted, but you now have the convenience of using a pattern to unlock your phone while it’s in use.

10 thoughts on “Pattern Unlock an Encrypted Android Phone”

  1. This actually worked just fine. I had to unplug the usb cable quickly after hitting enter and plu a wall charger. After the encryption was complete, i had to enter the password. The phone then booted to the pattern screen.

    A few notes:
    You can’t change your pattern lock anymore after. When you go to settings, all options other than password are greyed out for screen unlock. So when you want to change your lock, you will have to choose a password.

    Also, you cannot encrypt your external SD card without reverting to a password.

    PS is there a command to also encrypt the external SD card with the same password ?

  2. So I’ve tried these steps multiple times but each time after about 10min my phone just boots up to the SIM unlock screen and it isn’t encrypted. I tried:

    If the encryption process doesn’t begin after the restart, repeat steps 4 – 6. Immediately after hitting Enter to run the command in step 6, unplug the phone from the computer and plug it into a wall charger. Do it quickly. This allowed the encryption process to start on my phone, instead of just rebooting into the OS like normal.

    but it didn’t help (I tried it multiple times!).

    I’m running a Galaxy S4 rooted with 4.4.2. Any ideas??

  3. Any idea if this works as described on Android 5.0, CM11, CM12? Would like to know before I try it and irreversibly get stuck a long password to unlock my screen. Thanks!

  4. Hello!

    I tried numerous times to encrypt my Galaxy S4 with Kitkat (4.4.2) but everytime it boots to a black screen and then when it reboots the phone isn’t encrypted. I tried unplugging the cable many times but no luck. Any ideas?

  5. Sounds like Bob and BW are having similar issues on the same platform. I wonder if anyone else has got this method working on a GS4 with 4.4.2? I don’t have that device so I can’t test it myself…

  6. I was having a similar problem trying to encrypt my OnePlus One, running CM12.1. Whether I used the command line interface or the standard interface in Settings–>Security, after rebooting the phone was still unencrypted and no error message was encountered.

    I happened to have the MultiROM Manager installed and I used it to install a different kernel. After rebooting with the new kernel, I was able to encrypt the phone as usual. Thus, I suspect that the issue Bob and BW are experiencing is kernel-related. I don’t know enough to know what kernel features to look for, but it might be worth trying an alternate kernel, if one is available.

  7. To setup disk encryption on Android 4 without losing pattern unlock, instead of adjusting via the settings interface, you need to enable it via the shell -easiest way is via the ADB shell in root mode.

    1. Geoff,

      Thank you so much! I just ran your code through adb su shell and it worked like a charm on a bootloader unlocked Motorola Droid Razr Maxx HD on Verizon (XT926 CDMA Vanquish – unlock achieved with towelroot and motopocalypse KK 4.4.2) that has been upgraded to KK 4.4.4 (CM 11: cm-11-20141112-SNAPSHOT-M12-moto_msm8960).

      I had to practice rapidly unplugging and plugging the phone from USB port on my Mac (OS X 10.10.5) to the charger a few times to get it right, but as long as the plug swap occurs during the brief “reboot window” the phone didn’t know the difference.

      I am SO HAPPY. Obviously with an unlocked bootloader it is vital to have encryption, but typing in a passcode was a major PITA. This couldn’t have gone any better!

Leave a Reply

Your email address will not be published. Required fields are marked *