We’re all familiar with the possibility of data security breaches. Web sites get hacked, passwords get compromised, laptops get stolen. To mitigate these risks, we (try to) use strong passwords, keep our computers under lock and key, and encrypt our personal data. But what about our phones? They are increasingly relied on as mini-computers in our pockets, replete with email accounts, banking apps, and sensitive Dropbox files. Many apps store usernames and passwords in plain text.
What happens if your phone gets stolen? Many people don’t have any security or lock screen enabled at all. Others simply use a pattern or short PIN that is easily cracked in minutes. Android offers encryption, but it’s turned off by default. It’s also very inconvenient. To be effective, encryption requires a strong password, and Android (4.x) requires that you enter this password to unlock your phone when it boots-up, and also every time you unlock the screen.
The problem is that once you encrypt your phone, Android (again, versions 4.x – maybe this will change in a future release!) disables the ability to lock/unlock it with a pattern (annoyingly) or with a different, shorter PIN (perhaps understandably). Having to type in a long password every time you want to use your phone makes this is a non-starter for most users.
Ideally, we would enter a strong password to unlock and decrypt the phone at boot-up, and then use a simpler, user-friendly security mechanism (such as a pattern) to unlock the phone throughout the day. This would balance the benefits of strong-password encryption with the practicalities of making the phone accessible throughout the day.
Android 4.x doesn’t allow this, but we can do it through a backdoor. I validated this tutorial with a Nexus 4 running Android 4.4.4 and a computer running 64-bit Windows 8.1. However, the same basic steps apply to Linux and Mac as well as other versions of Android and Android phones.
Encrypt the phone and allow pattern unlocking
- On the phone, go to Settings > Security > Screen Lock and set up your desired pattern to unlock the phone.
- Connect the phone to a computer that has ADB on it. The phone must be rooted and needs to have USB debugging enabled. I provide instructions on how to root a phone, turn on USB debugging, and install ADB on a computer in this previous post.
- Launch a command prompt from the ADB directory, which is something like c:/Android/android-sdk/platform-tools/
- At the command prompt, run: adb shell
- This should load a shell command prompt. To get root access, at this shell prompt run: su
- This should load a root prompt. At it, run the following command (replacing PASSWORD with your desired password): /system/bin/vdc cryptfs enablecrypto inplace PASSWORD
- The phone should restart and encrypt itself. This process can take up to an hour, so be patient.
- If the encryption process doesn’t begin after the restart, repeat steps 4 – 6. Immediately after hitting Enter to run the command in step 6, unplug the phone from the computer and plug it into a wall charger. Do it quickly. This allowed the encryption process to start on my phone, instead of just rebooting into the OS like normal.
Once the encryption process is completed, the phone will reboot and ask you to enter your password to unlock/decrypt it. Once it boots up, you can go on using your pattern to unlock it like normal. Your personal data is protected and encrypted, but you now have the convenience of using a pattern to unlock your phone while it’s in use.