Reasons To Stay Encrypted On Android And The Risks Otherwise
This article focuses mainly on how important encryption is for aftermarket/custom ROM/OS or unlocked bootloader users
Data encryption is a way of translating data from plaintext (unencrypted) to ciphertext (encrypted). Users can access encrypted data with an encryption key and decrypted data with a decryption key - as defined by IBM
Encryption on Android devices
Encryption is the process of encoding all user data on an Android device using symmetric encryption keys. Once a device is encrypted, all user-created data is automatically encrypted before committing it to disk and all reads automatically decrypt data before returning it to the calling process. Encryption ensures that even if an unauthorized party tries to access the data, they won’t be able to read it.
Android has two methods for device encryption (as of 2022):
- file-based encryption i.e FBE (Android 7.0 and later)
- Android 9 introduces support for metadata encryption, where hardware support is present.
- Android devices launching with Android 9+ out of the box come with FBE with metadata encryption support (Google’s requirement for new device launches)
- full-disk encryption. i.e FDE (Deprecated)
- Devices that launched with Android 9 or lower can use full-disk encryption. Android 10-12 support full-disk encryption only for devices that upgraded from a lower Android version
- Android T (AOSP experimental) removes support for full-disk encryption entirely.
Encryption is one of the major features that keep Android secure as it is by default encrypted on all of the latest Android devices shipped by mobile manufacturers, users cannot get away with it on officially shipped OEM’s Android OS with locked bootloader
BUT (yes, a big but)
Let us talk about users who on their unlocked bootloader devices run modded software or custom Android OS with encryption support removed/broken unknowningly or willingly. (This can also apply to people with legacy devices i.e. pre Android 9.0 with FDE and unencrypted data bydefault)
By users we mean normal users who are not developers, testers or advance users who know every risk and don’t reason being decrypted as something to make life easy while installing different custom roms.
Yes, you read it right, you are killing FBE support (confused?) this is what your DFE mods do by modifying device’s file system table config (fstab) to remove FBE specific values and making android system think device supports/uses FDE (unencrypted) or assumes device doesn’t support encryption at all (absurd). Since, we are talking about users with devices having their bootloader unlocked and modded OS or custom ROM installed with additional cherry on top in the form of magisk, magisk modules, various addons (DFE i.e. Disable Force Encryption). The list does not stop here, some users go beyond to disable few other security aspects of Android, popularly things like FLAG_SECURE to screen record DRM content or to screen capture incognito, bank apps, etc or using Xposed (yes, it’s alive and kicking, I suppose) anyways, let us stick to encryption for this article (>.<).
These users are risking things and for what? Let’s just ask them:
Below are the responses summarized/merged into simple text from multiple users on Telegram group
- Easily accessible internal storage when in recovery
- Usability with any custom recovery which can access internal storage so that they can install updates, make backups without PC or move to another custom ROM without loosing internal storage data
- PubG works better with decrypted storage (seriously? these guys are the worst :0)
Conclusion of why people still use DFE or stay decrypted
Let us ignore PubG/BGMI lads and focus on other points, the main conclusion comes down to they want to flash 69 different custom roms millions of times, which is fascinating because you are just slowly hurting your EMMC/UFS by doing so (although something like that would require someone to do this frequently for 10s of thousands of times but some users never fail to surprise and not to forget cheap components used by OEMs these days)
Why flash shift to different ROMs at all? why not limit yourself to one ROM or two at max, where the time you spend on one ROM should not be like 10 minutes but longer like which calculates in months.
Finale: Risks/Disadvantages of staying decrypted
You are creating complexity by breaking encryption support AKA staying decrypted, Android gets confused and there can be negative impacts by this decision from various race conditions to services failing due to certain conditions requiring encryption. Additionally, updates/upgrades resulting in fastboot stuck because you forgot to re-flash your DFE addons or sometimes people mess up to a level they loose their data regardless.
BUT some of the most risky factors is getting your data stolen, how?
- When your device gets stolen, the thief can easily access your data and use it against you or to scam, fraud or ask ransom from you and removing password/pin,pattern protection from a decrypted device is very easy and one google search away - giving access to your socials, pictures, cloud, personal data, contacts, sms and many more things depending on each user
- Imagine you gave your phone to someone else, lets take an example here to a mobile repair shop and he is someone above average, clones your data (pictures, docs from your internal storage) and uses them for wrong reasons like:
- KYC documents
- Friends and family documents, etc
- Intimate pictures you had of your ex/current partner(s). This is one of the most common (sadly) things happening to many people, you can easily find victims of this on many forums
- What more reasons you need? can be anything based on different people
- People close to you can also make bad use of it, lets assume you have corporate friends who are infact just looking for ways to destory you, somehow get access to your device, easily access your data via recovery (as it is not encrypted) copy important attachments and leak it.
If you ask me: You don’t need to risk it, making life vulnerable just to have things easy is not worth it at all! Please, think twice before you choose land of always decryption over encryption. This article shares my view on the topic, this can surely be improved and is subject to change in the future if need be.