Any mobile gadget can be lost, abandoned, forgotten and simply stolen. Any information that is stored on it in an unprotected form can be read and used against you. And the most effective way to protect information is . In this article, we will talk about the features of the implementation of the data encryption system in new Android versions, as well as discuss tools that allow you to implement selective encryption of individual directories.

Introduction

Android is based on the Linux kernel, which, in turn, includes a number of mechanisms that implement encryption of a wide variety of entities. For cryptographic protection of disks and partitions, a system called dm-crypt is provided - a kind of cryptofilter through which you can pass all requests to a disk or partition and get data encryption on the fly.

Google programmers have taught Android how to use dm-crypt since version 3.0 of Honeycomb, which introduced an option to quickly enable encryption and set a PIN to access data. From the user's side, everything looks very simple and hassle-free: I connected the phone to the charger, waited for it to be fully charged and pressed the treasured button. The system started encrypting the existing data. It all looks much more interesting from the inside.

Android specific approach

In any Linux distribution, the cryptsetup utility is responsible for managing dm-crypt, which creates a volume encrypted according to the LUKS standard, which can also be accessed using third-party tools from Windows or OS X. dm-crypt to a disk drive, which is then mounted.

In Android, things are different. Due to licensing requirements for all components above the kernel with an Apache-compatible license, cryptsetup, which is distributed under GPL2, is not included with Android. Instead, it uses the cryptfs module developed from scratch for the local volume manager vold (not to be confused with native Linux tools: vold and cryptfs, these are completely different developments).

By Android default uses cryptfs to encrypt user data, settings, and applications (/data directory). It must be started at an early stage of OS boot, even before the graphical environment is launched, and basic applications, so that the higher-level components of the system can bring the system to the desired state by reading the settings and pull the necessary data from the cache.

AT automatic mode it is impossible to do this, since the system must ask the user for a password for decryption, which requires the launch of a graphical environment, and it, in turn, cannot be launched without connecting the /data directory, which cannot be connected without a password. To get out of this situation, Android used an unusual trick by forcing the OS to start “twice”. The first run of the minimal system occurs before running cryptfs to ask for a decryption password with a connection to /data of the temporary filesystem, after which the system is essentially shut down, the encrypted /data partition is mounted, and the final version of the OS is started.

Enable Encryption

Encryption of data in Android is enabled using the menu "Settings -> Security -> Encrypt data". In this case, the smartphone must be fully charged and connected to the charger, and the unlock method must be a PIN code or password (Settings -> Security -> Screen lock -> PIN code), which must be entered before starting the encryption operation. The smartphone will warn that the operation will take about an hour, during which the device will be rebooted several times.

What happens next is exactly what is described in the previous section. The smartphone will load the minimum version of the system with the connection of the temporary file system to the / data point and begin to encrypt the data, displaying the progress of the operation on the screen. The encryption itself goes like this:

1. First, vold/cryptfs generates a 128-bit master key based on random data from /dev/urandom and uses this key to map the partition containing the /data directory to a new virtual crypto device, writing to which will automatically encrypt the data using the master key. key, and reading - to decryption.
2. The master key is encrypted with the user's PIN and placed at the end of the section. From now on, when booting, the system will ask the user for a PIN code, read the encrypted master key from the partition, decrypt it using the PIN code, and mount the encrypted /data partition.
3. To encrypt the data already on the partition, the system sequentially reads blocks of data from the partition and writes them to the crypto device, so that, in fact, a sequential operation “read the block -> encrypt -> write back” takes place until the entire section, except for the last 16 KB, where the master key is stored.
4. At the end of the operation, the smartphone reboots, and at the next boot, the system asks for a PIN code to decrypt the data.

In the case of a 16 GB Galaxy Nexus drive, all these operations take about 30 minutes, and most importantly, they are fully automated, so even a child can handle encryption.

One password to unlock and decrypt?

To make life easier for users, Google has decided to use the same password to unlock and decrypt data, resulting in a rather contradictory picture. On the one hand, the password for decryption must be long and complex, because an attacker can also choose it outside the smartphone, simply by removing the image of the partition. The unlock password, on the other hand, can be left very simple, as after several unsuccessful attempts, Android will lock the screen permanently, forcing you to enter the Google password.

As a result, you have to make a choice between the convenience of unlocking and the security of encrypted data (we do not consider face control as a means of protection). Fortunately, if the phone is rooted, the decryption password can be specified manually using the vold console client. You can do it like this:

$ su -c vdc cryptfs changepw password

From now on, the unlock and decryption passwords will be different, but will become the same again if you change the unlock password (PIN code). In order not to climb into the console, you can use one of graphic interfaces, such as EncPassChanger.

Rollback and firmware compatibility

Unfortunately, for some reasons android does not allow you to rollback to an unencrypted partition. Therefore, if the data has already been encrypted, it will remain so exactly until the factory reset (full wipe) is performed - an operation that reformats the partition containing the /data directory will automatically turn it into unencrypted.

But here the question may arise: “What happens if I update Android or install custom firmware?” In this case, it all depends on the installation method. In most cases, when updating the firmware or installing an alternative firmware of approximately the same version (for example, replacing CyanogenMod 10.1 with Paranoid Android 3 or MIUI 5), a wipe is not required. It means that installed firmware when you try to mount the / data partition, it will “realize” that it is dealing with an encrypted partition, ask you for a password and decrypt the data without any hassle.

If the installation requires a full wipe, which is usually necessary when switching to new versions of Android, then the situation is even simpler here. During the wipe, the /data partition will be reformatted and will automatically turn into unencrypted. The main thing is to make a backup before updating using Titanium Backup or Carbon.

SD card

Google has long voiced its position in relation to the memory card as a junk dump, where by definition there can be no confidential data, and even if there is, it does not make sense to encrypt it, since the user may decide to insert the card into another phone. Therefore, there are no standard ways to encrypt a memory card in Android, and in order to get such functionality, you will have to use third-party software.

Among third-party encryption software, we have a choice of three different classes of applications:

1. Thing in itself. An application that can create and open crypto containers, but does not allow them to be connected to the file system. A kind of file manager with support for encrypted volumes. The thing is of little use, as it is only suitable for keeping a diary and taking notes.
2. PseudoFS. In the Linux kernels of many stock and alternative firmwares, there is support for the FUSE user-space file system driver, on the basis of which several encryption file systems were developed at one time. One of them is EncFS. In Android, it is available as an application for Cryptonite, Encdroid, and others. Such softins allow you to encrypt any directory so that absolutely all applications have access to it.
3. Based on dm-crypt. Similar in functionality and implementation to the previous ones, but they use native dm-crypt for encryption. LUKS Manager is the best representative of the class of such softins. Allows you to create an image file on a memory card that can be connected to any directory at any time to access data. The same can be done from Linux using cryptsetup or from Windows using FreeOTFE.

Cryptonite

Cryptonite is a wrapper around the EncFS encryption file system and allows you to create and view encrypted volumes on the storage card and inside Dropbox, as well as mount volumes to storage card directories so that they are visible to all applications. We are primarily interested in the latter use case as the only one acceptable for everyday use, but it requires root rights, as well as the presence of FUSE support in the kernel.

Using Cryptonite in this capacity is quite simple, however, so that there is no confusion, we will understand the principles of its operation. The application is based on a well-known Linux tool called EncFS. In fact, this is a utility that allows you to map one directory to another so that what is written to the second directory automatically falls into the first in encrypted form, and when read, respectively, decrypted. As long as the display is on, there is access to the data, but once it is turned off, the contents of the second directory will disappear and only the first one will remain, the contents of which are fully encrypted.

For this reason, Cryptonite requires two directories: the first is for storing encrypted data and the second is an empty directory where the contents of the first will be displayed in decrypted form. Let's call them crypt and decrypt for simplicity. We create these two directories on the memory card using any file manager. Launch Cryptonite, go to "Settings -> Mount point" and select the decrypt directory. Now it will always be used as an access point to encrypted data. We go back, go to the LOCAL tab and click the "Create local volume" button to initialize the encrypted directory. Select the crypt directory and enter the password. Now it remains to return to main screen and press the "Mount EncFS" button (and re-enter the password). From now on, anything you copy into the decrypt directory will automatically end up in the crypt directory in encrypted form, and once decrypt is disabled, no one can read its contents (you can check by copying a few files into decrypt and then viewing the contents of crypt).

In the same way, by the way, you can organize data encryption in Dropbox. Cryptonite allows you to do this out of the box, but in this case, data can only be accessed through the application itself, that is, for any operations on encrypted data, you will have to launch Cryptonite and perform all actions through its built-in file manager. Dropbox for Android itself, of course, behaves the same, but at least it has an open API that other apps can use, and here it's only manual access.

To get around this problem, you can install the Dropsync service, which hangs in the background and periodically synchronizes the contents of selected directories with Dropbox. It is enough to set it to synchronize the crypt (but not decrypt) directory, and the encrypted data will automatically go to Dropbox. To access data from big brother, you can use the Linux or Windows version of EncFS. Only the lazy did not write about how to use them.

LUKS manager

The second application on our list is LUKS Manager, which is essentially a similar application in functionality, using dm-crypt instead of EncFS at its core and encrypted binary images instead of directories. From a practical point of view, this option is better than the previous one in that the images encrypted with it can be viewed or modified in almost any operating system, including Linux, Windows, and OS X. The disadvantage is that it is inconvenient to use it to encrypt files in Dropbox, since how does the Dropbox client have to sync the whole image each time, which can be very large, as opposed to individual files, as is the case with EncFS.

For the correct operation of LUKS Manager, a kernel with support for dm-crypt and loopback is required, but if the first is even in Android kernels 2.3, the second is not available in all stock kernels. Therefore, most likely, you will need a firmware with an alternative kernel, such as CyanogenMod, AOKP or MIUI.

Everything else is simple. The program interface consists of only six buttons: Status, Unmount All, Mount, Unmount, Create and Remove. To create a new image and access it, just click "Create", select the directory to mount, size and specify the password and file system (FAT32 for Windows compatibility or ext2 for Linux). At the same time, several images can exist on the memory card and be connected at once, which can be disabled using the "Unmount" buttons or removed using the "Remove" button.

There is nothing complicated in managing the application, I can only say that the package with LUKS Manager also includes a version of the cryptsetup utility compiled for Android, which can be used to manually manage and connect images.

Other application

Dm-crypt and cryptfs are used in Android for more than just protecting the /data directory from prying eyes. With their help, strange as it may seem, the system for installing applications on a memory card is implemented here. It is based on the idea of ​​encrypted images, one for each installed application. This is done to protect sensitive data, possibly stored by the application, from other applications that Android has full access to the SD card for reading, as well as from those who take possession of the SD card.

By launching the terminal and running the df command, you can see for yourself how this is implemented. The screenshot "Galaxy Nexus and df" shows the output of this command on my smartphone. It is clearly seen that in addition to the /dev/block/dm–0 pseudo-cryptodevice, which is connected to the /data directory and is responsible for encrypting data on a smartphone, there are 15 more similar devices, mounted to different directories inside /mnt/asec. These are the applications installed on the memory card. The applications themselves are stored in encrypted images in the .asec directory on the memory card, and the encryption keys are stored in the main memory of the smartphone.

You may also notice that there is also a /dev/fuse pseudo device attached to /storage/emulated/legacy as well as some other directories. This is nothing more than a memory card "emulator" implemented using the FUSE driver described earlier (Galaxy Nexus itself does not support memory cards). In essence, this is a simple mirroring of the /storage/emulated/legacy directory to /data/media/0. In this case, the /sdcard directory is a link to /storage/emulated/legacy. By running the ps command, you can see that mirroring is implemented using the /system/bin/sdcard application, which uses FUSE as a base. In fact, this is an alternative implementation of unionfs familiar to all Linux users.

WARNING

The dm-crypt module cannot be used to encrypt partitions with file system YAFFS, since the latter uses low-level operations when accessing NAND memory.

conclusions

As you can see, getting high-quality data encryption in Android is very simple, and in most cases you don’t even need to install additional software. The only limitation is the need to have a smartphone based on Android 4.0 and higher, but since everything that was before 4.0 is quite difficult to name the OS, then there is no particular problem here :).

INFO

Implementation details standard system Android encryption for the paranoid: 128-bit AES in CBC mode and ESSIV: SHA–256. The master key is encrypted with another 128-bit AES key obtained from user password using 2000 PBKDF2 iterations with 128 bits of random salt.

Articles and Lifehacks

To understand what encryption is in a phone, one should make a reservation about the possibility of intercepting various conversations on a cellular device and listening.

To ensure that confidential information does not become open and transparent to unauthorized persons, and there are special programs against listening.

What is encryption for?

• Modern cellular devices are very vulnerable to such a popular program as a Trojan horse. A smartphone with such a peculiar spy opens to curious ears.
• What is important, it is unlikely that a person who is far from Internet technologies will be able to recognize the program. Particularly vulnerable to such listening programs Apple phones iPhone.
• It should be rightly noted that there are many other options for wiretapping. cell phones, including through SIM cards.
• However, it is worth noting the possibility of encrypting telephone conversations. The most popular program that can protect the information of cell phone users is a utility called Cellcrypt Mobile.
• It was developed by British scientists. Advantage this resource is that it can be installed simultaneously on both phones, which are planned to make calls.
• All information passes through the CSD channel. It turns out that calls are evaluated not as a connection by phone, but through a modem.

The most famous encryption programs

• There are other special programs for encryption. For example, SecureGSM is a very expensive, but effective software that works not only in conjunction with cellular device, but also by Microsoft Windows Mobile.

  Remarkably, the program can work not only on common touch devices, but also on push-button phones.

• Remarkably copes with encryption of telephone conversations and resource Crytogic. Given software will be very inexpensive. However, the utility is focused only on Nokia smartphones.

  Therefore, the use of even an inexpensive utility can be quite reliable and effective. However, the program cannot protect SMS messages.

• Among other effective encryptions, one can single out 5pro software secure voice, which has an incredibly simple interface.

Today, every user has to think about protection confidential information from strangers. Mobile device manufacturers care about future customers and their right to privacy, so more and more attention is paid to the preservation of personal data. Tablets can also be classified as personal devices, so let's talk about protecting them.

Is it possible to disable encryption on the tablet?

The system functions of modern tablets support the encryption mode of information stored both on internal memory device or on an external SD card. It should be remembered that working encryption has a negative impact on the performance of the device. Those who value computing power over the safety of personal data should definitely read this article.

If you were lucky enough to get hold of an Android tablet that was originally based on a version of the operating system, you will not be able to turn off the encryption function. The developers decided to enforce forced encryption of information on the latest versions of the OS, but do not despair, because hackers do not sleep either. There is no doubt that these workers will soon offer their own solution to this problem. At the same time, tablets operating system which has been updated to latest version from earlier ones are not limited by such restrictions, so the option to disable encryption is available. However, we recommend that you think about whether you really need it so much?

On earlier versions of Android, up to 2.3.4., encryption must be started manually. This option is in the settings menu: Security->Encryption->Encrypt Device. It must be borne in mind that after that it is impossible to decrypt the encrypted data, since the developer did not provide for such a possibility. Thus, if you need to decrypt information, its loss is inevitable. To do this, you will need to reset the device to factory settings from the "recovery" mode.

To perform such a reset, in the off state of the tablet, hold down the volume up and down keys on it at the same time, as well as the power key. Will be uploaded to engineering menu, where using the volume buttons you need to find the menu item "wipe data / factory reset" and, having selected it, press the power key. When the reset operation is completed, you must reboot by selecting "reboot". After booting into working mode on the tablet, you should restore personal data, and then no longer start encryption.

Today, almost all smartphones and tablets have become carriers of important personal or corporate data. Also through the phone you can easily access accounts such as Gmail, DropBox, FaceBook and even corporate services. Therefore, to one degree or another, it is worth worrying about the confidentiality of this data and using special tools to protect the device from unauthorized access in case it is stolen or lost.

What are we protecting and from whom?

A smartphone or tablet often acts as a mobile secretary, freeing the owner's head from storing a large amount of important information. The phone book contains numbers of friends, employees, family members. In a notebook, they often write credit card numbers, access codes to them, passwords to social networks, e-mail and payment systems.

The list of recent calls is also very important.

Losing your phone can be a real disaster. Sometimes they are stolen on purpose to penetrate privacy or share profits with the owner.

Sometimes they are not stolen at all, but they are used for a short time, imperceptibly, but a few minutes is enough for an experienced malicious user to find out all the details.

The loss of confidential information can result in financial ruin, the collapse of personal life, the collapse of the family.

So? what you need to protect on your phone, tablet:

1. Accounts. This includes, for example, access to your email gmail box. If you set up synchronization with facebook, dropbox, twitter. Logins and passwords for these systems are stored in clear text in the folder phone profile /data/system/accounts.db.

2. The history of SMS-correspondence and the phone book sometimes contain confidential data.

3. Web browser. The entire browser profile must be protected. It is known that the Web browser (built-in or third-party) remembers all passwords and logins for you. This is all stored in open form in the program profile folder in the tablet's memory. Moreover, usually the sites themselves (with the help of cookies) remember you and leave access to the account open, even if you did not specify to remember the password.

If you use browser sync (Chrome, FireFox, Maxthon, etc.) with your desktop browser to transfer bookmarks and passwords between devices, then you can assume that your phone can access all passwords from other sites.

4. Memory card. If you store confidential files on the memory card or download documents from the Internet. Normally, photos and recorded videos are stored on the memory card.

What should you protect your tablet and phone from?

1. From a random person who finds your lost phone or from an "accidental" theft of a phone or tablet.

It is unlikely that the data in the phone will be of value to the new owner in this case. Therefore, even simple protection will ensure the safety of data. Most likely, the device will simply be reformatted for reuse.

2. From prying eyes (as a rule, these are colleagues or your children / relatives), who can access the device without your knowledge, taking advantage of your absence. Even simple protection will ensure the safety of data.

3. From purposefully stealing your phone.

For example, someone really wanted to know what's on your phone and made an effort to get it. In this case, only full encryption of the phone and SD card helps.

Ways to protect personal data on Android devices

There are built-in protection programs, as well as tools provided by third-party developers.

Built-in security

Pattern lock screen

This method is very effective in the first and second cases (protection against accidental loss of a tablet or phone and protection from prying eyes). If you accidentally lose your device or forget it at work, no one will be able to use it. But if for your phone or tablet fell into the wrong hands on purpose, then this is unlikely to save. Hacking can even occur at the hardware level.

The screen can be locked password, PIN and Graphic Key . You can choose a blocking method by launching the settings and selecting the section Security -> Screen lock.
Graphic Key (Pattern)- the most convenient and at the same time reliable way to protect your phone.

None - lack of protection

Slide- to unlock, you need to swipe the screen in a certain direction.

pattern- this is the Graphic Key, it looks something like this:

You can increase the level of security in two ways.

1. Increase the input field of the Pattern. It can vary from 3x3 dots on the screen to 6x6 (Android 4.2 is found in some models, depending on the build, phone version).

2. Hide the display of points and the "path" of the graphic key on the smartphone screen.

Attention!!! What happens if you forget the unlock pattern:

1. The number of incorrect attempts to draw the Graphic Key is limited to 5 times (in various models tablets, the number of attempts can reach up to 10 times).

2. After you have used all the attempts, but have not drawn the Graphic Key correctly, the device is blocked for 30 seconds.

3. Phone, tablet asks for the login and password of your Gmail account.

4. This method will only work if your phone or tablet is connected to the Internet. Otherwise deadlock or reboot to manufacturer settings.

PIN is a password consisting of several digits.

And finally Password- the most reliable protection, with the ability to use letters and numbers. If you decide to use a password, then you can enable the Phone encryption option.

Phone storage encryption

This feature is included in Android version 4.0* and higher for tablets. But this feature may be missing in many budget phones.

Allows you to encrypt your phone's internal memory so that it can only be accessed with a password or PIN. Encryption helps protect the information on your phone in the third case (targeted theft). Attackers will not be able to access your data from your phone.

A prerequisite for using encryption is to set a screen lock with a password.

This method saves the user's data located in the phone's memory, such as the phone book, browser settings, passwords used on the Internet, photos and videos that the user received using the camera and did not transfer to the SD card.

The program does not encrypt the SD card. Encryption can take up to an hour, depending on the amount of memory on your device.

Return to the original state is not provided. You can make a full RESET on your phone or tablet, i.e. reinstall Android, but user data from the phone or tablet memory will be erased. Thus, if an attacker does not know the password to unlock the tablet, he will not be able to use it. It will also be impossible to see data from the device's memory using other programs by connecting the phone to a computer, because all internal memory is encrypted. The only way to get the device working again is to reformat it.

The downside of this feature:

1. Present, only starting with Android OS 4.0 - 4.1, and even then not on all models.

Most often found in phones from Samsung, HTC, Philips. Some Chinese models also have an encryption function. For HTC Phones, this function is located in the "Memory" section. Lenovo has it in the Security section.

2. The requirement to constantly enter quite complex password(6-10 characters), even if you just want to call or take a photo.

3. It is not possible to disable this feature if you want to remove the protection. Encryption is disabled only by resetting and resetting the phone to factory settings.

Encryption of an external SD card

The function is included in the standard Android 4.1.1 package for tablets. Missing in many budget builds.

The function provides reliable protection data on an external SD card. Personal photographs may be stored here, text files with commercial and personal information.

Allows you to encrypt files on an SD card without changing their names, file structure, while preserving the preview of graphic files (icons). The function requires a display lock password of at least 6 characters to be set.

It is possible to cancel encryption. When you change your password, it will automatically re-encrypt.

If the user loses the memory card, the encrypted files cannot be read through the card-reader. If you put it on another tablet, where there is a different password, then the encrypted data cannot be read either.

Other Encryption Properties: Transparent encryption. If the card is inserted into the tablet and the user has unlocked the screen with a password, any application sees the files in decrypted form.
If you connect the tablet via a USB cable to a computer, encrypted files can also be read on the computer, after unlocking the card from the screen of the mobile device.

If some other unencrypted files are written to the card through the card-reader, they will also be encrypted after the card is inserted into the tablet.

If you have an encrypted card, you cannot cancel the lock password.

The data is encrypted at the file level (the file names are visible, but the contents of the file are encrypted).

Disadvantage of the program: the lack of most Android assemblies.

It should be emphasized that the best data safety is their complete copy on a PC. A smartphone or tablet is a rather fragile device, which means that there is always a chance of it breaking or losing.

So let's sum up

Built-in tools android protection are very reliable and convenient tools for protecting data on mobile phones and tablets.

They are able to protect the user's contacts, his correspondence and calls, accounts in various programs and networks, as well as files and folders located both in the phone memory and on a removable SD card.

The disadvantages of data protection by these programs include the absence of them in some versions of Android, the need to use a complex PIN code or password on the lock screen (Pattern Key is not suitable).

It should also be pointed out that the encryption of the internal memory of the device is irreversible, i. the only way to opt out of encryption is full reset settings.

Important! Make sure that if you forget your password or Pattern Key, you can restore access to the device or you can easily restore your tablet or phone settings and information in case you have to do hard reset(resetting the tablet to factory settings with the loss of all data).

Recent US debates between law enforcement and technology giants around smartphone encryption once again puts this issue in the spotlight. No one will argue that protecting your privacy is an important topic, so we are happy to tell you what Android offers necessary tools to encrypt your smartphone right out of the box. If you are interested and want to know where to start, this guide will tell you how to encrypt your Android smartphone or tablet.

Device encryption and what does it do?
Before encrypting your device, it makes sense to understand what encryption is, what are the pros and cons of this solution.

Device encryption is not a one-size-fits-all solution to protect all of your data or information from prying eyes, especially when sent over the Internet. Instead, device encryption converts all data stored on the phone into a form that can only be read with the correct credentials. This solution provides better protection than a password lock, since the data can be obtained without getting past the screen lock using recovery programs, bootloaders, or the Android Debug Bridge.

Encrypted music, photos, apps, and credentials cannot be read without first decrypting the information, which requires a unique key. Thus, part of the procedure takes place behind the scenes, where the user's password is converted into a key that is stored in a "Trusted Environment" to remain inaccessible to third-party users in the event of a software attack. This key will be required to encrypt and decrypt files.

In Android, encryption is implemented simply from the user's point of view, since you enter your secret code whenever you unlock your device, which makes your files available. This means that if your phone falls into the wrong hands, no one else will be able to parse the data on your phone without knowing the password.

And before diving head first into encryption, there are a few things you should consider. First, opening encrypted files requires additional processing power, so encryption will affect your phone's performance. Memory read speeds can become significantly slower on older devices, but the performance drop in the vast majority of regular tasks remains very small, if not noticeable at all.

Secondly, only some smartphones will offer the option to remove encryption from your smartphone. Encryption is a one-way solution for most smartphones and tablets. If your phone does not offer the ability to decrypt your phone, the only option to perform a full rollback is to reset to factory settings, which will delete all your personal data. Check this point in advance.
With that out of the way, let's see how to enable encryption.

Encrypting my device

Device Encryption works the same way on all Android devices, although the way it is implemented may change slightly over time. Some devices come with active encryption out of the box, such as the Nexus 6 and Nexus 9, and if your device is not encrypted, do it with using Android very simple.

Android 5.0 or higher…

For Android smartphones and tablets under Android control 5.0 or later, you can navigate to the "Security" menu under "Settings". The path here may vary slightly depending on your OEM, but with stock Android, you'll find encryption under Settings > Personal > Security.

Here you should see an option to "Encrypt Smartphone" (Encrypt Phone) or "Encrypt Tablet" (Encrypt Tablet). You will be prompted to connect the device to charge while encryption is in progress to ensure that the smartphone does not turn off in the process, which will result in errors. If you have not already done so, you will be prompted to set a screen lock PIN or password, which you will need to enter when you turn on your smartphone in order to access your encrypted files. Be sure to remember the password!

Android 4.4 and older…

If you are using a smartphone with Android 4.4 KitKat or older, you must set a PIN or password before starting the encryption process. Fortunately, this is not difficult, go to Settings - Security - Screen Lock (Settings> Security> Screen Lock). Here you will be able to either choose a pattern, type in a PIN or a mixed password for the screen lock. The same password you will use after encryption, so pay attention to it.

When you're done with that, you can go back to the Security menu and click Encrypt phone. You will need to connect the device to charge and read the warning messages, you will almost always have to confirm the PIN or password one last time in order for the encryption process to begin.

Encrypting your phone can take an hour or more, depending on how powerful your smartphone is and how much data is stored on the device. Once the process is finally complete, you can enter your PIN and continue using your encrypted device as if nothing had happened.

Back in the "Security" menu, you will also probably find out about the ability to encrypt files on the card microSD memory. This is a recommended step if you want to keep all your data safe, but not really necessary if you're only using the MicroSD to store music or movies that have no personal value.

With this solution comes a few caveats. Firstly, you will no longer be able to use MicroSD cards with other devices without complete removal encrypted data since other computers/devices will not know the encryption key. And while an encrypted MicroSD card can still be used to move files, this will only continue as long as you access the encrypted files from the phone used to encrypt them. Also, if you reset the device before decrypting the files, the key will be lost and you won't be able to access the protected files on the MicroSD card. So think carefully about the situation.

When you finished...

That's all it really takes to encrypt an Android device. This is a great way to keep your data much more secure. There is a slight trade-off in terms of performance, but any differences should be very hard to notice on today's mobile phones.

Additional options with third party apps

If you don't want to go through all the encryption on your device, there are a small number of Android apps in the store. Google Play, which offer a variety of selective features, including encryption of a single file, text, or folder.

SSE- Universal Application encryption
version: 1.7.0 (Pro) (downloads: 176)
SSE has been in this market for a very long time and still seems to be getting some minor updates. Instead of encrypting your phone in bulk, SSE can be used to protect and decrypt individual files or directories that you need if you want to selectively protect a few items. You can set a password to serve as the decryption key, and you can also create encrypted copies of files or completely replace them.

The application also has a text encoder and password storage. Text editor can be used to store encrypted notes that can be shared between platforms. Vault is designed to store and manage all passwords, PINs, and notes in one secure location, protected by a master password. The feature works similar to LastPass.

Final Thoughts
Given the amount of sensitive personal information we hold on our mobile devices today, including bank details, encrypting Android devices is becoming a smart solution. There are quite a few options that provide different levels of security, from Android's broad encryption system to apps dedicated to encrypting specific files. Keep in mind, encryption doesn't provide complete protection against everything, but it does offer great protection in case your device is stolen.