I understand the Samsung Captivate Glide has device encryption, where do i turn on thise feature?
Wait, what?
Aren't the Samsung fanboys the ones always laughing at HTC's and Moto's locked and sometimes encrypted bootloaders?
I'm talking about the internal memory and sd card memory, the bootloader is just fine the way it is
There seems to be something like that under Location and Security in settings..
vil33 said:
There seems to be something like that under Location and Security in settings..
Click to expand...
Click to collapse
Nope, no option to encrypt the storage in Locations and Security.
So no one really knows if this phone has encryption?
I can't find any information about device encryption with the Glide. Samsung's specifications mention it, but that's about it. The only thing I can find in the menu relates to certificate storage, but that appears to be more related to secure applications, not encrypting storage. I came across a few mentions of AT&T removing encryption features from Samsung devices, but I couldn't get a clear reading on that, either.
tl;dr: totally inconclusive, sorry.
Related
i am using a nexus S with whisper systems whisper core
it has real luks based AES full disk encryption and the ability to selectivity revoke application permissions
there seems to be no public info on the encrytion on ice cream sandwich
can anyone comment on it?
Anyone?
Sent from my Nexus S using Tapatalk
thanks for the replys
I got my LTE Galaxy Nexus today by far the best android device ever
I enable encryption
and it works fine
I wonder how long till theres a story about cops unable ( or able ) to get into someones phone because of encryption..
You must use a password/pin to encrypt. Swipe and face unlock are not a option. In cant be more than 16 characters. The same password used to encrypt the device must be used to unlock the screensaver. VERY annoying. You can however change your pass code/pin used to encrypt the device after encrypted nearly instantly. I'm not sure how its able to do this without a complete re-encryption of all encrypted blocks?
Sent from my Galaxy Nexus using Tapatalk
gophet said:
You must use a password/pin to encrypt. Swipe and face unlock are not a option. In cant be more than 16 characters. The same password used to encrypt the device must be used to unlock the screensaver. VERY annoying. You can however change your pass code/pin used to encrypt the device after encrypted nearly instantly. I'm not sure how its able to do this without a complete re-encryption of all encrypted blocks?
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
So, if you encrypt you have to enter your PIN to start the phone AND unlock the phone?
The information I read says you only need the PIN when you "turn on" your phone...
That would be okay but not for unlock too...
Yes your pin (or pass code) is used both to turn on the device and unlock the lock screen... I initially created a long random hard to type string of characters for my password but when I figured out I'd have to type it in for my unlock code also I quickly change into a numerical pin the fact I could change it without re encrypting the the tire device leave me to believe encryption keys for the entire disk is stored in small separate encrypted file somewhere.
Still wondering if this is AES or something else? And what partitions exzatly is encrypted.
Sent from my Galaxy Nexus using Tapatalk
gophet said:
Yes your pin (or pass code) is used both to turn on the device and unlock the lock screen... I initially created a long random hard to type string of characters for my password but when I figured out I'd have to type it in for my unlock code also I quickly change into a numerical pin the fact I could change it without re encrypting the the tire device leave me to believe encryption keys for the entire disk is stored in small separate encrypted file somewhere.
Still wondering if this is AES or something else? And what partitions exzatly is encrypted.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Thanks for the clarification... that sucks...
Ive been begging for this option on my Nexus One and now that ive upgraded are there any negatives to doing this? any negative performance hits etc.
What happens when you connect the Nexus to a computer? Can you see the contents of the internal memory via MTP, ei. pictures?
bunklung said:
What happens when you connect the Nexus to a computer? Can you see the contents of the internal memory via MTP, ei. pictures?
Click to expand...
Click to collapse
Yes you can.
gophet said:
You must use a password/pin to encrypt. Swipe and face unlock are not a option. In cant be more than 16 characters. The same password used to encrypt the device must be used to unlock the screensaver. VERY annoying. You can however change your pass code/pin used to encrypt the device after encrypted nearly instantly. I'm not sure how its able to do this without a complete re-encryption of all encrypted blocks?
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
you can change the password quickly because it does not reencrypt the whole storage. the actual key used for encryption is static, the password encrypts the key itself, not the storage.
it's a common theme in encryption schemas, truecrypt does the same thing. you generate strong keys once, and protect them with passwords. PGP does the same thing to your private key...
gkaugustine said:
Ive been begging for this option on my Nexus One and now that ive upgraded are there any negatives to doing this? any negative performance hits etc.
Click to expand...
Click to collapse
whisper system whispercord does FDE on nexus one and S
no notable performance issues - have not run any benchmarks
mvorbrodt said:
you can change the password quickly because it does not reencrypt the whole storage. the actual key used for encryption is static, the password encrypts the key itself, not the storage.
it's a common theme in encryption schemas, truecrypt does the same thing. you generate strong keys once, and protect them with passwords. PGP does the same thing to your private key...
Click to expand...
Click to collapse
yeah thats what i kinda figured - now i wonder what file it is that hold the key and how it is encrypted
Petrovski80 said:
Yes you can.
Click to expand...
Click to collapse
Does MTP or Windows prompt you for a password?
Does your phone need to be unlocked for the MTP drive to show? If you lock your phone does a file transfer stop?
Thanks again.
Do you know if the encryption slow down the phone?
It must encrypt every new file. Does this result in slower operations?
sblantipodi said:
Do you know if the encryption slow down the phone?
It must encrypt every new file. Does this result in slower operations?
Click to expand...
Click to collapse
The overhead will be when writing to and reading to the block device. There will be very few scenarios where you are maxing io (aka writing/reading) and the cpu at the same time. And that's the only scenarios where you'd really notice any slowdown.
There will be some increased cpu usage while writing to/reading from file though, so you could take a theoretical battery usage hit. But I doubt you'll notice it.
//edit, I should also point out that even if you find a game that's bothered doing background loading and pushing some cpu task in parallel, the phone has 2 cores.
//edit 2, some more digging:
http://source.android.com/tech/encryption/android_crypto_implementation.html
So we're talking dm-crypt with aes-cbc-essiv 128bit keys and sha256.
thanks! just what i was looking for
I had encryption on for a while. It took 45mins to encrypt my device when first activated. If I rebooted my phone it would take 3mins to boot up during which time I would be asked for my sim pin, encryption pin and finally the SIM pin again. The screen would repeatedly turn off during this time. In the end I removed encryption (factory reset is the only way to do this).
Sent from my Galaxy Nexus using Tapatalk
How does this work for flashing/upgrading the rom? I suppose it would need be be re-encrypted each time, however is the pin entered even before fastboot?
you cant backup a encrypted running system
you can only do a wipe
taking the galaxy nexus back as my nexus S seems to do most everything the galaxy nexus does only slower and smaller
Has any one done any work on getting LUKS working on the Galaxy Nexus yet? I know ICS has encryption but it is not the same (It is file level; dm-crypt encryption and leaves room for data leaks).
For that reason does any know of a WhisperCore alternative?
Thanks!
ICS encryption is dm-crypt based whole partition encryption. See ht tp://source.android.com/tech/encryption/android_crypto_implementation.html for details.
Now it does seem to have lots of drawbacks, but i don't think luks would be much safer. Well, it seems they differ in the used encrypted key headers. Google could have got that insecure.
Just using the lockscreen password strikes me as a bad choice in googles solution.
textshell said:
ICS encryption is dm-crypt based whole partition encryption. See ht tp://source.android.com/tech/encryption/android_crypto_implementation.html for details.
Now it does seem to have lots of drawbacks, but i don't think luks would be much safer. Well, it seems they differ in the used encrypted key headers. Google could have got that insecure.
Just using the lockscreen password strikes me as a bad choice in googles solution.
Click to expand...
Click to collapse
You can tell the whole OS is not encrypted since you can make emergency calls when at the preboot authentication screen.Only /data is encrypted and thus leaves room for data leakage. WhisperCore just managed it perfectly- just like LUKS on a computer. Preboot authentication, ENTIRE disk encrypted (minus /boot), and secondary lock screen (login) password that can be anything include "pattern".
Not to mention ICS is only AES-128 bit, I mean c'mon why not just use 256 bit like everyone else? It's cleared by FIPS for a reason.
x942 said:
You can tell the whole OS is not encrypted since you can make emergency calls when at the preboot authentication screen.Only /data is encrypted and thus leaves room for data leakage. WhisperCore just managed it perfectly- just like LUKS on a computer. Preboot authentication, ENTIRE disk encrypted (minus /boot), and secondary lock screen (login) password that can be anything include "pattern".
Not to mention ICS is only AES-128 bit, I mean c'mon why not just use 256 bit like everyone else? It's cleared by FIPS for a reason.
Click to expand...
Click to collapse
changing the key length for encryption should be an easy thing when compiling from source. Not sure what's the performance impact and security gain.
Having different crypto passphrase and screen unlock code might be a good thing, but if i start caring about encryption of my phone i'd try to push the key into the smartcard inside every phone (SIM card) and just enter the smartcard pin. Depends on amount of paranoia wrt security of these cards though.
But i don't understand why you would like to encrypt /system with a stock ROM. Nothing gained there. /system is read only so it can't really leak data. And as the kernel in the boot partition is unencrypted and unauthenticated anyway the OS code is open for changes anyway.
Without special hardware help or keeping the boot media separate and very safe, encryption will always only work against simple thiefs. If your attacker can get the phone do something to it and return it without you getting suspicious you lost anyway. Assuming he can get it again once you booted and used the phone again.
textshell said:
changing the key length for encryption should be an easy thing when compiling from source. Not sure what's the performance impact and security gain.
Having different crypto passphrase and screen unlock code might be a good thing, but if i start caring about encryption of my phone i'd try to push the key into the smartcard inside every phone (SIM card) and just enter the smartcard pin. Depends on amount of paranoia wrt security of these cards though.
But i don't understand why you would like to encrypt /system with a stock ROM. Nothing gained there. /system is read only so it can't really leak data. And as the kernel in the boot partition is unencrypted and unauthenticated anyway the OS code is open for changes anyway.
Without special hardware help or keeping the boot media separate and very safe, encryption will always only work against simple thiefs. If your attacker can get the phone do something to it and return it without you getting suspicious you lost anyway. Assuming he can get it again once you booted and used the phone again.
Click to expand...
Click to collapse
Not true. You an relock the bootloader on the Nexus phones, this completely prevents evil maid attacks. Secondly if I ever lose my phone and "happen to get it back" the first thing I am doing is wiping it and selling it for another one.
If you have ever use encryption you would know that the less an attacker knows the better. Hence encrypting the entire system is better than only encrypting a partition.
I don't like how Google implements dm-crypt. It would be more secure if the entire device was encrypted as it would completely look like random data to an attacker.
Why would you only encrypt your home folder and not every thing BUT /boot?
I prefer the whispercore way of doing it. I poweroff and you can't access anything except the login screen.
x942 said:
Not true. You an relock the bootloader on the Nexus phones, this completely prevents evil maid attacks. Secondly if I ever lose my phone and "happen to get it back" the first thing I am doing is wiping it and selling it for another one.
Why would you only encrypt your home folder and not every thing BUT /boot?
Click to expand...
Click to collapse
I don't think trusting the locked bootloader is a good idea. Look for e.g. "unbrickable mod" for an example how a lot of samsung phones can be forced to bypass the bootloader on the internal flash and forced to load arbitrary code from outside. So if somebody is willing to do an evil maid attack, they will likely do enough research to know these kinds of backdoors in your hardware platform. JTAG is another usual way. Or whatever the phone manufacturer uses to unbrick phones. I think it prudent to assume any sufficiently founded attacker will have unrestricted read/write access.
And why only encrypt real data? Speed gain for no measurable loss in security. At least from the google perspective. Google will rightfully assume customers are using official ROMs and the exact bit patterns of there are publicly available to everyone. So why waste cpu cycles to encrypt them. What could be useful would be integrity protection.
But while a fully integrity protected boot under the control of the enduser would be very nice (with a bootloader that's unlocked but needs a key or password) if only the manufacturer gets to authorise new software it's evil.
textshell said:
I don't think trusting the locked bootloader is a good idea. Look for e.g. "unbrickable mod" for an example how a lot of samsung phones can be forced to bypass the bootloader on the internal flash and forced to load arbitrary code from outside. So if somebody is willing to do an evil maid attack, they will likely do enough research to know these kinds of backdoors in your hardware platform. JTAG is another usual way. Or whatever the phone manufacturer uses to unbrick phones. I think it prudent to assume any sufficiently founded attacker will have unrestricted read/write access.
And why only encrypt real data? Speed gain for no measurable loss in security. At least from the google perspective. Google will rightfully assume customers are using official ROMs and the exact bit patterns of there are publicly available to everyone. So why waste cpu cycles to encrypt them. What could be useful would be integrity protection.
But while a fully integrity protected boot under the control of the enduser would be very nice (with a bootloader that's unlocked but needs a key or password) if only the manufacturer gets to authorise new software it's evil.
Click to expand...
Click to collapse
Yes but as I said any one that would put that effort in would have to get the phone from me (which I carry 24/7) and once I know I no longer have control of it I would (as I said) reset it and sell it. You are basically saying all Full Disk Encryption (including on computers) is useless because someone can modify the bootloader. I hate to say it (and this is not directed to any one in this thread) but only a true ignorant person would fall victim to a evil maid attack, It is common sense NOT to trust something that you lost control of.
My situation is different: I run a non-profit organization and my employees need to carry sensitive data with them. Why risk security with the built in dm-crypt when something like WhisperCore is much better? I don't won't an attacker knowing ANYTHING about the device.
ICS built in encryption is just as useful as Home folder encryption in Linux. Your data may be safe but an attacker can ascertain how much data is there. And in some case use this information to infer what data may be present on the device. This is why most people using encryption use FDE and not just home folder encryption. When you are done there should be absolutely no way for anyone to tell the encrypted partition from random data (wiped data).
No, i'm just saying the full partition encryption of /data is enough on galaxy nexus and that you can't protect from an evil maid attack except by drastic measures after you lost control of your phone.
Understandable but I respectfully disagree. I want FULL DISK Encryption not Partition encryption. Take a look here: http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS#Security_levels
Either way (even if it is secure enough) It's not going to get approved for me to use in a work environment (FIPS 140-2). This is why I need some like WhisperCore. We handle sensitive data at my company.
I notice that enabling internal storage encryption on my One X disables all bluetooth functionality. The bluetooth toggle button in the device's settings menu becomes greyed out after encryption is enabled. Although I can still turn it 'on', it remains greyed out and never actually turns on. And when I exit and re-enter settings, it's back to 'off'. This issue occurred when the device was fresh, prior to installing or downloading anything onto it.
Is anyone able to confirm this issue on their device? Is there a way to get both functions working simultaneously?
RocknTroll said:
I notice that enabling internal storage encryption on my One X disables all bluetooth functionality. The bluetooth toggle button in the device's settings menu becomes greyed out after encryption is enabled. Although I can still turn it 'on', it remains greyed out and never actually turns on. And when I exit and re-enter settings, it's back to 'off'. This issue occurred when the device was fresh, prior to installing or downloading anything onto it.
Is anyone able to confirm this issue on their device? Is there a way to get both functions working simultaneously?
Click to expand...
Click to collapse
Yes I have the same problem. I contacted HTC and they confirmed this problem on their test phone and reported it to tech support. Not sure they have a solution yet.
camera too?
I tried encryption. I didn't try Bluetooth, but I did notice the camera app locking up if I switched back and forth to the gallery. Did either of you notice anything similar?
JAC83 said:
I tried encryption. I didn't try Bluetooth, but I did notice the camera app locking up if I switched back and forth to the gallery. Did either of you notice anything similar?
Click to expand...
Click to collapse
I didn't have that problem. The camera app worked fine for me while I had encryption enabled.
Hmm...
RocknTroll said:
I didn't have that problem. The camera app worked fine for me while I had encryption enabled.
Click to expand...
Click to collapse
That's interesting, I wonder what I did to mine...
Did you encrypt both system and user partitions?
Yup
Bluetooth stopped working after encryption.
Roll on the OTA!
Sent from my HTC One X using XDA
Does the OTA fix it though? Haven't downloaded it yet.
Yes!
Just downloaded the OTA, it's not an update to Android which is still at 4.0.3, but the phone software level is now 1.28.401.9.
Bluetooth is now working for encrypted devices! Joy.
FatblokeUK said:
Yes!
Just downloaded the OTA, it's not an update to Android which is still at 4.0.3, but the phone software level is now 1.28.401.9.
Bluetooth is now working for encrypted devices! Joy.
Click to expand...
Click to collapse
That's great news!
Do you also know if enabling phone storage encryption (which is separate from internal storage encryption) no longer wipes the phone storage during the process?
No, I've not tried that.
Well in that case, I nominate you to be my guinea pig test subject. Do you accept?
that is very logical because when you encrypt your phone data your phone secures your files so another device can't read it.
So that's why it turns the Bluetooth off because the other phones just can't read your files anymore.
encrypting files is only necessary if you have secret stuff on your phone.
so it can't work simultaneously because other phone's don't know how to read your files.
DikkeD said:
that is very logical because when you encrypt your phone data your phone secures your files so another device can't read it.
So that's why it turns the Bluetooth off because the other phones just can't read your files anymore.
encrypting files is only necessary if you have secret stuff on your phone.
so it can't work simultaneously because other phone's don't know how to read your files.
Click to expand...
Click to collapse
Logical? That sounds very stupid to me. What if I need to use a bluetooth headset? I was able to use encryption and bluetooth simultaneously with several BlackBerries over the past few years, and I'm sure most encryption-able devices support that (my MacBook included). Anyway, it's been fixed with the recent OTA. Bluetooth now works while internal storage encryption is enabled.
Agreed! If it wasn't a bug it wouldn't have been fixed.
On that argument, you could argue that tethering should be blocked when in encrypted status.
Besides Bluetooth not working I had these following issues when I enabled encrypted storage:
FM Tuner
GPS
Can you please a) confirm whether FM tuner and GPS is working on encrypted device POST the OTA update and b) anyone confirm they have issues with FM tuner and GPS when they encrypted their device?
thanks
The FM Radio looks fine, it starts and I can hear stations once I plug in the handset.
The GPS icon appears in the status bar OK and the map is positioning correctly.
It all looks good.
Guys, any word on phone storage encryption? I'd still like to know if the device wipes the phone storage during the process of encrypting it. I've already installed too much onto it to risk losing it all and starting over.
EDIT: Turns out it's a feature, not a bug, and the device warns you of the imminent wipe beforehand.
Since I'm totally new to Android. When you select encrypt internal memory what exactly is going on? What does it encrypt exactly? Contacts? Memos? Messages?
Are there any know exploits / gaping security holes?
If my phone is lost or stolen is encrypted going to prevent any data theft?
Is it possible to have a separate (more secure) password that is just for device encryption other than the screen lock password? seems redundant that I must put in a password for device access and use the same password to unlock the home screen. Can two passwords be used?
Last question would be password. Is there a recommended minimum length? Don't want to type in a paragraph every time I unlock my phone.
Thank you for any info,
BR
bob_ross said:
Since I'm totally new to Android. When you select encrypt internal memory what exactly is going on? What does it encrypt exactly? Contacts? Memos? Messages?
Click to expand...
Click to collapse
It encrypts your entire drive, at least /data and /sdcard, not individual files.
Are there any know exploits / gaping security holes?
Click to expand...
Click to collapse
It uses AES-256 encryption. Not even the NSA (or any other government agency, or anyone without a supercomputer) can crack it.
If my phone is lost or stolen is encrypted going to prevent any data theft?
Click to expand...
Click to collapse
Supposedly, yes. But only if: 1.) You use a pattern/password/pin/face unlock on your lockscreen or 2.) You leave your phone off. If someone finds your phone, and you use only the slide lock and you leave it on, encryption is worthless.
Is it possible to have a separate (more secure) password that is just for device encryption other than the screen lock password? seems redundant that I must put in a password for device access and use the same password to unlock the home screen. Can two passwords be used?
Click to expand...
Click to collapse
I haven't used encryption, but I would have assumed that it would use a different password than the one for your Android user account. I'm assuming by your question that that's not how it works, in which case, that's kind of stupid.
Last question would be password. Is there a recommended minimum length? Don't want to type in a paragraph every time I unlock my phone.
Click to expand...
Click to collapse
Same rules apply to any password you create anywhere ever. A good mix of numbers and letters, no dictionary words, and probably 10 chars +. Use mnemonic devices to remember without making the password too obvious.
Thank you for any info,
BR
Click to expand...
Click to collapse
I should mention that you should also only bother encrypting if you will remain stock. If you plan on flashing ROMs, you'll just have to re-encrypt constantly. Plus, I'm pretty sure CWM and TWRP would be unable to wipe or install anything unless you unencrypt first anyway.
EndlessDissent said:
It uses AES-256 encryption. Not even the NSA (or any other government agency, or anyone without a supercomputer) can crack it.
Click to expand...
Click to collapse
Eh, I wouldn't be so sure. If I can build a device for like $3k that uses an array of consumer grade graphics cards to test 30B+ hashes per second the NSA probably has some insane computing power. Not saying it's cheap, but if they want to decrypt something of very high importance I bet they can do it, even for 256-bit AES.
advancedbasic said:
Eh, I wouldn't be so sure. If I can build a device for like $3k that uses an array of consumer grade graphics cards to test 30B+ hashes per second the NSA probably has some insane computing power. Not saying it's cheap, but if they want to decrypt something of very high importance I bet they can do it, even for 256-bit AES.
Click to expand...
Click to collapse
Thanks. I hadn't read about AES-256 since I encrypted my laptop several months ago. I looked it up again, and the part about the NSA was that they approved AES-256 as their own encryption model for top secret documents. The NSA must trust AES-256 at least marginally.
I'm interested in hearing about the security that other Android users employ on their devices. I don't ever have anything particularly sensitive on my device, but certainly data and images that I wouldn't want other people to have access to should my device be lost or stolen.
Obviously the first starting point is a lock screen code which I already have in place. I use a four digit pin code, and realise from playing around with it that after five incorrect attempts the device will make you wait 30 seconds before trying again. Is this the only restriction, or does the time get longer, or trigger something else after more attempts?
Secondly, I have a number of photographs stored on the SD card. Thinking about it this is a big security issue as someone could simply take it out of the phone and plug it straight into a laptop and go through the data.
The next issue is the encryption of the phone itself. I know that there is an encryption option built in, but I'm of the understanding that the password has to be the same as the lockscreen code. Which seems far from ideal as a 4 digit pin for the lockscreen code is convenient, but probably not strong enough if you're encryping data.
Finally, the option of a remote wipe. I've used a variety of apps in the past, but haven't installed any since installing my latest ROM. What do people use?
I'm interested to hear any input about what people use on the device, or what ways I could increase the security of my device.
Anyone getting hold of your phone can easily get to your data unless you encrypt them.
The best bet I think would be to install the EDS app or the Cryptonite app (both available on the Play). The latter has the capability to open and mount a Truecrypt container.
(I think you have to create the container first on a PC, but since I don't use Cryptonite, I can't be sure of it).
For remotely wiping your phone, I heard Avast! Antivirus app has the best reviews; and it's free.
Sent from my GT-I8150 using xda app-developers app
pepoluan said:
Anyone getting hold of your phone can easily get to your data unless you encrypt them.
The best bet I think would be to install the EDS app or the Cryptonite app (both available on the Play). The latter has the capability to open and mount a Truecrypt container.
(I think you have to create the container first on a PC, but since I don't use Cryptonite, I can't be sure of it).
For remotely wiping your phone, I heard Avast! Antivirus app has the best reviews; and it's free.
Sent from my GT-I8150 using xda app-developers app
Click to expand...
Click to collapse
Why do you favour EDS/Cryptonite over the built in Android encryption method. They seem to offer more flexibility to me. Will they encrypt the whole phone, or just a new, special folder? Like an encrypted zip file in a way.
I've installed Avast and am in the process of setting it all up.
creative-2008 said:
Why do you favour EDS/Cryptonite over the built in Android encryption method. They seem to offer more flexibility to me. Will they encrypt the whole phone, or just a new, special folder? Like an encrypted zip file in a way.
I've installed Avast and am in the process of setting it all up.
Click to expand...
Click to collapse
I prefer not all of my SD Card to be encrypted, since encryption is taxing to the CPU. Truecrypt containers will be mounted as a folder, so it's what I wanted: a space to store files which will be encrypted, without needing to encrypt the whole phone.
TrueCrypt also needs to be manually mounted; Android encfs gets automatically mounted on boot.
Plus, TrueCrypt containers have been known to stump even three-letter organizations.
Sent from my GT-I8150 using xda app-developers app
pepoluan said:
I prefer not all of my SD Card to be encrypted, since encryption is taxing to the CPU. Truecrypt containers will be mounted as a folder, so it's what I wanted: a space to store files which will be encrypted, without needing to encrypt the whole phone.
TrueCrypt also needs to be manually mounted; Android encfs gets automatically mounted on boot.
Plus, TrueCrypt containers have been known to stump even three-letter organizations.
Sent from my GT-I8150 using xda app-developers app
Click to expand...
Click to collapse
Thanks for sharing you knowledge with me.
I'm going to give the TrueCrypt approach a go. I'll probably set up a small area on the SD card first with some documents and photos and see how that works out.
There are other areas though that I wouldn't want a thief to have access to, such as my messages or perhaps my recent photos? I assume these can't be stored in the TrueCrypt container, but would be protected by encrypting the whole phone with Android's method.