I'd like to enable Google Smartlock for passwords on my Google Pixel C, but when I was running Android N, under Settings/Security it shows my device as encrypted with no option to turn it off. So, I reloaded MM, N still has a lot of bugs I don't feel like messing with on an everyday tablet, but even under MM my device is encrypted with no option to disable it. Smartlock for passwords will not run on an encrypted device, but Google has decided to make encryption part of the OS. Is the only way around this is to unlock the bootloader and flash another ROM?
Rolldog said:
I'd like to enable Google Smartlock for passwords on my Google Pixel C, but when I was running Android N, under Settings/Security it shows my device as encrypted with no option to turn it off. So, I reloaded MM, N still has a lot of bugs I don't feel like messing with on an everyday tablet, but even under MM my device is encrypted with no option to disable it. Smartlock for passwords will not run on an encrypted device, but Google has decided to make encryption part of the OS. Is the only way around this is to unlock the bootloader and flash another ROM?
Click to expand...
Click to collapse
I never encrypt my devices so I couldn't speak about smart lock only working on encrypted devices. I know Marshmallow and up it's required for OEMs to encrypt (85% sure on that - I think it was supposed to start with Lollipop but OEMs weren't required to do so). Not that I don't believe you though, but that just seems weird for Google to "force" encryption but then allow another of their features, Smart Lock, to only work with unencrypted devices?
To answer your question - if you're running stock MM or N on a Google device, by default your data will be encrypted. The only way to decrypt would be to unlock the bootloader, format the data partition and flash a kernel that doesn't force encryption. You don't have to use another ROM per se, you just need a kernel that will keep you decrypted on your first boot.
I've no issue with smartlock on Pixel C, stock N5 and unencryted N9. I've only use trusted location - without GPS I wonder if you are having a problem with your location. Have you got "location" correctly set?
Ok, on your Pixel C, go into settings/Google, then scroll all the way to the bottom where it says Smartlock for Passwords, press it, and tell me what it says. When I do, it says, "This account uses custom passphrase encryption, which is unsupported at this time."
However, if I go to settings/security, I can enable Smart Lock, but just underneath where it says Smart Lock, it says:
Encryption
Encrypt Tablet
Encrypted
I never chose to encrypt anything, but, I guess Google uses encryption by default. Smart Lock can still be used, but Smartlock for Passwords can not.
Rolldog said:
Ok, on your Pixel C, go into settings/Google, then scroll all the way to the bottom where it says Smartlock for Passwords, press it, and tell me what it says. When I do, it says, "This account uses custom passphrase encryption, which is unsupported at this time."
However, if I go to settings/security, I can enable Smart Lock, but just underneath where it says Smart Lock, it says:
Encryption
Encrypt Tablet
Encrypted
I never chose to encrypt anything, but, I guess Google uses encryption by default. Smart Lock can still be used, but Smartlock for Passwords can not.
Click to expand...
Click to collapse
Sorry misunderstood. I think the answer is that using your own passphrase disables Smartlock on Android see: https://support.google.com/chrome/answer/1181035?p=settings_encryption&rd=1
"Some Google features will not be available after you set a sync passphrase
Google Now won’t show suggestions based on sites you browse in Chrome.
You won't be able to view your saved passwords on https://passwords.google.com or use Smart Lock for Passwords on Android.
Your history won't sync across devices. Web sites or URLs that you type in the address bar in Chrome will still sync."
Setting for Google/custom passphrase in chrome browser at chrome://settings/syncSetup
The strange thing is I don't use a custom passphrase, all of my information does sync between all of my devices, and I get Google Now cards based off my search history. However, last night, when I logged into an app, Smartlock for Passwords popped up and asked me if I wanted to save this password, so I guess it's working now. It still shows my tablet as encrypted, so I imagine it's just a bug.
Related
With Samsung devices, turning on device encryption force you to use 6 characters password (alphanumeric), which is troublesome if you use your phone often.
What I found out is that after I set such password, complete the device encryption and go back to the Lock Screen setting, I can change the password to 4 digits.
Going back to encryption setting, it said I can now encrypt the device, but must use 6 characters password. But isn't my phone already encrypted? AFAIK, there is no turning off encryption once it's done.
So at this point, is my phone encrypted or not?
lanwarrior said:
With Samsung devices, turning on device encryption force you to use 6 characters password (alphanumeric), which is troublesome if you use your phone often.
What I found out is that after I set such password, complete the device encryption and go back to the Lock Screen setting, I can change the password to 4 digits.
Going back to encryption setting, it said I can now encrypt the device, but must use 6 characters password. But isn't my phone already encrypted? AFAIK, there is no turning off encryption once it's done.
So at this point, is my phone encrypted or not?
Click to expand...
Click to collapse
The phone is encrypted but like you said you cannot permanently decrypt the phone once the process is completed.
DConrad2010 said:
The phone is encrypted but like you said you cannot permanently decrypt the phone once the process is completed.
Click to expand...
Click to collapse
Thanks for the info.
I am curious why initially the device requires alphanumeric passwords (which I created), but once encryption is done, I can go back to the "Lock Screen" and change it to just numeric password. I believe this will NOT remove encryption, but for confirmation, want to check if the encryption is still there.
lanwarrior said:
Thanks for the info.
I am curious why initially the device requires alphanumeric passwords (which I created), but once encryption is done, I can go back to the "Lock Screen" and change it to just numeric password. I believe this will NOT remove encryption, but for confirmation, want to check if the encryption is still there.
Click to expand...
Click to collapse
I had to un-encrypt my phone by unrooting via Oden. Once i Odened then you have to do a factory reset and you are un-encrypted for good.
Hey guys -
Need some detective help. I did something to my 10, and I think I did something with the encryption, but I'm not sure how or what.
Follow me here, since I'm not sure what caused it, I'll start at the beginning, and see if anything raises a red flag..
Got phone from HTC, US unlocked version. Got it in.. heck, this past June, I think.
Unlocked bootloader. Got Sunshine, ran it, but never paid and never turned S-OFF.
Never set PIN or Fingerprint.
Installed Viper10 when it was out.
Went to do fingerprint. Got screen saying that for backup, needed to set PIN. Set PIN, then taught it some fingerprints.
Never had data issues, and as far as I know, never encrypted phone. TWRP, when run, did not need me to enter any password or key to access the phone. On bootup, would get PIN prompt, but AFTER Android loaded.
Never got any RUUs, never upgraded Viper10.
Installed CM13 today. Whohoo!
Install went fine, no issues. Restored apps from TiBu, deleted unused bloatware, including the built-in Android keyboard.
Set up other options, and finally got to enter in fingerprints.
It gives me the same screen I got on Viper. This time, though (and I have no idea why), I back out back to Security settings, and enter in PIN there.
Then train fingerprints!
Now, when I reboot system, or boot to TWRP, I get a prompt asking for password (TWRP) or PIN (Android). HOWEVER.. I can enter my pin in TWRP just fine. But not Android. Apparently, since it hasn't booted, Swype doesn't work, and I get no keyboard. Can't enter PIN in at all.
That is my mistake, however, as I removed the built-in Android keyboard. (Something I've done countless times before on other Android versions without issue..)
So I restore Nandroid backup of Viper10. I still get the PIN entry, and STILL have no keyboard.
I see reference in TWRP about PINs not working, so I delete that locksettings.db file (from memory, filename is likely wrong here..)
Phone boots up. Yay. No PIN prompt. Yay.
But now I do NOT have data - as in, it's acting like my phone is unencrypted now.
So, what I'd like to know is -
If NOW my phone is unencrypted, and I'm getting the 'No Data' issue, what was my phone doing BEFORE, when I didn't have to enter PIN, but was getting data?
How can I get BACK to not having to enter PIN and still get data? (In my case, will the instructions for unencrypted work? Or is my phone now 'special'?)
How did I set the PIN the first time on Viper10, and not have it encrypt my phone? I'd like to ultimately get back to THAT scenario - where the lockscreen asks for PIN, but nothing else does (TWRP, Bootup, etc).
Thanks guys!
-Mike
I may be pointing the obvious, but have you do a full wipe before restoring your nandroid? If so, did you try to clean flash your rom to see what happens?
Maybe by removing stock keyboard something got messed up and keeps the keyboard in your nandroid from properly installing.
Yup, I tried restoring the Nandroid several times, some with wiping, some without. Also, I always clean-flash my new ROMs (i.e. ones not restored from nandroid backup, installed new, like going from Viper10 -> CM13)
Going to try again today while at work, see what happens.
During setup in CM13, there should be option to require PIN at startup (It is usually checked by default). Uncheck it and your phone will remain encrypted without requiring a PIN to start.
jackebuehner said:
During setup in CM13, there should be option to require PIN at startup (It is usually checked by default). Uncheck it and your phone will remain encrypted without requiring a PIN to start.
Click to expand...
Click to collapse
Technically correct (encrypted) but effectively incorrect: encryption is moot if a password is not required to decrypt it. It would be like locking your door and leaving the key in it: it's locked but it's not secure.
You need a system keyboard to be able to enter PIN on bootup; hence, the pre-installed keyboard (Google on vanilla, TouchPal on htc) isn't really 'bloatware' as it's necessary. Google makes a good keyboard; TouchPal, though, yeah, necessary bloatware in this case.
Rolo42 said:
Technically correct (encrypted) but effectively incorrect: encryption is moot if a password is not required to decrypt it. It would be like locking your door and leaving the key in it: it's locked but it's not secure.
Click to expand...
Click to collapse
Ah, so in previous ROMs (both OEM and Viper10, it technically WAS encrypted, I just never set the password? .. Huh.
Rolo42 said:
You need a system keyboard to be able to enter PIN on bootup; hence, the pre-installed keyboard (Google on vanilla, TouchPal on htc) isn't really 'bloatware' as it's necessary. Google makes a good keyboard; TouchPal, though, yeah, necessary bloatware in this case.
Click to expand...
Click to collapse
Interesting, thanks for this; good to know. A shame, but good to know that's just how it is.
coyttl said:
Ah, so in previous ROMs (both OEM and Viper10, it technically WAS encrypted, I just never set the password? .. Huh.
Interesting, thanks for this; good to know. A shame, but good to know that's just how it is.
Click to expand...
Click to collapse
Correct. The password is to get at the encryption key; it isn't the encryption key itself.
Bitlocker/SED works the same way. Otherwise, a password change would mean re-encrypting everything.
If you put in the wrong password, it'll look like you have no data.
Hey guys,
I have always had my op3 encrypted and I've become used to always entering the pin when booting up, accessing twrp etc. but today when I rebooted into twrp I didn't have to enter any pin to use twrp. When booting up the system I didn't have to enter a pin either.
When I check the settings under Security & Fingerprint it looks as in the attached screenshot, I don't have any options to decrypt or anything either
I'm running OOS 4.1.3, FrancoKernel #23 , Magisk 12, twrp-3.1.0-x_blu_spark_v27.
Is this something that anyone has experienced and know how to fix?
I want to keep my encryption but then, of course, you should have to use the pin.
Cheers!
Then the pin is defaulted and thus you don't need any. I don't need one, too and never did, but all is encrypted (Even locked down with a pin on bootup and fingerprint otherwise)
I believe this is an option you need to setup during the wizard when you initially set up the device. It asks you whether you want to require a pin on startup or not.
But, you can also turn this on by going to settings>security>screen lock.
From there, you click on the area where it says PIN. Confirm your pin, then click PIN again, and there should be an option to require pin for startup. Other than that, you are still encrypted, but it is all bypassed in order for quicker startup.
Sent from my ONEPLUS 3 using Tapatalk
noobtoob said:
I believe this is an option you need to setup during the wizard when you initially set up the device. It asks you whether you want to require a pin on startup or not.
But, you can also turn this on by going to settings>security>screen lock.
From there, you click on the area where it says PIN. Confirm your pin, then click PIN again, and there should be an option to require pin for startup. Other than that, you are still encrypted, but it is all bypassed in order for quicker startup.
Sent from my ONEPLUS 3 using Tapatalk
Click to expand...
Click to collapse
Ah that was it! it had somehow disabled itself, simply going in and enabling "require pin to start device" solved it.
Thanks!
Try removing the lock screen password and setting it up again and it will be back again in twrp.?
Hi friends, Yesterday i just tried to change my lock pin on my M9 (running latest naugat)but somehow i forgot it after setting it up.(stupid me). Then i tried to use android device manager to clear the pin .After signing in into manager,i could see my device and it presented couple of options.One of then was LOCK.After entering into Lock, Android device manager prompted me to enter temporary password and i entered it.But it didn't work.
At one point i thought i was going to loose all of my pics,data.But fortunately somehow i managed to enter the right pin after couple of tries.
So can't android manager be used to clear the pin on M9?I would like to know if in future someone gets into this kind of problem.Thanks
Android manager is basically an emergency lock out security app which gives you the ability to remotely lock the device and destroy the private data on it before it is compromised, effectively making the device 'useless' until it is flashed. It doesn't protect the phone except for reporting its location if connected to the Internet, it protects only the data on the phone. Nothing more.
Beamed in by telepathy.
shivadow said:
Android manager is basically an emergency lock out security app which gives you the ability to remotely lock the device and destroy the private data on it before it is compromised, effectively making the device 'useless' until it is flashed. It doesn't protect the phone except for reporting its location if connected to the Internet, it protects only the data on the phone. Nothing more.
Beamed in by telepathy.
Click to expand...
Click to collapse
Thanks for the reply.So is there any way to recover phone via google account login without loosing data or pictures?
How does it affect device encryption by enabling or disabling the 'Encrypt using lock screen password' option (in privacy settings)? What is opposite? What password is used for encryption if this turned off?
If this is enabled, then a password is required before running the android.
But when this option was not turned on, the menu showed "encrypted" anyway and the Terminal (termux), after entering 'getprop ro.crypto.state' and 'getprop ro.crypto.type' I received the message 'encrypted' and 'block'. So, the device was encrypt anyway (at least in theory).
The question is what changes the inclusion of this option and is it really worth?
wholegrain said:
... The question is what changes the inclusion of this option and is it really worth?
Click to expand...
Click to collapse
The result will be that Android (and TWRP) will not start until you enter the lockscreen password. If you don't reboot your phone very often, then you may be able to live with the hassle (bootup will be much slower). And you'd better not forget the lockscreen password. But if the bootloader is unlocked, and/or TWRP is installed, nothing stops anyone from formatting the data partition and using the phone for their own purposes.
Does it give you any extra protection over standard encryption + fingerprint or lockscreen password? If your bootloader is locked, then maybe. Is it worth it? That is a matter of opinion - but I personally wouldn't bother with it. The greatest security risk lies in unlocking the bootloader. Once you unlock it, the phone itself is easy to commandeer, even if your data is safe because of encryption.
DarthJabba9 said:
But if the bootloader is unlocked, and/or TWRP is installed, nothing stops anyone from formatting the data partition and using the phone for their own purposes.
Click to expand...
Click to collapse
You mean 'using for their own purposes' with my data or after wiped? Anyway, I enabled this additional authentication. I don't have unlocked bootloader or TWRP. If the phone is turned off, then stranger can wipe (by holding power + volume up) and use it as its own.
I'm interested in what the difference in access to my data by a stranger is when the option is enabled or disabled. When enabled - I understand that when the bootloader is locked and there is no TWRP, the stranger can't access the device's data. When disabled - data supposedly encrypted, but is not the "default" password recoverable too easily?
wholegrain said:
You mean 'using for their own purposes' with my data or after wiped?....
Click to expand...
Click to collapse
Your data cannot exist after the data partition has been formatted. If your bootloader is locked, then you don't need to worry too much - just don't forget your lockscreen password.
As for standard encryption with default password, this enables TWRP to access the encrypted storage without asking for a password. This is what a lot of people expect (and demand). Some people who are very concerned about data security often prefer to have to enter a password, even to start TWRP. It is all down to individual taste.