Enabling Encryption in Android: A Guide
In this article, we'll walk you through the process of enabling Full Disk Encryption (FDE) on Android Lollipop devices, explaining the implications for device performance and security.
Enabling Full Disk Encryption on Android Lollipop
To secure your Android Lollipop device, follow these steps:
- Charge your device fully and connect it to power, as encryption requires uninterrupted power.
- Navigate to Settings > Security.
- Select Encrypt phone or Encrypt tablet.
- Follow the on-screen instructions, which typically include setting a secure lock screen PIN or password if you don’t have one already.
- The device will then proceed to encrypt the entire storage; this process can take an hour or more and must not be interrupted.
Security and Performance Implications
- Security: FDE uses advanced algorithms (typically AES with 128 or 256-bit keys) to protect all data stored on the device. Without the correct authentication (PIN/password), the data remains unintelligible, safeguarding against theft or unauthorized access—even if the storage chip is removed and accessed externally.
- Performance: On Lollipop-era devices, encryption was mostly software-based and could cause noticeable performance degradation because encryption/decryption occurs on the fly during read/write operations. Common effects are slower app launches, longer boot times, and reduced overall system responsiveness. However, newer devices with hardware acceleration have minimized this impact considerably. On Lollipop devices, expect some slowdown.
Additional Notes
- Encryption integrates with lock screen authentication as the key protector: if you lose or forget your PIN/password, you may lose access to all data permanently.
- Factory reset takes longer on encrypted devices since keys or data need secure erasure.
- Using Mobile Device Management (MDM) tools, administrators can enforce mandatory encryption on managed devices running Android 6.0+, but native encryption is still available on 5.0 with manual enablement.
- Errors during encryption (e.g., “Encryption Unsuccessful”) can occur due to corrupted cache, memory issues, or software glitches requiring repair or reset.
Key Takeaways
- Enabling FDE on Android Lollipop requires manual activation via security settings.
- FDE significantly improves data security but may cause some performance degradation.
- Newer Android versions implement encryption more seamlessly and efficiently.
- Trusted agents like Google smart lock and apps that change lock screen security settings will still function.
- Forgetting the password requires a full and complete factory wipe of all user data to regain access.
- The guide is based on Lollipop as shipped by Google on Nexus devices.
- The password should be kept private and not used anywhere else.
- Android's FDE is enabled by default since October 2015 on Android Marshmallow on Nexus 6P and Nexus 5X.
- The encryption process is power-consuming and requires a fully charged device.
- Keeping the device plugged in during the encryption process is recommended.
- Not everyone may need to encrypt their entire phone, but knowing the process is important.
- Every boot-up process will require the password to be entered during the boot process.
- A password is required for the encryption process and is used to unlock the phone and decrypt the data on the disk.
