Hi,
I may be wrong but my understanding is that unless specifically done by a carrier, Samsung devices come with an unlocked bootloader.
This means that if you don't have full disk encryption, anyone with access to a device can simply flash CWM/TWRP and access all your data.
How can this be considered a good security practice? Nexus devices (and possibly Sony) wipe /data on bootloader unlock (it's a quick wipe so easily recoverable by a power user but still).
In my few years around here I noticed that even most advanced of users rarely encrypt data, I think less than 1% of power users use encryption.
Has your data simply lost any value? Or is it simply ignorance?
Related
I noticed under phone storage you have the option of encrypting, which requires a PIN when the phone is rebooted. Without the PIN the storage is virtually inaccessible (would require a massive brute force hack attempt). My phone is rooted / unlocked / s-off. Should I encrypt the data? Would it have any kind of negative impact on things like performing a full backup/restore from the recovery or anything like that?
I encrypted my developer HTC One before rooting and adding recovery (CWM), and now it can't access anything worthwhile from recovery.
I feel like encryption was a huge mistake. Until we have a recovery that supports decryption, this feature is a bit of a joke for rooted devices.
I have a OnePlus 3 and I was thinking of encrypting it for additional security & privacy reasons. But since I flash various ROM level mods / use xposed modules on my phone, I was wondering about the negative consequences I have to face after encrypting an android phone.
I have a few doubts which need to be cleared.
1) Since my android phone would be encrypted, would I absolutely not be able to flash any new files/make nandroid backup from the recovery?
2) If 1) is true, which means, let's say I install an xposed module which causes a bootloop. Now I would have no way to disable all the active xposed modules from recovery since the files are encrypted, which means I would have to restore everything from scratch?
3) Is there absolutely no known way of decrypting android/access files unencrypted from recovery if we know the master PIN/password?
Can somebody who has dealt/dealing with an encrypted android phone please answer these questions? Thanks.
Deleted
Hi, thanks for your reply.
Just Passing By said:
1. When you access recovery on an encrypted phone, you have to decrypt your phone. After that, your recovery can do anything it normally could do. This would of course include flashing ROMs, zip files, and making nandroid backups.
.
Click to expand...
Click to collapse
2 things to say about that.
1)Decrypting just to flash files is a huge problem. TWRP/CWM should have a feature when it asks for the master PIN/password on the recovery, then after I enter it, it should decrypt the data on the fly and then mount the system and data partitions unencrypted so that I can flash files without going though all the decryption process.
2)Correct me if I'm wrong, but all android decryption processes I read online require wiping all data/doing a factory reset. That's again a huge problem. Why? In case I flash a mod/install a xposed module which causes a bootloop, I would have no way to decrypt my data, even if I have my master password. Which would mean I would lose all my files which I haven't backed up.
Problems like these could be avoided if TWRP provided permanent decryption/on the fly decryption using the master PIN. Comparing this with veracrypt on windows for e.g. , let's say my windows is encrypted with veracrypt and a hardware failure occurs at some point in the future & windows refuses to boot, but I'm able to load a live ISO. In this case, veracrypt offers a rescue ISO which I could use to decrypt the data without losing all my files after I enter the master PIN. So in this case, I can have security of encryption & also the convenience of decrypting it without losing all my files with the master password in case my main OS refuses to boot.
If I can't decrypt android from the recovery using the master PIN, that would mean in any case my android refuses to boot, I have lost all my files.
3. I'm assume you meant to say "... If we don't know the master PIN/Password?" And the answer to that is yes. If you can't decrypt your phone, you'll lose everything in it, so making periodic backups is a must. Otherwise, there'd be no point if you could just decrypt things right?
Click to expand...
Click to collapse
No, I did not say that wrong, sorry if I wasn't clear enough on my first post. I just wanted to know if there was a way to permanently decrypt android from recovery using the master PIN so that i would be able to recover my files to a USB in case my android refuses to boot.
Deleted
A family friend has given me his Xperia Z5C (running 7.1.1.) as he's accidentally deleted some photos and wanted me to take a look at recovery.
We all know that to get the necessary access the device needs to be rooted, but this also requires wiping the device. My question then is how secure is the wipe / erase when rooting, is it a full overwrite (in which case there's little point trying) or is there a chance that some data might be present at the block level after rooting?
I'm not inclined to go through the process of rooting if it's futile, but if there's a chance there may be some files still recoverable, he'd probably want me to try.
Thanks for your help.
I've done some search here. Most of the relevant ones are 5 years ago. A similar one was talking about FRP, and another one got no reply. So I think I might start a new one.
This is about wipe my phone and give/sell it, so the later users won't get my data. I wonder:
1. I head it's generally impossible to avoid others to recovery the data (unless maybe a long time format?). The closest one is to wipe -> fill up -> wipe -> ... I wonder if we fill up all the capacity in the first time, shouldn't all the previous data be overwritten, why repeating so many times (and still there's a chance to recover data?)
2. My phone has encrypted data partition, which is said to be safer (the lock screen won't be hacked or something?). If encrypted data is really this safe (and fast), maybe we can just encryp the data partition first and then wipe it. I know there must be something wrong, which I'm missing.
Sorry for my English, and maybe the encrypted data partition is not so related to this topic.
I was thinking just ask some one to make a usb flash from the internal memory. Reselling phone is more like protecting the environment, because most of my phones are old. Maybe the buyers would just break it and sell its components, so just ask for making a usb flash maybe.
Hi,
Is it possible to extract old data after factory reset by reading image of user data partition as image.
Idea was to:
- read user partition image
- use PhotoRec or something similar to extract data.
Main concern is encryption, if data was encrypted before, and keys are deleted
during factory reset, chance is that read image will contain trash that is not recoverable.
Currently I know that to read images from phone I need to
- unlock boot
- root phone
This process will also wipe user data again and possibly set new encryption keys.
So it looks that doesn't make sense to event attempt entire process because it will
void warranty of phone and read data will be trash.
Phone is MI A2 with Android One, but I presume it is same with any android phone
that has encryption enabled by default.
Thanks for comments and pointers