What you need to know about Android encryption Getty Images

What you need to know about Android encryption

Apple’s ongoing battle with the FBI has dominated technology news headlines. This battle's also raised legitimate questions about how safe user data is. So what’s the situation on Android?

Just like anything else in the fragmented world of Android, it’s complicated. Getting to full encryption has been a bumpy road. It was promised on Lollipop and didn’t materialize, but is now fully baked in as an option with Marshmallow (Android 6.0). So odds are if you have a relatively recent Android device, you should be able to encrypt your phone, which means your app data, account information, music, media, and other downloads can’t be read without the right credentials.

If you care about privacy, this is something you want. Google has been ordered before to unlock Android devices that were part of a court proceeding, so in theory it could happen to anyone. The same has occurred with several of the companies that use Google’s operating system on their smartphones. It’s unclear how many of these orders were honored, but before you light your phone on fire there are some steps that you can take (along with not committing any actual crime, of course).

No matter your take on the Apple case or similar lawsuits, every Android user wants their data to be private.  We don’t assume someone has nefarious purposes for locking their house or installing an alarm system: encrypting your data is a smart and common practice. So here’s a brief walkthrough of where things stand on getting your apps and data encrypted.


The directions are going to vary a little bit depending upon which version of Android you’re running. But unless your device is ancient, it’s not too difficult to ensure that everything is encrypted by going through a few simple steps. If you’re unsure of which version of Android you’re running, here’s where to check.

If you’re using Marshmallow, the good news is encryption is flipped on by default. So if you’re using a Nexus phone or a schnazzy new Galaxy S7 or S7 Edge, all you need is to add a security code (like PIN or password) or a fingerprint to enable it. Go to Settings > Security > Screen Lock > and create a add your fingerprint, PIN, or password. Typically you’ll want to do this first thing when you get a new phone, but if that’s not the case it’s time to get on the ball.

One thing to consider is that depending on your manufacturer, this may require you to enter the password every time you restart the phone. It’s a little annoying, but worth the price.

Your phone’s UI may look different, but there will be a setting that allows you to encrypt your data.

Additionally, newer Android devices come with a feature called factory reset protection. This means that when you go to wipe the device, you must re-enter your Google account details. Otherwise the phone is essentially useless. So even if you lost your phone it would be unusable and your data encrypted. Of course, you need to make sure that before you sell off your device to another, you’ve disabled this so you don’t end up with an angry buyer.

Be sure you’ve turned on the right setting that encrypts all your data.

If you’re using Lollipop or an older phone you’ll need to take on the task of encryption yourself. Head to Settings > Security > Encrypt phone (this may vary depending upon your specific interface) and then get comfortable. The process takes a while, and you’ll need to use a PIN, password, or fingerprint in order to unlock the phone when you use it. The requirement to re-enter a PIN or password when restarting will probably apply here, also.

Encrypt your messaging for extra security

The default method for communication on Android phones is SMS/MMS, a very outdated standard that is of course not encrypted. Unfortunately, Google’s Hangouts service does not support end-to-end encryption either, although communication is encrypted in transit for at least a deeper level of security.

So if you want to specifically encrypt your messaging, you’ll need to go with a third-party app like WhatsApp, Signal, Cyber Dust, or others who pledge that they’re using end-to-end encryption.

Signal, (left), and WhatsApp offer end-to-end encryption for all communication. 

That term is the key. Some services, like Google’s Hangouts, use encryption during the transmission of the message, but if the transmission isn’t end-to-end encrypted then it could be handed over to an agency that requests the data. These ultra-secure apps promise that they don’t even have access to your chat, so there’s no way for them to hand over anything.


If you have a phone that allows you to expand storage via an SD card, then you might want to encrypt that also.

Sometimes this results in slower data transfer when you’re saving a game or other content. But if you want to ensure that all your content is encrypted, you’ll want to take this extra step. In your security settings there will be a Protect encrypted data option.

You can ensure that all the data on your SD card is encrypted as well.

You’ll need to wait a while for the phone to work through the encryption process, but once you do this anything you save to the card will also be more secure.


The final thing to consider is that encrypting your phone alone doesn’t mean that everything you do is inaccessible: the data stored in your Google account is subject to a subpoena, and in the past Google has handed over the contents to law enforcement. To its credit, the company outlines the process to how it responds to warrants.

Of course, some are going to want to take all of this information with a grain of salt. You clearly won’t have as much visibility as a government agency or Google when it comes to what information is revealed. Google says users are notified when the company responds to a warrant or subpoena, but I can’t really speak from first hand experience here.

The bottom line is that many of the issues about encryption are less about the phone and more about your data. Even if Apple and Google make their operating systems unhackable, there’s still plenty of data that’s out there for the taking. This delicate balance is likely to play out for some time, and you’ll want to stay informed about all the nuances and advances in security.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.