How To Encrypt Data on Your Smartphone

smartphone with lock1   How To Encrypt Data on Your SmartphonePrism. That’s the new buzzword out there for the infringement of your privacy when it comes to cellphones. If you think Verizon is the only carrier that a government has its nose in, I’d suggest that you are a little naive. With the Prism-Verizon scandal, what allegedly has been happening is that the United States of America’s National Security Agency (NSA) has been data mining.

That is, they have been going through the call records of Verizon’s approximately 99 million users looking for, well, anything! The call records don’t include the conversations themselves, but data such as phone numbers dialed, time and date of call, and duration of call. But if I’ve learned anything from Gene Hackman movies and Wired Magazine, it’s that when it looks like the government has a toe over the privacy line, they’ve really actually driven a white van across it and camped out in your backyard a long, long time ago.

If the thought of the occasionally overzealous government official isn’t enough reason to encrypt your smartphone, then all the identity thieves and scammers out there ought to be. Think of how much of your personal information a bad guy could get, if they found your phone. Names, addresses, passwords, account numbers, and goodness knows what else. For a different take on Internet monitoring, check out James Bruce’s article, about how Internet monitoring laws will make criminals harder to catch.It’s very timely, all of a sudden.

Today, I’m going to show you a few things you can do to make that information a bit more secure.

How to Encrypt Smartphone Data

If you don’t at least have a PIN number that you have to enter to access your phone, you really need to do that right now. You can do it with either a PIN, pass phrase, swipe pattern, or even face and voice recognition. Any of these is better than none of these. You may also want to take any lock screen widgets off as well. These can reveal what town you live in, or maybe even what stocks you are following. Go ahead, set it up, I’ll be here when you get back.

lockscreen   How To Encrypt Data on Your Smartphone

What can you tell for certain about me from my lock screen now? That Telus is my service provider, so I’m probably in Canada. That’s it. Everything else is common information such as the date and time, and temperature. That tip alone could save you from prying questions of overly-observant shoulder surfers. “Say, I see you work in IT too!”, “Is that your little girl? What’s her name?” Creepy questions, when asked by creepy people.

Encryption is The Key

To really secure your information, you need to use some sort of encryption. By encrypting the data on your phone, even if someone gets past your lock screen, whatever else is on the phone is pretty much useless to them. Unless they have a lot of time and the right skill set, of course.

Whether you have an iPhone, Android, or Windows phone, you should encrypt most, if not all, the data that is on the phone. Let’s take a look at how the different phones allow you to encrypt your personal information.

Android Encryption

Go into the Settings screen and scroll down until you find the Security tab. Click on that and you’ll see a couple encryption choices. To encrypt the entire device, click on Encrypt device. What this will do is encrypt all of your data, and you’ll need to enter your password to decrypt it every time you turn your phone on. This process can take quite awhile, somewhere around an hour, depending on how much data you have to encrypt. This process requires a 6 character password with at least 1 number.

It’s important that the Galaxy Nexus user manual notes that, “If you already set up a screen lock, you must use the same PIN or password. You can’t have two PINs or passwords.” If my permutations math is worth a damn at all that’s more than 371,993,326,789,901,217,467,999,448,150,835,200,000,000 permutations. That’s a lot. Like, more than a bunch.

Okay, I used a calculator.

android encrypt device   How To Encrypt Data on Your Smartphone

If you are using an external SD card to store sensitive data, you can choose the Encrypt external SD card option on the Security screen. There are some options when encrypting an SD card – you can either encrypt the entire card, or only new files that you are adding to the card from this point in time onward. Again, it uses a password to decrypt the files. Just like the device encryption, it’s a 6 character password with at least 1 number.

android encrypt sd   How To Encrypt Data on Your Smartphone

iPhone Encryption

The process for encrypting the data on your iPhone is absurdly simple, at least in iOS 6.1. All you have to do is set a passcode to access your phone when you turn it on. The catch is that only iMessages, mail messages, and attachments stored on the iPhone and some apps available from the App Store may use the data protection. That’s according to the iPhone iOS 6.1 manual. If someone attempts to figure out your passcode, after 10 failed attempts, your encryption key, and therefore your data, is erased provided you’ve enabled the Erase Data setting in Settings > General > Passcode Lock.

When you back up your iPhone to your computer via the iTunes application, you can encrypt all your phone data that is backed up. This is a good idea as well.

iphone backup encryption   How To Encrypt Data on Your Smartphone

Windows Phone Encryption

It seems that Microsoft has caused a lot of confusion for Windows 8 phone users, when it comes to encrypting their phones. According to the Windows 8 How-To page, “Other security features, such as device encryption, can be turned on by your employer via a company policy.” I haven’t priced out Exchange Server lately, but most non-corporate users of a Windows phone are not going to buy it. There also seems to be a lot of confusion about whether the feature can be turned on if you have an Office 365 subscription. I chatted with a Microsoft rep, and their response was that I would need the Exchange Online Plan 1, at $4.99/month.

Even then, if you look at the transcript of the conversation, I don’t think they were too sure this would work either.

windows phone chat   How To Encrypt Data on Your Smartphone
This is a real shame, since Microsoft is using the BitLocker technology to encrypt the phone’s contents. This is a powerful tool indeed! I’ve covered the basics of how BitLocker works and the degree of security that it gives you. Mind you, there are some Windows Phone 8 apps that will give you some sort of encryption on different file types, although it would be nice to have this functionality native to the phone, like the Android and iPhone. Too bad Microsoft, too bad.

If you’re looking for encryption software for your Windows Phone, I’ve already done the search.

The Take Away

Is the government going to be snooping through the files on your phone? Most likely, no. Should you encrypt the contents of your smartphone anyway? Yes, there are lots of two-legged rats willing to crawl all over your phone for any tidbit that can profit them. Which phone seems to do the best job of encrypting data? I’d have to say that the Android phone does, since it is the only one that natively can encrypt the entire contents of your phone, with the iPhone just behind it, and Windows Phone coming in a distant third. Really distant. More of a no-show, really.

Is your smartphone encrypted? Did you use a third-party application to do it, or just what the phone came with? Has it made it difficult to use your phone at all? Do you think it’s necessary to encrypt your phone? Why don’t we talk about it, unencrypted of course, in our completely unsecured comments below.

Image Credit: Smartphone with Lock via Shutterstock.

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

29 Comments -

SH

“If you already set up a screen lock, you must use the same PIN or password. You can’t have two PINs or passwords.”

Does this apply to devices other than Galaxy Nexus? Does it mean that I must use a PIN or password and cannot use a “pattern” screen lock? And what’s the difference between a PIN and password anyway? Is one more secure than the other?

Thanks

Guy McDowell

I’ll answer your questions in order…

This applies to devices with Android Jellybean. It may apply to devices with Android Ice Cream Sandwich, but I’m not certain. I don’t have one to test with.

It means that you must use a PIN or password, the pattern lock won’t work.

A PIN is Personal Identification Number – all numbers. A password can be all numbers, all letters, or a mix of course.

Solid questions! I hope this helps you out.

SH

That does help a lot. Thanks!

Hunting.Targ

Since I have a phone running Ice Cream Sandwich, please allow me to fill in.
In Settings?Security, the phone encryption option requires you to enter a password “of at least six characters, including at least one number”, so this is not the same as the screenlock pin. I would also point out that there is an option (at least in my case) to leave multimedia files on the SD CARD ONLY unencrypted. This might be handy for faster access and backup, but since we’re on the topic of privacy, I doubt anyone wants to leave open the possibility of a street rat or gov’t. agency seeing images of their family, close friends, or co-workers.

Guy McDowell

Y’know, now that you say that, it makes me realize that Google is using the acronym PIN incorrectly.

That’s interesting about the ‘multimedia files on SD card only’ unencrypted option. You’d think that they’d have just the two options of ‘encrypt SD card’ or ‘leave SD card unencrypted’. Either way, I agree that it’s best to encrypt the whole damn thing.

Curious

Guy: What is the most commonly used encryption algorithm on mobile phones? Is the algorithm compliant with FIPS AES128 at the very least? Thanks.

Guy M

I had to do a little research to answer this one. The most recent spate of smartphones appears to use AES 256. It also looks like the majority of them are FIPS 140-2 compliant.

David Moreira

Always good to know, thanks!

Rick

This is great advice that everyone should take into consideration on their devices to protect themselves from data theft and more.

TechnoAngina

Unfortunately Google won’t protect your phone from the government if it want to break your encryption, it will just reset your password. Apple is slightly better in that it will just crack your password, but if you’ve got a sufficiently long passphrase, which means more than 8 characters it will be difficult currently for them to break. Once on your phone you can use something like RedPhone or SecureText to encrypt your actual communication and Obscuracam to obscure pictures. I’m not paranoid though, I swear. Then again, I’m not all that hard to find online.

Guy McDowell

If you had all the resources that a G20 country has at their disposal, how long do you think it would take for them to break into and decrypt your files? If they really, really wanted to? Maybe a day.

The level of security we talk about here would prevent casual tip toeing through your files, if someone with clearance was ‘just curious’. Really, that’s all most of us need though.

TechnoAngina

A day to crack encryption? Not unless you had a really weak password(which honestly is a problem) or more powerful computers, which thankfully are constrained by costs. Encryption does work wonders. You’re correct though, most users would do perfectly well to start with the security features you list, I think your tag line referencing PRISM is what makes me sad about Google. I’m just bummed there isn’t a better kind of whole device encryption which won’t/can’t roll over, like TrueCrypt but for the Android device. Whisper systems were working on something until they were bought by Twitter, but at least they open sourced the programs I listed above and there are still folder level encryption softwares out there. Great article though.

Guy McDowell

Yep, a day to crack, “If you had all the resources that a G20 country has at their disposal…” I’m guessing you missed that part. You do realize that communications between countries are monitored, and therefore already cracked, on a daily basis. All of these with far greater encryption methods than what Betty Facebook is using on her iDevice when she buys a $400 snot-rag-bag. (Really folks, that’s all a Coach bag really is.)

I’m really snarky after 10:00 p.m. Sorry ’bout that.

Guy McDowell

Here’s where we encounter a problem and enter a territory that simply isn’t documented, or really talked about.

Why would any agency say that they can crack, say, AES quickly and reliably? That would send the private sector reeling. It would send those bad guys that are depending on AES scrambling for something else. If you were a theif and knew the combination to the banks safe, would you tell them?

The problem here is that I can’t point to a document to confirm this.However, consider this article Researchers Crack 923-bit Encryption, Set New World Record. This was done in 148 days with 21 computers and 252 combined cores working on it.

Once the algorithm is developed and tested, time to implement the algorithm goes down dramatically. Then take a look at the kind of data centers the U.S. gov’t has at its disposal, and are currently building – far greater than 21 computers with 252 cores. Each additional core and computer drops the time significantly again.

Personally, I believe that there are a lot of gov’t placed back doors and keys. Of course, no one is going to advertise that fact – that would defeat the purpose.

I’m not saying encryption is worthless, I’m saying it’s not perfect security. It is reasonable security.

Hunting.Targ

Browsers like Firefox may not use encrypted packets (not by default, anyway), however there is one boon. Since I know that Firefox uses one-way encryption to store passwords, even on a decrypted device these should be irrecoverable, even though the NSA has access to most every algorithm approved for commercial use.

And, “Just because you’re paranoid, doesn’t mean they’re not out to get you.”
At least that’s what a retired engineer friend of mine says.

Guy M

@TechnoAngina – It appears that Edward Snowden’s revelation of BullRun has pretty much proven what I thought might be going on.

Onaje Asheber

Good Info!!!

Chiranthaka Jayakody

A very useful article !

Patrick Dickey

One question that I have is this: On an Android phone, if you decide to turn off the encryption (for whatever reason), is it a painless process, or do you risk losing the data? Mainly, I would think that someone would want to turn the encryption off (at least on their SD Card) if they’re transferring everything to a new phone.

Have a great day.:)
Patrick.

antihero

Patrick,
“You can’t decrypt your phone except by performing a factory data reset, erasing all your data.”

This comes from the Encrypt phone instructions on android phones. Well at least a CM10 ROM, not a 100% sure if that changes on different ROMs or being unrooted. But I would assume this is a base android function.

TomSix404

It is very real and very scary that with all this that is going on, but encryption is part of a process to ensure some type of security.

antihero

So Guy, even after all the encrytion, it really doesn’t matter much… How to bypass an Android smartphone’s encryption and security: Put it in the freezer
http://www.extremetech.com/computing/150536-how-to-bypass-an-android-smartphones-encryption-and-security-put-it-in-the-freezer

Guy McDowell

I have read articles similar to this with regards to encrypted hard drives. It’s a pretty tricky process that requires you to have your hands on the phone. Encryption still provides reasonable security against attacks over a network. If your phone gets stolen, then they have as long as they want to decrypt it. Most phone-stealers won’t even bother unless you’re a super spy and they are an evil villain.

antihero

So Guy, even after all that encryption, it really doesn’t matter much with… How to bypass an Android smartphone’s encryption and security: Put it in the freezer
http://www.extremetech.com/computing/150536-how-to-bypass-an-android-smartphones-encryption-and-security-put-it-in-the-freezer

greebo

very interesting,like it!

wondering

If you encrypt your device, if someone takes your device will they be able to read text messages, look at your pictures, etc.?

Guy M

If they have your password to log on to your phone, then yes, they would be able to read text messages, look at pictures, etc. That’s why PIN and password protection is an integral part of encryption and security.