1

I am trying to figure out if my Android (Pie) is encrypted.

Per Is there a way for a user to tell if their Android device is encrypted or not?, it says my phone will be reported as phone encrypted.

However, when I go Settings --> Lock screen & security --> Encryption & credentials, here is what I can see:

Encryption & credentials screen

One can see that:

  • My SD card is encrypted
  • Credential protection: Hardware-backed

I see no mention of phone encrypted.

Does this mean my phone's contents (not my SD card) is actually encrypted?

My Phone Specifics

  • LG-G710VM (aka LG G7 ThinQ for Verizon)
  • Android 9 (Pie)
  • Secure start-up is enabled

**2/24/2020 Edit**

In an answer below, @beeshyams suggested verifying encryption by following the answer to this question: How can I find out if my device uses FBE or FDE?

Using Termux I ran getprop ro.crypto.type.

It output: block, which means my device uses Full Disk Encryption.

Intrastellar Explorer
  • 113
  • 1
  • 6

1 Answers1

3

All devices that run Android 5 and beyond (out of the box) are encrypted. That's probably why you don't see a separate status for device encryption as you see for Ext.SD.

Encryption can be Full-Disk Encryption (FDE) or File-Based Encryption (FBE). The device is encrypted on first boot using default encryption and once the user sets up lock screen mechanism , that is used for encryption. Relevant extracts

  • FDE was introduced in Android 4.4 and is supported till Android 9.

  • Android 7.0 and higher supports file-based encryption (FBE).

  • For devices running Android 7.0–8.1, file-based encryption can't be used together with adoptable storage.

  • Devices running Android 9 and higher can use adoptable storage and file-based encryption

  • For new devices running Android 10 and higher, file-based encryption is required.

Your device being Android 9 with secure start up, it's most likely FBE. You can verify ro.crypto.type on Terminal Emulator and it would show file ( See How can I find out if my device uses FBE or FDE?)

Community
  • 1
beeshyams
  • 40,739
  • 30
  • 119
  • 269
  • Thank you @beeshyams! Turns out my device uses FDE, see my edit to my question. I am surprised, even with secure start-up enabled, it's not FBE. Thank you for the answer! – Intrastellar Explorer Feb 24 '20 at 17:47
  • 2
    @IntrastellarExplorer with "Secure start-up" turned on, your lock screen password is used for decryption. It doesn't switch between FDE/FBE. Encryption type is decided at the time of ROM development. – Irfan Latif Feb 24 '20 at 17:55
  • 1
    @IrfanLatif I purchased my ThinQ as a refurbished phone. In that case, would ROM development have been done at the factory where the phone was made? (I am not very familiar with Android) – Intrastellar Explorer Feb 24 '20 at 19:10
  • 2
    @IntrastellarExplorer yes stock ROMs are developed by OEM. But for many devices it's possible to have custom ROMs which can be developed, improved and modified by any developer. – Irfan Latif Feb 24 '20 at 19:58
  • 1
    @IntrastellarExplorer I wrongly guessed it to be FBE (used likely). This should not matter to your query whether the device is encrypted. As Irfan pointed out OEMs decide – beeshyams Feb 24 '20 at 21:59
  • Try with getprop ro.crypto.state, if knowing whether the phone is encrypted is enough for you. – Grimoire Mar 04 '20 at 20:04
  • 1
    @beeshyams OP ran getprop ro.crypto.type, not getprop ro.crypto.state. – Grimoire Mar 04 '20 at 20:11
  • 1
    @beeshyams I noticed the answer in that link, yes. Still, OP seems to have tried the "pretty way", not your answer's "better way". – Grimoire Mar 04 '20 at 20:30