I just encrypted my android, but when I plug it in my PC, all that is accessible without password, what the hell?

That is why they made the batterylife so shit.

It's ok. Most people really don't think this shit through. At any rate, a good strategy is to set up emergency contacts that you would call in an emergency or call regularly enough for it to be a concern when you aren't in private (presuming you can do this on android), and to reboot your phone whenever you leave "private."

It's a bit of a pain to remember at first. I put a sticky note on my door to remind me. But before long, it becomes routine.

Also, stick to either numeric or alphanumeric passcodes. I don't like the keyboard to enter in passwords, so I stick to numbers. Mine is 25 digits long to make up for this weakness.

>tfw no encryption that asks for a password after 10minute of idle time

Android didn't allow me password that has length greater than 17characters. So I used passphrase of 16 characters length (which makes me a bit uncomfortable, my passphrases are usually longer). Thanks for the reboot advice! Gonna do that.

give it back tyrone

There actually is. Just not on the OS version. You can set shit up like that with apps. Paypal is one such example. Problem with THAT is that Paypal has a preset time, and nothing else. You can restart your encrypted iPhone, and unlock it, and still get into paypal without any sort of code if you beat the timer.

>he doesnt use a privacy, encryption oriented iphone
nice b o t n e t

Isn't that what a lock screen password does?

ie: when the phone goes to sleep, does it not also lock the storage chip?

If 16 is the max, I would recommend sticking to alphanumeric. My 25 digit numeric is only protects for about 8 million years (if you don't account for apple's lockout/erase feature). But a 16 character alphanumeric pass with special characters is good for 93 trillion years.

It doesn't re-encrypt your phone, if that's what you are asking.

Easiest way to tell the difference, at least on iPhone, is to have one of your contacts call you when the phone is just locked, and then to try again when it's restarted. When its locked, it accesses your contact info and puts a name up on the screen. Freshly restarted is just the phone number, even if it's one of your emergency contacts.

I follow snowdens advice for passwords i.e. pasphrases, an alphanumeric phrase, for example Hiroshimoot#1WorldScammer!

>so there's no way of hiding my dick pics from gubermant I guess

Anything you do on your phone can be seen by the government.
They are watching, always.

And you shouldn't make dick picks with your phone anyways.
Use something with a screen that flips out so you can get a better angle, and preferable a wider angle lens to exaggerate the proportions.

Smart move. It's the better security option. That said, I just can't use the iPhone's keyboard for long passphrases, especially with the "10 tries and it deletes" feature. I can do 25 numbers on the go, but there's no way I could do so many characters with special characters and the like. Too easy to make a mistake while on the move.

That said, it deletes after 10 failed attempts, and it starts delaying you longer and longer after each unsuccessful guess, so between the actual odds, the delay, and the deletion, I think numeric only is still practical.

I never understood those who use fingerprints, though. I mean, it's one thing once you're in, like to access paypal or something AFTER you get into the phone, but to get into the phone itself? Stupid.

iPhone without iCloud, long-ass password to unencrypt, and sending them via Wire is about as good as you can get. Still not foolproof, but difficult enough that they won't bother you unless they think you are worth the headache.

Android doesn't have full-disk encryption, it only encrypts the /data partition. All your active logins will be encrypted but your personal files stored on the internal or external sdcard will NOT be encrypted. As mentioned, if your phone is powered on the /data partition will be decrypted until you reboot. If you plug in the phone via USB it won't be accessible if the screen is locked. ADB can access it but you need to grant the PC access at least once from the phone when the screen is unlocked and if your bootloader is unlocked then anyone can use TWRP to access your phone and all files outside of /data.

Stu[id question: If you encrypt your phone, do you have to enter the encryption key at boot time? Otherwise, how does it work?

Yes, you do. Your encryption key is the same as what you use to "unlock" your phone after the screen turns off, at least regarding the iPhone.

So your encryption key is potentially a 4 digit pin? Only an 8+ character password with multiple character types is secure against brute force, AFAIK. Are you required to enter such a password every single time you unlock your phone?

>Android doesn't have full-disk encryption, it only encrypts the /data partition
iOS has had this for years

I have no idea regarding android. Regarding iPhone, it's a minimum of 6 digits. Keep in mind the phone either locks down forever or erases itself after 10 incorrect guesses (with each subsequent guess requiring a cooldown time, the first being a minute, the last being an hour).

All that you'd need to run a brute force attack against an encrypted partition is an image of the partition. You do not necessarily need for the phone to be on.

The way disk encryption works on a desktop is that you enter a very secure key, which is much harder to crack than a typical user password, one time when the encrypted disk is mounted. That disk is then readable until it is unmounted. If you want to leave your computer while the encrypted disk is mounted, you can use a lock screen to prevent it from being accessible to anyone who does not know your user password. Since a user password is much less secure than an encryption key, you can set the computer to allow a certain number of login attempts before the encrypted drive is unmounted, which might involve shutting the computer down. That way, you can use a relatively easy-to-use password to secure a drive with a strong encryption key. Anyone who guesses your relatively-insecure user password too many times is suddenly faced with having to guess your much-more-secure encryption key instead.

If the password IS the encryption key, on the other hand, there is no way to stop it from being brute forced by anyone with physical access to the storage device, and shutting the device off after a few failed login attempts is little more than annoying. I don't think that it would make sense for this to be the case, but I also don't think that people are entering complicated encryption keys into their phones at boot time, and I don't know of a third scheme that a phone might use.

To my knowledge, in order to pull an image from the device (the iPhone), it has to be unencrypted.

I do leave the possibility open that I could be wrong, but this was my understanding. At any rate, I use a 25 digit pass.

I thought any modern Android ROM doesn't enable MTP unless your phone is unlocked, so unless someone grabs your phone while it's unlocked, they shouldn't be able to do aything via USB

That is correct.

I don't think that means that it's necessarily difficult for a sophisticated attacker to read the storage directly, though. At least, it's not so difficult that it's okay for the security of your data to depend on it.

>I don't think that means that it's necessarily difficult for a sophisticated attacker to read the storage directly, though. At least, it's not so difficult that it's okay for the security of your data to depend on it.
To depend on what, specifically?

To depend on the fact that whoever is trying to get at your phone does not have the tools or the skill to read from your storage device except by the phone's USB port.

You enter a 25 digit password every time you want to read a text message?

Oh. Well, I'm about as tinfoil as one can get while still being skeptical of unfounded claims, and I agree with you. I do not leave the privacy of my home without my phone being restarted, and, if I ever have to unlock it in public, I restart it immediately after I'm finished.

I don't text. It's insecure. I use Wire (which is still insecure, but not AS insecure).

>I don't text. It's insecure.
Surely you occasionally receive them though, right? In any case, the indented question is this: Do you really enter a 25 digit password every single time you want to use your phone for anything?

>I do not leave the privacy of my home without my phone being restarted
What does restarting it do?

>I do not leave the privacy of my home without my phone being restarted
so you think there is a realistic chance of someone taking your phone, disassembling it, somehow reading the RAM while the phone is running, and pulling the encryption key?

what do you have on your phone, government secrets, or do you like to take your CP in your pocket?

>Surely you occasionally receive them though, right? In any case, the indented question is this: Do you really enter a 25 digit password every single time you want to use your phone for anything?
Yes. Just numeric, though.

>What does restarting it do?
Fully encrypts the phone, you have access to nothing but your password screen, emergency call (essentially the ability to dial 911), and whatever info/contacts you put on your medical page. I put my name, height, birthdate, medicines I'm allergic to, and the phone numbers of my wife, both parents, my sister, my lawyer, my employer, and my best friend, that way I don't need to unlock my phone to get in touch with people who I might need to call when I don't want to unlock my phone.

>so you think there is a realistic chance of someone taking your phone, disassembling it, somehow reading the RAM while the phone is running, and pulling the encryption key?
I think that I might be detained at some point, and not think to encrypt it before hand. I don't do anything illegal, but my private life is my private life, and there is a treasure trove of personal info that I don't want some low-salaried cop having access to.

>you have access to nothing but your password screen, emergency call (essentially the ability to dial 911), and whatever info/contacts you put on your medical page.
Is this not also the case when the phone is locked?

No. When the phone is locked, they have the ability to pull the image of the phone, as well as whatever widgits one may have when you swipe from left to right, and access to the camera when you swipe right to left.

Oh, they also have the ability to pull from bottom to top to disable your cell signal, as well as any other number of things, unless you disable it (I have - most people haven't). This can make finding a stolen phone borderline impossible until it's already been sold on ebay.

>they have the ability to pull the image of the phone
The iPhone gives you access to its storage when its locked?

>This is also the case for iPhone.
Wrong.
The user partition isn't shown unless you click the 'trust' button, which you can only do if the phone is unlocked.

>some low-salaried cop
do you seriously think some cop at some random police station would have the tools or know-how to pull an encryption key out of the RAM of a smartphone??

even if the gvmt (CIA, FBI) had the tools to do it (which I doubt), they sure as hell aren't going to make them available to all police stations
so unless you're some wanted terrorist, there's no chance of that happening

I mean, do you even understand what it would take to extract the key?
even on a laptop/desktop, where the RAM is easily accessible and removable, your best shot is to freeze it, remove it, try to read the contents and hope they are still there, which is not always successful

now try that on a smartphone where the RAM is most likely in a BGA chip where you can't even access the pins, and would need a hot air gun to remove it.

>pull the image of the phone
they can do that regardless of the phone being locked, and the phone storage is always encrypted, that wouldn't help much

ssd.eff.org/en/module/how-encrypt-your-iphone

>REMEMBER: While Apple will be unable to extract data directly off a phone, if the device is set to sync with iCloud, or backup to a computer, much of the same data will indeed be accessible to law enforcement. UNDER MOST CIRCUMSTANCES, iOS ENCRYPTION IS ONLY EFFECTIVE WHEN A DEVICE HAS BEEN FULLY POWERED DOWN (OR JUST RESBOOTED, WITHOUT BEING UNLOCKED). Some attackers might be able to take valuable data from your device's memory when it's turned on. (They might even be able to take the data when it has just been turned off). Keep this in mind and, if possible, try to make sure your device is powered off (or rebooted and not unlocked) if you believe it's likely to be seized or stolen.

Capitalization was my doing, for stress.

>Some attackers might be able to take valuable data from your device's memory when it's turned on.
is there any proof that this has ever been done?

Interesting, thanks.

>they can do that regardless of the phone being locked, and the phone storage is always encrypted, that wouldn't help much
This is a question I asked earlier: Doesn't this fact negate the benefit of rate limiting password guesses?

>Being worried about the NSA being able to grab your phone data by literally reading the memory IC's since they can't get DMA through the system itself.
meh.

Again, the user partition is only shown if you hit trust, which can onyl be done if the phone in unlocked.
I don't care about exotic methods Three-Letter-Agencies can do, if they've got some beef with you, there is little getting away from that.

>Some attackers might be able to take valuable data from your device's memory when it's turned on.
Read it again. "Off," not "on."
Cold boot attack. I doubt that Apple is vulnerable, but it's possible, at least in theory.

nope nope. When my phone is locked I can connect via USB and see everything.

This is not the case for my OPO, which is three years old, nor has it ever been. What version of Android are you using?

of course, but if you relied on that you were an idiot to begin with

obviously the easiest thing to do is to pull the storage IC from the phone and read its contents.

the encryption is only as safe as your password

it says both, that they may be able to read the memory when it's on (how?), and even when it has just been turned off (cold boot)

again, my question, is there any proof that either has been done?

AFAIK a cold boot attack on a smartphone would be extremely hard since you can't readily access the RAM pins or get the chip out without some serious heat.

configure your settings properly, or get a proper ROM that doesn't suck balls

>again, my question, is there any proof that either has been done?
No clue.

That is only the case if you have no authentication process upon turning on the screen, ie. slide to unlock.
If you have a PIN / pattern / fingerprint / whatever, you can't access the storage on your phone until you unlock it. Unless you changed some setting which has undone that.

Maybe you're using a shitty ROM. My OnePlus3 does not enable MTP by default.

nice larp faggot!

Android 6.0

How do I change ROM?

I have enabled password to unlock. I have authentication process.

Is there a way to silently reboot android device after few failed unlock attempts? Locker from f.droid is nice but it could only wipe the phone.

What phone exactly is it? Just so that we know to avoid the manufacturer in the future.

Not even iPhone has this. Reboot the phone when you're done using it.

Put a fucking password on it you dumb fuck... You cant access the data with a password, but if its unlocked, its only encrypted when shutdown... Why even bother encrypting if you dont have a password/pin?

It's shitty domestic brand Tesla Smartphone lite 3.1

I do have a password, as I already explained. When my screen gets autolocked, I need password to unlock.

Then your phone is fucked if you can access it's files with a locked screen...

>of course, but if you relied on that you were an idiot to begin with
>obviously the easiest thing to do is to pull the storage IC from the phone and read its contents.
That is my thought as well. I've been trying ( and ) to figure out why phone encryption doesn't work this way: Require a strong key when the partitions are mounted (at boot time), and then rely on the lock screen while the phone is turned on. This way you could use a very simple and fast lock screen password, like a four digit numerical PIN, and just shut the phone down after five failed attempts, requiring the encryption key to boot back up. It seems like the best of both worlds (strong encryption and fast unlock) with no downsides. Right?

>So if anyone steals my phone, and plugs it in without restarting, they could see all my data?
No. This is not possible unless it is unlocked. And stop lying, when you plug your phone it goes to charge mode, not to MTP. This has been android feature since Kitkat.

Sage

Unless OP provides proof I suggest all anons to sage this retard.

I have a long FDE password and a simpler one on a lockscreen. So Ii might be useful as protection against bruteforce attack while not risking to accidentally wipe the phone.
> Reboot the phone when you're done using it.
And without FDE pass it will not work anymore. Why would anybody do it?

You enter an encryption key at boot and a simpler password at the lock screen? I have been trying to figure out whether or not this is the way phone encryption works for something like an hour now. Nobody seems to be able to explain this simply.

What operating system are you using? Is that the default encryption setup?

Lineageos but it should work on any rom. Just set up a lock screen pass, enable encryption, reboot and change FDE password to a longer one
xda-developers.com/how-to-manually-change-your-android-encryption-password/

I have wondered for years why Android did not seem to be capable of using a separate encryption key and lock screen password. I've never been able to find the answer with Google and I've never been able to get someone who seemed to know the difference between a password and an encryption key to explain it to me.

Thank you.

Silently? No. But tasker with secure settings plugin can do this. I am posting from a phone that I've configured to do this.

You can even remove the thermal limit and fry your CPU on a failed attempt to unlock.

Be careful if you change your lock screen password after changing your FDE pass with command line; FDE pass will change to your lock screen pass word.

>My lawyer as emergency contact
Found the kike