Can I use dd to back up my Android 11 if it is FBE encrypted? I have looked around for guides and paths on this matter, there seems to be only one way, which is to use TWRP to back up the data while it's decrypted and flash it for restoring. I have root on my phone, the TWRP of my phone, Samsung Galaxy M40, does not support decryption. The TWRP is originally built for the Samsung Galaxy A60, but it seems to work for my device. My theory is that if I just use dd if=/dev/block/mmcblk0 of=mmcblk0.img to an SD card, reformat my phone, and reflash the disk image on the disk, I should logically be able to restore my data even though it is encrypted. The encryption key is possibly in the img as well, so all it would ask is my PIN. Some partitions are decrypted in the TWRP file manager. The actual root partition seems to be /, but when it mounts the OS and I use adb to check, it seems to chroot into /system_root, making it the / for the Android. I noticed in /data/unencrypted/key/encrypted_key, there seem to be some encrypted keys that might be responsible for the PIN decryption. So, if I image the disk and reflash it via TWRP terminal, I should be able to restore my data even though it is encrypted.

My Android device no longer recognizes its **encrypted SD card** (formatted as Adoptable Storage), **even though it was originally encrypted by this same phone**. The card is inaccessible in file managers, and standard fixes (rebooting, reinserting) fail. I need to recover data without formatting if possible.

I have a similar goal as discussed here 5,5 years ago: But I'd prefer to use a file-based approach on-top of a "removable storage" setup managed by Android, so I can dynamically choose how much of it I want to use to store my private encrypted files only readable by this phone and other devices where I enter the key - and how much for unencrypted files I can share with other people by removing the microSD-card from my phone. I managed to easily setup a gocryptfs volume using the DroidFS app installed via F-Droid and also mount it via a Termux root shell with gocryptfs /storage/67DF-FCFD/DroidFS /mnt/crypt -nosyslog -allow_other The remaining obstacle is how to make that decrypted view = mount of my gocryptfs volume available for any app to read from and write to? I thought I could use a bind mount, see also: and But so far everything I tried failed:

# mount | grep /crypt
/storage/67DF-FCFD/DroidFS on /mnt/crypt type fuse.gocryptfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other,max_read=1048576)
tmpfs on /mnt/crypt type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3900340k,nr_inodes=975085,mode=755,gid=1000)

# ls -alih /mnt/crypt/1/
total 5.2M
1048987 -rwxrwx---. 1 root media_rw 773K Mar 11 22:06 IMG_20250311_220628_348196.jpg
1048988 -rwxrwx---. 1 root media_rw 2.1M Mar 11 22:06 IMG_20250311_220639_873732.jpg
1048989 -rwxrwx---. 1 root media_rw 2.1M Mar 11 22:06 IMG_20250311_220644_933558.jpg

# nsenter -m -t pgrep rs.media.module -- mount -o bind /mnt/crypt/1 /storage/emulated/0/crypt
CANNOT LINK EXECUTABLE "mount": library "/data/data/com.termux/files/usr/lib/libtermux-exec.so" not found: needed by main executable

$ su -Mc mount -o bind /mnt/crypt/1 /storage/emulated/0/crypt
mount: '/mnt/crypt/1'->'/storage/emulated/0/crypt': No such file or directory

Please help! Thank you :)

I have a Samsung S9 phone running lineageos with root I want to make a full backup of apps, config, SMS, etc. (Basically a byte-to-byte image of the disk). This is to wipe it and install only the essentials again (I'm running low on storage, and ram including swap, to start clean from scratch.) However there are two roadblocks on my way: - The phone since it has Android 13 It is encrypted, so on recovery i can take a full disk clone but cannot access my files - Powered on the device is obviously using the disk so i cannot pull an image if it is being used. So, how i can make a carbon copy of my phone but decrypted? Like i just double click an .img in my linux pc and just browse the files? With my very limited knowledge on mobile architecture i have 2 guesses how can this be done: - Extract the entire disk encrypted, Then i turn it on and extract the "key" to decrypt it, leveraging my root access if possible. - Mount it like a USB hard drive when powered on, and "decrypted" (yes that i know physically is still encrypted and decrypts onto ram on the fly or something along those lines) and make an image with dd, gparted, gnome-disks, etc. But I might be just way off, so I'm open to try anything...

Assuming that I have full access (root if neccesary) to a device running vanilla Android 8.1, how can I know if it is using Full Disk Encryption or File Based Encryption?

On the Android smartphones I have used so far (e.g. devices from Sony, Motorola, Google or Nokia), there was always an option somewhere in the settings that allowed the smartphone to be encrypted. As far as I can remember, this option was always active by default and the file system was therefore encrypted. This observation is also supported by my research, according to which at least newer Android devices are generally delivered with encryption activated (e.g. here ). I have now received a new Samsung Xcover 7 and have unfortunately realised that it does not meet my requirements. For this reason, I would like to send it back to the dealer. Of course, all private data should be removed from the device beforehand. So far, I have always assumed that a factory reset would be sufficient to achieve this, as the actual data is encrypted. To make sure that the data is really encrypted, I checked the settings. However, I could not find the above-mentioned option there. I therefore asked Samsungs Support Chat whether the Xcover 7 is encrypted by default and was only told that this is not the case. My comment that I could not find an option to activate encryption in the settings was answered as follows: „I do understand your concern. However, we do not advise encrypting your device as it may affect your devices' software.“ Did the support employee (Samsung UK) simply have no idea or does his statement correspond to reality? I asked the same question again in the German Samsung support chat and got the answer that the device is not encrypted be default.

I have Realme 7 Pro device with an unlocked bootloader and installed custom ROM: - Project Elixir 3.8 - Android 13 - Kernel 4.14.212 - Selinux Status "Enforcing" - Custom Recovery "OrangeFox R11.1" The phone is showing "phone not encrypted": I tried to follow this XDA thread to make the phone encrypted with no luck. When I use the stock firmware I got it encrypted normally with "FBE Encryption", but with custom ROMs, it's not. **Is it possible to encrypt the phone when using custom ROM? and how?** Thank you.

I accidentally upgraded my phone to Android 12 instead of a newer Android 11 and, to my dismay, it seems encryption was changed in a way that makes TWRP unable to decrypt my /data. For backups, I ran [borgbackup](https://www.borgbackup.org/) on /data from TWRP and would like to continue doing so. This strategy relied on TWRP being able to decrypt /data however. Is there another way to get: * Decrypted /data * No active processes modifying /data (ideally have it readonly) * Shell access * A writable rootfs where I can create a subdirectory to mount a tmpfs on I tried using Magisk to mount -o remount,ro /data in a running system but that didn't work: mount: '/dev/block/bootdevice/by-name/userdata'->'/data': Device or resource busy

My Android phone is dead, but I want to recover my data. I removed eMMC using chip-off and acquired the image/dump file (userdata.bin) using Easy JTAG. The phone had Andriod 9, which uses Full Disk Encryption. I had a passcode on the phone. I tried to recover data from the dump file using crytpsetup command but failed. I know Andriod 9 uses AES. Can I use cryptsetup command to decrypt, as I have the passcode to the phone, and recover my data from the image/dump file (userdata.bin)

Can an Android device connect to the internet before the user enters their decryption password? I assume it cannot connect to saved WiFi networks, as these should be encrypted, but how about mobile networks?

AFAICT, Android builds upon Linux' standard fscrypt as implemented in ext4 and f2fs. I know my pattern and have access to a shell with any Linux program in it. How can I decrypt /data manually, without the Android OS running? (i.e. from Lineage Recovery) If that's not feasible, why?

My doubts are, 1. Would an android device shipped with Lollipop 5.0 get encrypted itself upon first boot? I saw a lot of blogs saying Lolipop does not come with default encryption but in the official link it says that devices get encrypted by default upon first boot — too many confusing blog articles. What is the difference between default encryption and encryption on first boot? 2. Most blogs say we have to manually encrypt the Device but I don't understand — if it's already encrypted upon first boot, then why encrypt again manually? What is the advantage?

Is it ever possible to get a backup of my Android smartphone's decryption key (I have my /data partition encrypted) in case something goes wrong? My phone is rooted. I have Galaxy Note 4 SM-N910C.

I'm on Android Nougat with an encrypted phone. I added a new SD card but cannot find an option to encrypt it too. How do I go about encrypting the new SD card?

The "Encrypt external SD card" option doesn't show up under Settings -> Security on my LG Optimus F6, or my Huawei Y301-A2. A microSD card, FAT32 formatted and empty, is inserted and recognized correctly. The "encrypt device" option shows up, but the "Encrypt external SD card" does not. How do I get this option to show up? This is using Android 4.1.2

I used to use cyanogenmod 13 on my nexus 5, i had the encryption enabled and it would ask me for my passcode at boot and i could not access any data from anything until i did this. I've now updated to latest version of liniageOS and recently noticed i am not having to enter this passcode at all, and that while the UI in the setting says i am encrypted, this is false information as i can access any data on my device either from recovery or from adb via usb. I try to tap on the area where it says encrypted so i can re-encrypt it and it just does nothing. I have herd about the massive bug/back door google have caused relating to accessibility features, however under accessibility i have the accessibility services for lastpass and comodo etc turned OFF, the only option on this page enabled is screen auto-rotate. How can i encrypt my phone with this ROM, or can i not and i should ditch it ASAP and get a more security centric one? If so what would be recommended?

I want get a complete list including all apps (including system apps) that are running in Direct Boot Mode, therefore they necessarily store their data in the DE (Device Encrypted) area (as opposed to CE = Credential Encrypted Area). Background: As of Android 7, FBE (File-Based Encryption) was introduced as an alternative to FDE (Full-Disk Encryption). Sadly, in Android 10, FDE was removed and everyone is now forced to use FBE. * https://source.android.com/security/encryption/file-based * https://source.android.com/security/encryption/full-disk There are some apps that are considered "essential" and therefore they start-up on boot. As such, information leakage can happen if the phone is booted cold by an attacker. Such apps include: 1. Telephony-related apps 1. Alarm apps 1. Accessibility Services 1. Keyboard app to enter the passphrase 1. etc For a given device, I'd like to get a complete list of all apps that are currently permitted to run in Direct Boot Mode, and I'd like to remove them (Yes, I don't want my alarm to run in Direct Boot Mode. Yes, I don't want to be able to send or recieve calls/messages in Direct Boot Mode) How can I get a list of all of the apps that are set to start & run in Direct Boot Mode, and whose storage is then necessarily using DE instead of CE?

I just started using my brand new Samsung Galaxy A71 (Android version 10) by doing an initial setup, and it seems it does not support full disk encryption at all. On the contrary, on Samsung Galaxy A7 it was pretty easy to enable it. As it is impossible that in 2020 mobile devices without encryption being sold, I have done a google-fu, and, weirdly, there is no indication that anyone already searched for this feature. Where is this function hidden then?

I was under impression that all user files are encrypted by default in Android using FDE. It was to my surprise that I can just run, for example, OrangeFox recovery and when it asks me for a password to decrypt data partition, I can simply cancel entering it and then still view /sdcard directory. If I then open some text file (from that /sdcard) in a built-in (OrangeFox) text editor, it would show me all the text properly without any scrambling. The same would obviously apply to all other files such as photos, videos, and etc. Similarly if I enable MTP in OrangeFox, I can also view all of that via USB on PC. At the same time, when booted to Android ROM, in Settings and Encrypt phone, it says Encrypted. I would imagine that only after entering user password/pattern should it be possible to even mount that partition in OrangeFox. Viewing through USB again should only work if I'm either logged into Android ROM and unlocked the user or if through OrangeFox, when partition is unlocked and mounted. Do I miss something? How to ensure proper encryption on all of the user data?

About a month ago, the Moto G (3rd Gen) of my wife was not able to recognize the Transcend Premium 400x 32GB SD card (which was formatted as adoptable storage) anymore. On this card were very important pictures and movies for us (of our newborn baby). As of a certain Android version, the adoptable storage is also encrypted, and reading it on a PC or other phones is not possible without the encryption key. Since the phone was also not rooted, it was also not possible to get the encryption key from the /data/...something directory... (see https://nelenkov.blogspot.ch/2015/06/decrypting-android-m-adopted-storage.html) . So I almost gave up hope. I bought the exact same type of SD card, also 32GB, only about a year later. Hoping that I would be able to make an exact clone of the card and I would be able to start some experiments with it without the risk of destroying something on the original card and losing all the data. When I mounted the original card under Linux, it shows two partitions 17MB and about 31GB. Cloning the card with some Linux command-line tools didn't give me the same result. Is there any other way to fix this issue?