Why can I view files from "Internal Storage" WITHOUT entering password either in OrangeFox recovery or via USB cable on PC?
carriann last edited by
I was under impression that all user files are encrypted by default in Android using FDE. It was to my surprise that I can just run, for example, OrangeFox recovery and when it asks me for a password to decrypt
datapartition, I can simply cancel entering it and then still view
/sdcarddirectory. If I then open some text file (from that
/sdcard) in a built-in (OrangeFox) text editor, it would show me all the text properly without any scrambling. The same would obviously apply to all other files such as photos, videos, and etc. Similarly if I enable MTP in OrangeFox, I can also view all of that via USB on PC. At the same time, when booted to Android ROM, in
Encrypt phone, it says
I would imagine that only after entering user password/pattern should it be possible to even mount that partition in OrangeFox. Viewing through USB again should only work if I'm either logged into Android ROM and unlocked the user or if through OrangeFox, when partition is unlocked and mounted.
Do I miss something? How to ensure proper encryption on all of the user data?
inna last edited by
The newly flashed ROM was
xiaomi.eu12.0.4. I then tried various modifications of it, but all of them expose the same issue over and over again. After I flashed Lineage OS, the behavior was as expected: no way to see any files on "Internal Storage" (
/data/media/0). In fact, as I expected in my original post, even though
/sdcardis viewable in OrangeFox, the only directory there is
Fox, where it puts recovery logs and other volatile data, but there are no files from user even visible whatsoever. Accordingly the "Data" partition is not even treated as mounted, and going to "Mount" option reveals that the checkbox of it is unchecked and one cannot even check it until one explicitly decrypts it. Interestingly, I would have expected such mount-related behavior only with FDE, but I can confirm that this installation has FBE. So this looks good now, but it's a pity that latest MIUI ROMs are that broken, what a mess...