Encrypted device doesn't ask for credential on boot anymore on Android 11



  • I use Android 11 (LineageOS) and recently noticed, that my phone stopped asking me for a decryption password when booting up, so I tried verifying that my data is still actually encrypted. Settings say so, but after removing all my passwords, pins, fingerprints, etc, the phone asks for no password and just boots straight up. I suspect the encryption password got reset to the "default_password" when updating some time in the past.

    Now how can I actually change the encryption key to something else than the standard password (which grants ZERO security at all)? The vdc cryptfs interface does not work like it used to (changepw, verifypw, etc, all don't work), as you can also see on the official Google sources ( https://android.googlesource.com/platform/system/vold/+/master/vdc.cpp ).

    Any encryption experts here? My data is holy to me and I want it actually encrypted...



  • I found the answer in the comments to my question: Appearently, you don't have to put in an "encryption password" when booting up anymore. It was required with FDE (Full Device Encryption), but is not with FBE (File-Based Encryption). I installed a custom recovery and tried to decrypt my data and drum-roll: it works! I can only decrypt data when using my current android-lockscreen password. Thanks a lot!




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2