Hi Tony, Yes, its possible now (and without rooting the device)
The Nexus 5X (that I'm using now) and other devices that support a fingerprint reader require input of a secret (PIN, pattern, or password) at boot to decrypt the device, but then use the fingerprint to unlock. It's an amazing improvement in user experience. SmartLock (available on Lollipop and above) also provides expedited unlocking if the device is (for example) near a trusted+paired Bluetooth device or at a trusted location. Adrian On Fri, Nov 13, 2015, 6:06 AM Tim W <timwel...@gmail.com> wrote: > > > On Thursday, October 8, 2015 at 9:31:35 AM UTC-4, Tony Fang wrote: > >> So I notice that on Android, if you enable full-disk encryption, you >> don't have any options but to use a long password. This makes it very >> inconvenient if you are in need to unlock the phone right away. >> >> If I know correctly, Apple also uses full-disk encryption on iOS, but you >> only have to enter the pass code once (when the device first starts) and >> you can unlock the iPhone after that using your fingerprints. >> > >> Is it possible right now to do the same on Android devices? >> > > > What you need to do is use ADB from your PC to set the actually encryption > password. > > Here are the steps. I am assuming either V 5 or V 6 but there is a slight > change I will note between them. > > 1: Do a full backup in case you screw up the password somehow. Trust me > it happens. There is no getting it back if you can not get past the > password. You must go into recovery and do a full wipe/factory default > > 2: Turn on screen lock pin and encryption. Set it with a key pad pin. > Make sure the pin is what you want to really use for the keypin lock > because later changing it will change the encryption password as well and > you then need to reset a individual encrypt password via these directions > again. > > 3: Turn on debugging option in developer options. > > 4: For the debugging options set them to Allow Root access to apps and ADB > > 5: Connect android device to your PC > > 6: Start terminal and enter: adb shell ( if you do not know how to do > this google instructions) > > 7: Enter: su > > 8: pick a nice long secure password for power on boot. > > 9: If this is Android version 5.xx you will need to first convert the > password to hexadecimal. Just use one of the online tools. If this is > Android 6.xx then you can simply enter the password as its normal ascii > characters. > > 10: Enter the following commmand in the terminal: vdc cryptfs changepw > password youractualpasswordhere > where the youracutalpasswordhere is where you put your new boot encrypt > password be it the hex version if you are using 5.xx or the exact password > if its 6.xx That word password after changepw is part of the command you > much type the actual word "password" This is a mistake many people seem > to make and then can figure out why it fails. Your real password is > entered just after that. > > 11: If it has been successful you should see an output of 200 0 0 after > a few seconds ( up to maybe 5-10sec) Sometimes you may just get a prompt > which typically is Ok but if you get anything other then 200 0 0 such as > a 1 in place of either of the last 2 0's then there was an error. Example: > 200 0 1 = FAIL > > 12: log out of adb and reboot your phone. At the password prompt enter > the acsii character password (not the hex version if using 5.xx) It > should boot to the lock screen. There enter your keypad pin. You should > be gtg. > > I would double check the hex conversion of the password if you use a > number of special characters with a few conversion tools to make sure they > all agree. I had one that gave me a bad conversion and I had to wipe my > phone. No big deal as I had nothing on it and had backups but so many > think they do not need bkup and then b1tch and whine when they lose stuff > they act like is so important. If it is then why are they too lazy to make > a backup. It one of the reasons so many security setups are purposely > made with backdoors to reset peoples password. Thus decreasing over all > security. Stupid stupid stupid. > > You can set a text password for screen lock instead of a keypad pin but I > have only personally used the keypad pin for my screen unlock. Up to you. > Also if you are wanting better security set the option to scramble the > keypad layout. Each time you bring it up the keypad number layout will > change. This prevents someone working out the pin numbers or password via > finger smudges. > > BTW unless they have updated them none of the older kitkat encrypt > password changers that use to automate what the steps above do not work on > 5.xx-6.xx as the commands are not the same. Just an FYI in case you think > you found a short cut. Make good and sure it shows that it works with the > version of android you are using. Look for a comment stating it working or > better yet a lot of comments. > > Good luck. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to android-security-discuss+unsubscr...@googlegroups.com. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- Adrian Ludwig Android Security alud...@google.com -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
