1page.title=Encryption 2@jd:body 3 4<!-- 5 Copyright 2014 The Android Open Source Project 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18--> 19 20<div id="qv-wrapper"> 21 <div id="qv"> 22 <h2>In this document</h2> 23 <ol id="auto-toc"> 24 </ol> 25 </div> 26</div> 27 28<p> 29Encryption is the process of encoding all user data on an Android device using 30symmetric encryption keys. Once a device is encrypted, all user-created data is 31automatically encrypted before committing it to disk and all reads automatically 32decrypt data before returning it to the calling process. Encryption ensures that 33even if an unauthorized party tries to access the data, they won’t be able to 34read it. 35</p> 36<p> 37Android has two methods for device encryption: full-disk encryption and 38file-based encryption. 39</p> 40<h2 id=full-disk>Full-disk encryption</h2> 41<p> 42Android 5.0 and above supports <a href="full-disk.html">full-disk encryption</a>. 43Full-disk encryption uses a single key—protected with the user’s device password—to 44protect the whole of a device’s userdata partition. Upon boot, the user must 45provide their credentials before any part of the disk is accessible. 46</p> 47<p> 48While this is great for security, it means that most of the core functionality 49of the phone in not immediately available when users reboot their device. 50Because access to their data is protected behind their single user credential, 51features like alarms could not operate, accessibility services were unavailable, 52and phones could not receive calls. 53</p> 54<h2 id=file-based>File-based encryption</h2> 55<p> 56Android 7.0 and above supports <a href="file-based.html">file-based encryption</a>. 57File-based encryption 58allows different files to be encrypted with different keys that can be unlocked 59independently. Devices that support file-based encryption can also support a new 60feature called <a 61href="https://developer.android.com/preview/features/direct-boot.html">Direct 62Boot</a> that allows encrypted devices to boot straight to the lock screen, thus 63enabling quick access to important device features like accessibility services 64and alarms. 65</p> 66<p> 67With the introduction of file-based encryption and new APIs to make 68applications aware of encryption, it is possible for these apps to operate 69within a limited context. This can happen before users have provided their 70credentials while still protecting private user information. 71</p> 72