Skip to main content

Reading is great. Tracking makes it stick. Sign up for a free Dashboard to tick off tasks and see your Security Score.

Get my free Dashboard →
CE: Secure Configuration

Android device encryption

Device encryption scrambles all the data stored on your phone so that it cannot be read without the correct PIN or password. Modern Android phones are encrypted by default, but it is worth understanding what this means and what it protects you against.

Close-up of a smartphone displaying a padlock indicating device encryption

What encryption does

When your phone is encrypted, all data stored in its memory (apps, messages, photos, documents) is mathematically scrambled. Without your PIN, password, or biometric to unlock it, the data is unreadable, even if someone removes the storage chip or connects the phone to a computer.

  • Encryption protects your data if your phone is lost or stolen
  • It does not protect data you share over the internet: that is handled separately by HTTPS and VPNs
  • Encryption is only effective combined with a strong screen lock PIN or password

Is your Android already encrypted?

All Android phones running Android 6.0 (Marshmallow) and later are encrypted by default. If you have a modern phone and have set a PIN or password, your data is almost certainly encrypted. To confirm:

  • Go to Settings > Security > Encryption and credentials (name varies by manufacturer)
  • Look for "Encryption" or "Encrypted" status
  • On Samsung devices: Settings > Biometrics and security > Encrypt phone
  • If your phone shows "Not encrypted", see the next section

Enabling encryption on older devices

If you are running an older Android device (Android 5.x or earlier) that is not encrypted by default:

  • Go to Settings > Security > Encrypt phone (or similar)
  • Charge your phone to at least 80% battery before starting: encryption can take one to two hours
  • You must set a PIN or password first: encryption is tied to your screen lock
  • Do not interrupt the process: it can make the phone unusable if interrupted

Encryption and your screen lock

Your encryption is only as strong as your screen lock. A four-digit PIN can be brute-forced; a strong password cannot:

  • Use a six-digit PIN as a minimum; a longer PIN or password provides significantly stronger protection
  • Biometrics (fingerprint, face) are convenient but your PIN/password is the encryption key: keep it strong
  • Do not use obvious PINs: your birthday, 1234, or phone number can be guessed
  • If someone demands your PIN under duress, Android has an Emergency SOS feature: hold the power button for rapid presses

Track your Android security progress. Free.

Create a free account to tick off tasks, see your Security Score improve, and know exactly what you've done and what's still to do.

Start your free security check
← Back to Android Security Hub