Hi, I just installed latest iode on a Samsung Galaxy A5 phone.
After some days playing with the phone I saw, that the device was not encrypted (LOS does this by default) - so I decided to activate encryption. Result: I cannot unlock the phone with my PIN any more. When booting there is a PIN entry and I give the PIN. Then the UI appears and the device is locked - I enter the PIN again - but it loops again and asks for the PIN. I reinstalled the phone - activate encryption and get the same odd behaviour. I am missing something?
Kind regards
Wolfgang
Hello @Pingus,
with a completely fresh reinstall of iode-2.6-20220726-a5y17lte with ode-2.6-20220726-a5y17lte-recovery I tried to recreate your situation - but without getting the same result. BTW: It is in my mind that iodé leaves it up to me as a user to decide whether I want encryption or not.
After setting up iodéOS without PIN etc., encryption is disabled by default. The subsequent encryption only happens when the A520F is connected to the charger and only takes a few seconds (but not hours). Restarting the system is done without any request for a PIN. Now the system is encrypted and I can additionally set a display lock via PIN, password, pattern, etc…
1 Like
I confirm that there is an issue when:
- encrypting the phone after defining a PIN code
- and/or allowing Secure Boot (the PIN is asked at system startup, before arriving to lockscreen)
So, to successfully enabling encryption on A5:
- unset PIN code before encrypting
- do not enable Secure Boot
1 Like
Hi @iodysseus,
I followed your suggestion and avoid the Secure Boot Option during setup. Honestly I didn’t think about and just click ok since it was the default (?).
Another problem I had: I was still using a 2.1 recovery with a 2.6 iode-ROM …
What is still strange: Encryption is not enabled by default, in my Lineage phone(s) it is.
Thank you for your effort!
I am happy with my Samsung A5 now and will follow your news channel and keep my phone as long it is supported and the hardware is alive.
I will also recommend iode to other people - more and more are asking me for No-Google & No-Apple communication devices …
Hi @Pingus, Strange? Why? We use an iodéOS 2.6 which is based on the source code of the Lineage Android Distribution. The code is modified by iodé. Whether the system should be encrypted or not is decided by the user.
Hi @iodysseus,
I was not aware that iodé modified the code here. Since LOS uses encryption by default I was simply astonished. Generally I think that mobile devices should be encrypted by default. Why leaving this decision to the user? At least the user should be asked during the setup process. Otherwise a significant percentage of iodé devices are not encrypted.
Just my opinion …
On the one hand, LineageOS is not the be-all and end-all. On the other hand, encryption requires computational work. Less powerful devices become significantly slower due to encryption, especially older devices.
The A5 2017 was originally shipped with Android 6.0.1 (Marshmallow), and most recently with Android 8.0 (Oreo). iodéOS works on the basis of LOS 18.1, which is AOSP 11. That takes its toll.
I see the option to select active encryption or not as a clear advantage. I do not store any of my secrets on a smartphone - encryption is therefore not mandatory. A smoothly running iodéOS on my five-and-a-half year old A520F is personally more important to me.
Better performance of a 5 year old device is a good argument.
But how do you manage not to “store any of [your] secrets” on a smartphone?
Access to messengers and email accounts is a secret, isn’t it?
Tell me if I am wrong: Encryption makes a difference here?
By not storing important data on it.
Using messengers, for example, like [ Threema ] with [ Threema Libre ] and email client [ pEp ], whose data transfer is encrypted, has nothing to do with the A520F’s integrated basic storage encryption, which allows you to encrypt the entire A5 2017 including its data on it.
So you mean that if somebody steals my phone (without encryption) then he cannot steal my identity (assuming that he has the technical knowledge)?
Passwords are saved as hashes - but what about the messengers?
Actually I have no idea how they do the authentification, maybe with certificates?