Why does my phone keep getting decrypted? - Nexus 6P Q&A, Help & Troubleshooting

I'm very confused by the behavior of my Nexus6p right now. I would like my phone to be fully encrypted, IE, you pick up the phone and can access absolutely none of my data without typing in a password. So I've clean flashed it several times, usually whenever a new update comes out. And each time I do this, the phone behaves how I want, when it boots, I get a password screen that says "enter a password to continue boot". It goes on this way for a day or so usually, and then suddenly this password screen stops showing up and I get the "you must enter a password after restarting" screen that clearly has already decrypted my data because I can see notifications and even play music through bluetooth without entering the password.
After each clean flash, I have been installing various mods. This time around, I have the things I've flashed down to TWRP 3.1.0, Magisk 12, and ElementalX 4.08. In the security settings, the phone still reads as encrypted, so I'm very confused. Is this normal behavior for this device, or is it one of the above things I have flashed? Either way, how do I fix this so that my data actually stays encrypted when the phone boots?

I have had similar issues to fix I formated everything and then installed the rom installed newest vendor image and then kept on eye on what I allowed special access to my phone
Keeper was wanting special access so I stopped using them and switched to last pass I have not lost decryption on phone boot
Also decided to pay for esexplorer pro to get ride of any possible infected ads

Your phone data is still encrypted, but your security settings are not optimized for what you want to accomplish. Make sure your Lockscreen has a password/PIN/Gesture set. There is the password on BOOT when encrypted, a password on Lockscreen when the screen is off, and In Settings>>Notifications>>Gear Icon>>"On the lock screen"- there are three settings. Default is set to "Show ALL notification content". Set it to NOT show notifications for now until you set which ones you want to show or hide. TWRP and EX are not causing your issue. Magisk might be but I don't use it. Uninstall just to be sure and/or check in the dedicated Magisk thread. This is on the stock 7.1.2 ROM. If you are running a custom ROM, YMMV.

So if I understand the issue correctly, you clean flash and you have the prompt to enter your credentials before booting finishes. Eventually you get set up and upon a reboot you notice that the prompt is gone?
Check your apps. You're using an app that requires an accessibility service (see Settings / Accessibility / Services). Granting an app accessibility service will do away with the boot entry of your pin/pattern/password. Set up your apps again and either don't use the app in question or just don't grant it the accessibility service for whatever feature requires it.
Known issue, btw. I forget why it happens, Google may turn up the results you're looking for.
Edit: Despite it not asking for that prompt on boot, your phone is still encrypted, by the way. This also has absolutely nothing to do with TWRP, EX, Magisk or how you choose to have your notifications hidden on lock screen.
2nd: Sadly, just revoking the service won't usually restore the prompt while booting. You'll need to clean flash again and not grant it in the first place.

That makes sense, I was looking in the wrong place. That's a really irritating design decision, there's no sense in having the encryption at all if you're just going to store the material necessary to decrypt the data in the clear.
For now, changing my password seems to have returned the encryption prompt while leaving the accessibility services working to the best of my observation.

It will probably go away again shortly​, most likely after the app uses the accessibility service. If it does, revoke the service and change your password again or clean flash. I don't believe there is a way to keep both 100% of the time.

Related

[Q] Question about Security on Rooted Phones

I love having my phone rooted. I am grateful to all the work by the devs on this board making my S5 run the way it should.
However, I try to keep my phone as secure as possible. I have my S5 set to use Fingerprint identification at login. I also have Google Location set up so I can locate my phone or wipe it remotely if it is lost or stolen.
However, with Safestrap, it is very easy for someone to get past the security. They can boot my phone, see the message for SafeStrap Recovery mode, push recovery and wipe my phone. Then they can then use any gmail account and reconfigure my phone for their own use. Of course, this disables me using Google Locate to find or wipe my sdcard.
Also, since SafeStrap does not support encryption, they can pop out my sdcard and read all of my data in any computer.
Is there a way to secure a rooted phone? Perhaps, SafeStrap could have an optional stealth mode that does not show on boot without a keypress combination? Maybe a third party encryption app that secures the sdcard?
Is there any way around these security issues (besides not rooting the phone)?

Lockscreen broken all passwords wrong

So i was using my device today, and wanted to make glowing-bear work with my certificate, which required me adding it to my device's trusted certificates. Well, when i tried to install it, i was prompted to enter the credential storage password, which i never remembered setting, and i couldn't log in. Searching online i saw there were some solutions that involved setting your screen lock to password, and then some other steps, well i set it password, searched some more and decided i need to turn the lockscreen to none, but when i tried to change it i was presented with a password dialog as expected, but it said the password was wrong, so i was locked out. I tried letting the phone lock and then typing in random passwords so i could get the forgot my password button but found all i got was a timer saying i needed to wait 30 seconds, so no dice. Searching online further i found i needed to remove/rename some files in /data/app which were not there, one of them being cm_gestures.key, but i renamed gestures.key just for kicks and I was still locked out. I decided maybe the forgot my password button was not appearing because of an xposed module, so i booted into xposed safemode, but still no dice. At this point my only way of getting in to the device is renaming keygaurd.apk, i went in and reactivated xposed and rebooted, but now all but the back soft key do not function, not even the hardware homekey(which i was unable to disable) works. I went ahead and loaded android device manager and gace that a shot to no avail, i got a black screen with a small lock to come up once but nothing else, it sends the request and says "since your device is verified as locked the temporary password you set will not be needed". I've tried looking in settings.db with no luck, and i cant find any other way to clear the password. i am rooted, on 4.4.2, running xtreme dynamic kat 1.0 and i'm using a g900a. I'll try just about anything at this point, i didn't realize trying to do such a simple task such as installing a certificate would cause so many issues.

Password on Bootup

Ever since I have unlocked my bootloader I have 2 things that bug me.
1. Whenever I restart my phone it asks for my password/pin/pattern everytime before it will start. It's not a huge deal except when I restart my phone and forget I have to do that part it sits a while waiting for the password.
2. The little "warning" screen that tells me my bootloader is unlocked. Just like the way the old Nexus's were with no warning, just the little white unlocked pad lock on the google screen.
It will ask for your password on restart even if your bootloader is locked.
That's standard behavior, It will prompt you for manual password entry on every restart. If you don't want it, then disable secure startup. The bootloader unlock warning is common as well.
When you set your pattern or password it asks you if you want it enabled before android boots.. If you don't want that then set it to none, then reset it to pattern and answer no when it asks the question if you want pattern/pin required before the system boots
Sent from my Nexus 6P using Tapatalk
You can disable it in Settings -> Security -> Screen Lock, and click Password, select "No thanks". Same with PIN or pattern lock.
The weird thing is that I selected 'No thanks' to pin on boot, and it is still there in the settings. But, should I reboot the device and use fingerprint to unlock it requires a pin.
graffixnyc said:
When you set your pattern or password it asks you if you want it enabled before android boots.. If you don't want that then set it to none, then reset it to pattern and answer no when it asks the question if you want pattern/pin required before the system boots
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
That must only work with an encrypted device?
I don't get the prompt or the setting.
tech_head said:
That must only work with an encrypted device?
I don't get the prompt or the setting.
Click to expand...
Click to collapse
Same here, rooted with mod boot image
I've tried all of the above and don't get the prompt or setting. I'm also modded, but this is driving me crazy. Is there no way to turn this setting off?
This setting is set when you're initially setting up the phone for sure - you have to manually choose "no thanks" on the page right before where you actually start tapping on the fingerprint sensor to set it up. I'm not certain about the encrypted vs. unencrypted piece, although I wouldn't think that would make a difference...
I did it once, and then reflashed my entire system and upgraded twice since then. I didn't have the option after that first time.
kboya said:
The weird thing is that I selected 'No thanks' to pin on boot, and it is still there in the settings. But, should I reboot the device and use fingerprint to unlock it requires a pin.
Click to expand...
Click to collapse
The exact same thing happened to me so it must be a bug
Pilz said:
The exact same thing happened to me so it must be a bug
Click to expand...
Click to collapse
Yep. Same here. I've tried everything and it still always asks me for my password on startup.
Really annoying since random reboots are an issue too.
Basically, if my phone reboots at during my sleep (which it has done a few times already) I don't have my alarm in the morning.
Same problem here. I selected 'No thanks' (don't ask for a password on reboot), but it still asks for a password after I use my fingerprint every time I reboot the phone. Changing from password to pattern and back and turning "ask for password" on/off didn't help.
Myrrhman said:
Yep. Same here. I've tried everything and it still always asks me for my password on startup.
Really annoying since random reboots are an issue too.
Basically, if my phone reboots at during my sleep (which it has done a few times already) I don't have my alarm in the morning.
Click to expand...
Click to collapse
gnadenlos said:
Same problem here. I selected 'No thanks' (don't ask for a password on reboot), but it still asks for a password after I use my fingerprint every time I reboot the phone. Changing from password to pattern and back and turning "ask for password" on/off didn't help.
Click to expand...
Click to collapse
It will always do this.
Unlock using your backup screen lock method
Sometimes you might need to use your backup PIN, pattern, or password:
*When your fingerprint isn't recognized after a few tries
*After restarting your device
*After switching to a different user on the device
*After more than 48 hours have passed since you last unlocked using your backup method
Click to expand...
Click to collapse
From "How to use your fingerprint" on Nexus Imprint Help page: https://support.google.com/nexus/answer/6285273?hl=en
Sent from my Nexus 5X using Tapatalk
SlimSnoopOS said:
It will always do this.
Click to expand...
Click to collapse
In that case, the option and dialogs to turn that behavior off are useless.
gnadenlos said:
In that case, the option and dialogs to turn that behavior off are useless.
Click to expand...
Click to collapse
I'm almost positive the "Password on boot" option y'all see blocks access to recovery as well. When enabled, I think it locks access to the phone on the recovery level with a password. With it off, you can fully access recovery. Could y'all try and see if that's what happens?
I don't see the "password on boot" setting in Chroma's security settings, idk if being decrypted affects this.
SlimSnoopOS said:
I'm almost positive the "Password on boot" option y'all see blocks access to recovery as well. When enabled, I think it locks access to the phone on the recovery level with a password. With it off, you can fully access recovery. Could y'all try and see if that's what happens?
I don't see the "password on boot" setting in Chroma's security settings, idk if being decrypted affects this.
Click to expand...
Click to collapse
Sorry, i'm not entirely sure what you mean.
I have TWRP installed and i do know when first booting into TWRP, you must enter the password. After that, you can normally boot into TWRP.
BTW: I've gotten rid of the random reboots it seems. I simply flashed the official firmware from the Google Developers site a few days ago. I've not had a random reboot since. Really happy about that.
Myrrhman said:
Sorry, i'm not entirely sure what you mean.
I have TWRP installed and i do know when first booting into TWRP, you must enter the password. After that, you can normally boot into TWRP.
BTW: I've gotten rid of the random reboots it seems. I simply flashed the official firmware from the Google Developers site a few days ago. I've not had a random reboot since. Really happy about that.
Click to expand...
Click to collapse
Does TWRP always prompt you for a password regardless of whether you have "Password on boot" on/off?
Editv Glad you resolved your random reboots! That's always a good feeling.
Sent from my Nexus 5X using Tapatalk
SlimSnoopOS said:
Does TWRP always prompt you for a password regardless of whether you have "Password on boot" on/off?
Editv Glad you resolved your random reboots! That's always a good feeling.
Sent from my Nexus 5X using Tapatalk
Click to expand...
Click to collapse
I tried (had to install the latest TWRP anyways) and no.
If you choose Password off at boot, TWRP won't prompt you.

Security Challenge locks up sometimes

Like, I don't know if I'm the only one experiencing this issue. Whenever I do something with the system, boot back up, first prompt telling me to enter my password to continue the boot, works. However, when I hit the system, enter the lock screen, it sometimes ask me for another password just in case. This second time I enter the password, wrong. I had made sure that my password was right, nope, still locked out. I had to use "No Lock for Home 2" Xposed module to somehow get pass this freaking lock screen. Am I the only one experiencing this issue or did I do something wrong?
I have tried almost everything,
1) Try to set a new password via Android Device Manager (LOCKED STILL)
2) Going to Security -> Password -> Typing the password all over (LOCKED STILL)
3) Going to Security -> Switching lock type to none -> Setting password again (LOCKED STILL)
4) Going to Security -> Switching to PIN (FINALLY WORKED)
What's bizarre is that under the Security settings my password apparently works, just not on the lock screen.
I would honestly prefer password over PIN and this is driving me insane. Is there a way to wipe the security settings in TWRP safely? Last time I tried deleting gatekeeper.password.key under /data/system in TWRP File Manager, it worked but FC whenever I try to set a new password.
Try clearing credentials under security
galaxy s4 nutjob said:
Try clearing credentials under security
Click to expand...
Click to collapse
Nope, still the same.

Forgot screen pattern on Moto X Style/Pure, but Smart Lock lets me in.

Hello all,
So in an absent minded spell I changed my screen pattern to a complicated one just to be more 'safe'. It hit me when i tried to unlock the phone seconds later that I had already forgotten the patter. . I know it is very stupid to **** around like that.
But silver lining is when the phone is paired with my Bluetooth headset the phone unlocks itself and I am able to go inside. This is due to Smart Lock feature which assumes my phone is safe when paired with Bluetooth headset.
But the main thing is I am not able to change the pattern itself as it asks for older pattern. I have read a lot of posts on how the pattern can be disabled by deleting gesture.key. It turns out getting super user permission to do that is very complicated. I have failed to change or disable the pattern so far.
Guys help!
kajang said:
Hello all,
So in an absent minded spell I changed my screen pattern to a complicated one just to be more 'safe'. It hit me when i tried to unlock the phone seconds later that I had already forgotten the patter. . I know it is very stupid to **** around like that.
But silver lining is when the phone is paired with my Bluetooth headset the phone unlocks itself and I am able to go inside. This is due to Smart Lock feature which assumes my phone is safe when paired with Bluetooth headset.
But the main thing is I am not able to change the pattern itself as it asks for older pattern. I have read a lot of posts on how the pattern can be disabled by deleting gesture.key. It turns out getting super user permission to do that is very complicated. I have failed to change or disable the pattern so far.
Guys help!
Click to expand...
Click to collapse
Its the only way to do it, the other way is to do a backup and then factory reset
PS: What made it difficult for you?
if you have a custom recovery, it is easy to pick up any zip file that is, for example, a mod, decompresses and only removes the metainfo file and create a zip that file and flashing, ready will restart without lock pattern without losing anything
Deleting gesture.key
ExCuTioN said:
Its the only way to do it, the other way is to do a backup and then factory reset
PS: What made it difficult for you?
Click to expand...
Click to collapse
Hi
I am able to go to adb shell and execute some commands. But not commands like delete which require Super user permissions. I am having hard time getting that. I am not well versed with command line.
Customer recovery
browcantor said:
if you have a custom recovery, it is easy to pick up any zip file that is, for example, a mod, decompresses and only removes the metainfo file and create a zip that file and flashing, ready will restart without lock pattern without losing anything
Click to expand...
Click to collapse
I have tried installing Twrp recovery, but it gives an error while installing. I am forgetting the exact error. I could not follow rest of what you are saying. I am relatively inexperienced. What is metainfo? Are talking about flashing new ROM?
I strongly suggest that you factory reset your device. It'll be simpler for you that don't have all the knowledge to do other way. Beside, doing so demands a rooted device. Also beside, with the Google account sync it's very easy to setup the device again.
https://drive.google.com/file/d/0B7C0PrsBvY69NU9JM0hJeEdQd2c/view?usp=drivesdk
Flashing

Categories

Resources