Check if Android filesystem is encrypted
Solution 1
If your app is registered as a device admin, you can call getStorageEncryptionStatus()
on DevicePolicyManager
to find out the encryption status of the device, for API Level 11 and higher.
For any whole-device encryption on lower API levels, please contact the device manufacturer.
Solution 2
Just to clarify CommonsWare's answer, you can read the device encryption status without any Android permissions.
/**
* Returns the encryption status of the device. Prior to Honeycomb, whole device encryption was
* not supported by Android, and this method returns ENCRYPTION_STATUS_UNSUPPORTED.
*
* @return One of the following constants from DevicePolicyManager:
* ENCRYPTION_STATUS_UNSUPPORTED, ENCRYPTION_STATUS_INACTIVE,
* ENCRYPTION_STATUS_ACTIVATING, ENCRYPTION_STATUS_ACTIVE,
* ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY, ENCRYPTION_STATUS_ACTIVE_PER_USER.
*/
@TargetApi(11)
private static int getDeviceEncryptionStatus(Context context)
{
int status = DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
if (Build.VERSION.SDK_INT >= 11) {
final DevicePolicyManager dpm =
(DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
if (dpm != null) {
status = dpm.getStorageEncryptionStatus();
}
}
return status;
}
See the documentation for DevicePolicyManager and the encryption status flags.
It's also worth mentioning that Android has moved from full-disk encryption to file-based encryption to support Direct Boot, among other things. See File Based Encryption.
Solution 3
to clarify previous answers
on API < 23 getStorageEncryptionStatus()
returns ENCRYPTION_STATUS_INACTIVE
when device is encrypted but passcode was't enabled.
On API >= 23 it returns ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY
in this case.
Related videos on Youtube
Yuriy
Updated on September 15, 2022Comments
-
Yuriy over 1 year
We are developing secure application for Android. It's required for users to keep filesystems of their devices encrypted, but we have to check this fact and forbid to use app. Is it possible to check if filesystem is encrypted? Also there are some devices with Android < 3.0 that supports encryption, for example Motorola RAZR. It would be interesting to know about encryption on such devices.
-
Patrick Brennan about 9 yearsThis code does not appear to work on my 2013 model Nexus 7. In this case, it appears as though even when I have taken steps to encrypt the device, dpm.getStorageEncryptionStatus() returns ENCRYPTION_STATUS_INACTIVE.
-
Artem Russakovskii about 9 yearsAny way to figure out if the encryption is software or hardware based? At least in Android 5.1.
-
CommonsWare about 9 years@ArtemRussakovskii: Beats me, sorry.
-
alfongj about 9 years@ArtemRussakovskii check this developer.android.com/reference/android/security/…
-
David over 7 yearsENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY is not being returned on Samsung devices, e.g. S7 with Android 6 if the PIN for starting the device is not defined.