Locking down your Android is easier than you think.

Since October 2015 with the launch of Android Marshmallow on the Nexus 6P and Nexus 5X, encryption is now enabled by default on Android. It's also not a simple matter to turn it off — it requires unofficial software and a custom kernel — so there's really nothing you need to do. The instructions below are for phones running Android Lollipop, which are a large portion of the install base. We've kept them available in case you need them.

We've talked a bit about encryption recently, specifically Android's full disk encryption setting. You can read a bit about what encryption on Android is and how it works here, and you can have a look here to see why you may or may not want to use it and how it affects you. Right now, let's have a look at how to enable it if you decide you need (or want) it.

Every version of Android since Android 3.0 Honeycomb has full disk encryption (from here on we're calling it FDE) available as an option, but this guide is based on Lollipop as shipped by Google on Nexus devices. Most settings and information will be the same no matter what version you're running, but there may be small differences in the way thing look. If you have any doubts or questions, hit the forums and get straight before you tap any buttons.

Set a password on your Android


You can turn on encryption without using any screen security, but the way things work mean you need to protect your phone with a lock screen password to get the most out of it. In this case, it can be a regular password, a PIN or a pattern lock. The system will use this passphrase to unlock the phone and decrypt the data on the disk.

Remember this password. If you forget, you'll need a full and complete factory wipe of all user data to get back into your system. Think of this as your master key — keep it private and don't use the same password you would use anywhere else.

Charge things up, and begin the encryption process

Encryption settings

Open the settings on your Android and under "Security" you'll find an option for encryption. When you tap on the setting, you'll see a screen similar to the above.

The encryption process can take an hour or more, and is a pretty power-draining process. You'll need to start off with a device that's fully charged, and keep it plugged in until it's finished. When everything is done, your phone will reboot and you'll be required to enter your passphrase to get things started. While trusted agents like Google smart lock or other apps that can change lock screen security settings will still function as intended, every time your phone boots up you'll be asked to enter your password during the boot process.

There's a bit of discussion to be had about performance and encryption (the latter affects the former), but at this point, you're done. Your phone is locked up nice and tight, and without your master password, the chances of someone else accessing your data without your permission or knowledge is pretty slim.

Not everyone will want or need to encrypt their entire phone, but knowing the option is available — and how to do it — is what's important.