Why you might want to encrypt the SD card on your Galaxy S7

Everyone is happy that Samsung has brought expandable storage back to the Galaxy S7 series. Things aren't perfect — plenty still prefer how SD cards worked with KitKat on their Galaxy phones — but for the average user who just wants to store music, movies, photos and other documents on their removable card, it's a workable solution. It's also something that Google and Samsung will continue to work on, keeping things secure and consistent while still being expandable.

Something a lot of people don't think about, though, is encrypting the removable storage on their Galaxy S7. Encryption is all over the tech news because of recent events between the FBI and Apple, and we can take a few minutes and make sure everyone knows what options are available and how things work when it comes to protecting the data on your SD card.

What exactly is encryption?

SD card encryption

Encryption is a means of taking data and wrapping it up in a layer that can't be opened without the proper credentials. There are plenty of ways it can be done, and it's one of those things that has experts working on improving every day. There are also other experts working every day to try and break it.

Encryption is all about making it prohibitively time consuming to access your data.

In simple terms, when you lock something with an encryption method, the only way to access it is with the key. Any encryption can be broken by someone with the right tools, the right knowledge and a lot of time and processing power. The goal is to make an encryption method strong enough so that it's not practical to try and break it. When it takes the bad guys 10 years on the most powerful computer to get through, you've taken away any incentive to brute-force a way in.

That's why how you apply and use the keys to get in is important. There's no sense making the encryption strong enough to deter an attack when you make it easy to get to the keys. On Android, the key isn't your device password, but your device password grants access to the method to get the key.

Using hardware inside your phone, a 128-bit key is created and stored and the only way anything has access to this key is when it's granted by the system. You give this access when you install (trust) an application then sign in or unlock your phone with a password. You can read all the technical documentation in the Android developer documentation, and Tamoghna Chowdhury gives an excellent breakdown at Stack Exchange for further explanation.

Why should (or shouldn't) I encrypt my SD card?

Encrypted SD card

This is easy to answer. If you don't want someone who isn't you, but has access to your phone, to be able to pull the SD card and put it in another computer to see what's on it, you need to encrypt it. Head into your GS7's settings and find the Lock screen and security menu to do it.

Outside of the phone you originally used to encrypt your card, your only option to ever reuse the card is to erase it and start fresh.

But encrypting an SD card also has a drawback — you can't ever read the contents in another device. That means if you break your phone while the SD card was encrypted, everything on it is gone. Because of the way encryption works, even using the same password on a different phone of the same model doesn't give you access — the actual key is that random number stored in the TEE (Trusted Execution Environment) in the phone.

Outside of the phone you originally used to encrypt your card, your only option to ever use the card again is to erase it and start fresh. If you're storing things like confidential business documents on your SD card, this is a good thing. If you're using the card to keep memories from your camera, this isn't such a good thing. You'll need to decide if what you store on the card is important enough to lose forever if it falls out of your hands, or important enough that you don't want to lose it when or if your phone breaks.

My solution? I only store photos and a few (very few) videos on my SD card. I just grabbed an old slow one I had lying around until a great 200GB card goes back on sale. I do encrypt the SD card in my T-Mobile Galaxy S7 edge. But (and this is important) I also make a practice of backing up anything I can't replace, like photos or videos of family and friends, online or locally on my computer. I do both — Google Photos for pictures and YouTube for videos, as well as periodically backing up everything at full resolution and quality on my own physical network storage. I'm not keeping anything really confidential on my SD card, but I still don't want someone rifling through pictures of my wife or my grandkids. Call me old fashioned.

You'll need to think and decide for yourself whether or not to encrypt your SD card. There is no wrong answer.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

58 Comments
  • Screw that encryption method i'll take my chances. Beside i'm extremely careful with my phone,no one ever uses it beside the wife and she is not nosy. Also I have never lost a phone in my life i'm very careful. I prefer full access to my sd card on any device,pc,or mac.
  • You do you man, but this: "Also I have never lost a phone in my life i'm very careful." is awful reasoning. "I have a 100% success rate driving drunk so I will continue to drive drunk."
  • Dude one has nothing to do with the other. That's a drastic metaphor. He's allowed to use his device however he wants and there's nothing illegal or life endangering about not encrypting your SD card. Posted via the Android Central App and my Galaxy S7
  • No one said he can't use the device how he likes. The metaphor is accurate though. They both use the same rationalization, one (drunk driving) is significantly more extreme, but both use the "small chances because it's never happened before" 'logic'. Posted via the Android Central App
  • More extreme? Understatement of the year. Posted via the Android Central App (Motorola Nexus 6 - US Cellular)
  • Jerry does it slow down saving pics? I been on the fence of encryption on the SD Card. But I tend to switch phones a lot. But I always back up everything to One Drive also. Posted via the Android Central App
  • Not going to notice a difference there. Pictures are so small in the grand scheme of things.
  • What about apps? Posted via the Android Central App
  • I was wondering the same thing. I'm not familiar with the encryption process - what impact (if any) does encryption have on saving documents (in this case images and videos) to the SD card? This would be of bigger concern when recording 4k video, or while rapidly shooting multiple full-def images with both RAW and JPG. Can the system keep up with encrypting those files, or is there a risk of frame loss? If the impact is minimal, I'm guessing any impact could be mitigated by splurging on a faster card like one rated U3 - so any time lost in encrypting could be made up in the file save times? Or am I over-thinking this?
  • I've not noticed any measurable slow down. I'm also not shooting 4K video because my SD card isn't fast enough. Having said that, the extra step of on-the-fly encryption has to take at least a few CPU cycles. I'd say give it a try, and if it impacts performance, you can easily decrypt from the settings. If you do, be sure to report back!
  • Thanks Posted via the Android Central App
  • Your coverage on this phone & the Edge has been excellent. Thanks for the info. Any way someone w/a Samsung connection could request S Health themes. I'd be all over it if it made me look like a video game character that levels up. Posted via the Android Central App
  • When I switch phones, I typically use the same SD card from my old phone. Encrypting my card would add an extra step to the transfer process as I have to backup and restore the contents of the SD card, and given that I currently store Smart Switch content data on the SD card for my upcoming shiny Note 6, I don't think I'll be encrypting it anytime soon. Doesn't mean I won't do it. Will probably do so once the Note 6 launches and arrives at my doorstep. Just not right now.
  • You can simply head into the phone settings and decrypt the SD card before you move it to a new phone. But I'd also be cautious about moving an SD card over to a new phone ... particularly if you store more than just media on there. It's good to clear out the card now and then.
  • Just don't store important stuff on your SD card, be smart. Posted from my Nexus 6/Nexus 7 2013/Surface Pro 3
  • It's just media files. Mainly photos, which have been backed up to Google Photos. I should probably follow Andrew's advice and clear out the card before using it with the Note 6. Just hope that my Smart Switch data stays intact.
  • Yea you should be good with smart switch because that's exactly what I did. Had a SD card in my note 4 with photos and videos on it. Since all that stuff was stored in one drive I just cleared the SD card and now use it in my s7 and smart switch transfered everything perfectly, before I even threw in the SD card
  • That's what I kinda meant by the extra step. Backing up, decrypt on old device, restore, encrypt on new device. Anyway, I'll do it once the Note 6 gets here when it is launched. My G4 is on its last legs and my biggest fear is the phone dying out before I could decrypt the card.
  • Real excited for that Note 6, huh? I see you mentioning it in all of your comments, lol. Posted via S7 edge
  • Yeah, I'm hyped for it. Probably going to be pre-ordering it for the first-time.
  • This is a poor encryption model. At least with Windows EFS, if my PC dies, my credentials can decrypt the drive in my new one.
  • I was thinking the same thing and wondering why they chose this method. I'd prefer my card be encrypted but I don't want it tied to this specific device. Posted via the Android Central App
  • I don't think this is the best solution unless the card is dedicated to secure document storage on a specific device. For most of us I believe we need something like EDS (https://play.google.com/store/apps/details?id=com.sovworks.eds.android) that uses keys independent of the device, similar to apps like VeraCrypt. Unfortunately, to setup a mountable container that that would provide file encryption/decryption on the fly requires root and kernel support, which also is not practical. So at the present time I don't think there is a practical solution, but if you need a just a few files encrypted something like EDS would be a reasonable balance between security and ease of use. For me, encrypting my S7 (if I had one) wouldn't be worth the risk of losing it if the phone happened to die. ...Joe K.. ...Joe K.
  • "Things aren't perfect — plenty still prefer how SD cards worked with Kit Kat on their Galaxy phones" wait... what? Kit kat was the first version that messed the SD card up! That's when the pitchforks came out and the rioting started! I don't know of anyone that PREFERS their SD card to work with only a handfull of apps on their phone like on kit kat!
  • That's kind of what I thought when I read that Posted from my Nexus 6/Nexus 7 2013/Surface Pro 3
  • I believe he meant meant that model of security. They didn't 'mess up' the SD card. They changed it as so an app only had access to its own home directory on the SD card much like it is on the phone itself or on any Linux/UNIX based computer. It was just different and really only a significant issue for those of us who used third party file managers. If the phone had its own file manager it wasn't a huge deal. Posted via the Android Central App
  • The phones native file manager is atrocious compared to third party file managers. "Be together, not the same, unless you have an SD card, in which case we are going to dictate how and where and when you can use it. It's for your own good ya know, cuz we are banking on your stupidity to not have good judgment when it comes to downloading sketchy apps. Because of the few, all are punished"
  • It has more to do with business security concerns. Part of the reason Apple is growing in Enterprise is that all of the apps are siloed and there is no expandable storage for those security concerns. Google's Adoptable Storage is on the right track but it is going to be a mess until everyone gets used to not pulling SD cards and OEMs get used to designing phones where the SD card is not in the same place as the SIM. Posted via the Android Central App
  • First off don't do anything shady on your daily driver and don't do anything shady on your main Gmail account. Keep your main account clean that way if you get investigated you look clean. It's not what you know it's what you can prove. Be Together Not The Same
  • An SD card is typically for media. On a phone I doubt many people have sensitive information saved to an sd card. It's nice the option is there for those who want it but at least it is an option and not forced on us the way device encryption is forced on us.
  • My thoughts exactly Posted via the Android Central App
  • hmmm and MobileGuru, turn your internet drivers licenses in to the library. You aren't allowed to be this reasonable in an internet comment section.
  • Anyone know if there are any ill affects of encrypting for those of us that have used the workaround to convert the card to adoptable type storage? luvin my s7 edge
  • I must lead a boring life. What the hell do you guys have on your card? Posted via Nexus 6 running on any data plan I want
  • Could be something as simple as photos of your family you don't want strangers to have access to. Posted via the Android Central App
  • Recipes for Heinz ketchup and Coca-Cola. Posted via S7 edge
  • Anime. 60+GBs worth of them
  • I have a 64GB SD card in my S7 and I am definitely using encryption. I have all my photos and music files on the SD card. Those are all files I loaded on to the SD card from my computer, so they are already backed up. If someone steals my phone I want to make sure they get nothing but an unusable paper weight.
  • Encryption, making McDonald's employees everywhere feel like corporate big wigs. Posted via the Android Central App
  • Encryption + backups seems like the way to go. I would not just have the data on the card only on the encrypted card. I would have a backup on a hard drive and maybe even a DVD and cloud backup also just to be safe.
  • Citing the San Bernardino bomber case for this? Really? Since I'm not going to shoot up my coworkers I don't think I need to worry about encryption.
  • The San Bernardino case is what got "regular" people talking about encryption. Which is how I used the example. I think that's valid. And you don't have to be involved with something criminal to value your privacy. I don't know you. If you find my phone, I certainly don't want you to dig through pictures of my family, or my expense reports, or anything else that's mine. You can do things however you please, and I won't judge you for it. What I don't understand is why people feel the need to judge others who do value their privacy. It's not hurting you. You aren't even a tiny factor in any of it.
  • It's refreshing to read comments like this. Very good.
  • I tend to backup my phone data to my network, and various cloud sources. It has been awhile since I had a memory card in my phone (okay last year when I upgraded from my S4 to an S6). I have had to exchange my phone in the past, so removing the sd card and putting *** in the replacement device has been effortless. So if a person chooses to encrypt all the need to do in decrypt, insert in new device and encrypt. Doesn't seem too hard.
  • Nobody does SD cards better than Donald Trump. Posted via the Android Central App
  • I like this article.
  • Lol Posted via the Android Central App (Motorola Nexus 6 - US Cellular)
  • The biggest folder by far on my cards is always podcasts (mostly history) . After that phone based photography. Honestly - I'm more fearful of loosing content due to my own lack of techical competence, OR a phone failing, than due to theft. When I do upgrade my phone, card encryption may still be worth it. But I want the "not" option available anyway. Up to now, all my cards go into a phone and just stay there. But recovering data from a dead phone may be a lifesaver. Encryption makes regular backups even more essential. It's a tricky choice. Awesome AC.
  • Hopefully Samsung has done a better job with this than they did with S3 - I got a nice 64GB SD card right when the S3 came out on Verizon, enabled encryption and the SD card was promptly turned into a paper weight: it was completely unusable, and couldn't be decrypted nor reformatted for use ever again.
  • When I turned on encryption, downloading music to the SD card from Play Music no longer was an option.
  • No need for me to encrypt my SD card since I don't put any important and vital things on it. The same goes for my phone.
  • This android encryption is really flawed. My phone got into a bootbloop (faulty mainboard), and I've tried a factory reset. At that moment I totally forgot about SD encryption and SD left encrypted so all my data could not be longer accessible even on THE SAME device.
  • Can you un-encrypt the card at a later point? If you encrypt your phone and want to transfer files to your phone's SD card from your computer, what is the best way to do this? TIA.
  • I have an S7 edge and I took out the 256gb SD to transfer files to my windows 10 PC and card wouldn't show on my pc. I checked to see if card was encrypted and phone have me option to encrypt the card, not to decrypt it. WTF? Thoughts?
  • Hmm, good to know how things work. Thanks for the info! I'd be more interested in apps getting harder to access like eBay and PayPal... if ppl really want to look at my pics rock climbing or whatever they are welcome,... but I do see the point, a stranger digging around in my stuff is a creepy thought ..
  • Seems like a lot of writing to the sd card will happen. I wonder how quick it'll die that way. I think they're only designed to be written on so many times. Or am I wrong about that? Anyway. In terms of one choice over the other I'm of the view that people are free to do as they choose so long as it does not prevent others from equally doing the same.
  • Does not encrypting your SD card leave your phone memory more vulnerable?
  • Maybe my Galaxy S5 is different but it is running Marshmellow, it seems it doesn't *really* encrypt the SDcard, I took the SDcard out and put it into my computer (running Windows 10 Pro) and was able to open the contents on the SDcard. Something isn't right.