Why you might want to encrypt the SD card on your Galaxy S7

Everyone is happy that Samsung has brought expandable storage back to the Galaxy S7 series. Things aren't perfect — plenty still prefer how SD cards worked with KitKat on their Galaxy phones — but for the average user who just wants to store music, movies, photos and other documents on their removable card, it's a workable solution. It's also something that Google and Samsung will continue to work on, keeping things secure and consistent while still being expandable.

Something a lot of people don't think about, though, is encrypting the removable storage on their Galaxy S7. Encryption is all over the tech news because of recent events between the FBI and Apple, and we can take a few minutes and make sure everyone knows what options are available and how things work when it comes to protecting the data on your SD card.

What exactly is encryption?

SD card encryption

Encryption is a means of taking data and wrapping it up in a layer that can't be opened without the proper credentials. There are plenty of ways it can be done, and it's one of those things that has experts working on improving every day. There are also other experts working every day to try and break it.

Encryption is all about making it prohibitively time consuming to access your data.

In simple terms, when you lock something with an encryption method, the only way to access it is with the key. Any encryption can be broken by someone with the right tools, the right knowledge and a lot of time and processing power. The goal is to make an encryption method strong enough so that it's not practical to try and break it. When it takes the bad guys 10 years on the most powerful computer to get through, you've taken away any incentive to brute-force a way in.

That's why how you apply and use the keys to get in is important. There's no sense making the encryption strong enough to deter an attack when you make it easy to get to the keys. On Android, the key isn't your device password, but your device password grants access to the method to get the key.

Using hardware inside your phone, a 128-bit key is created and stored and the only way anything has access to this key is when it's granted by the system. You give this access when you install (trust) an application then sign in or unlock your phone with a password. You can read all the technical documentation in the Android developer documentation, and Tamoghna Chowdhury gives an excellent breakdown at Stack Exchange for further explanation.

Why should (or shouldn't) I encrypt my SD card?

Encrypted SD card

This is easy to answer. If you don't want someone who isn't you, but has access to your phone, to be able to pull the SD card and put it in another computer to see what's on it, you need to encrypt it. Head into your GS7's settings and find the Lock screen and security menu to do it.

Outside of the phone you originally used to encrypt your card, your only option to ever reuse the card is to erase it and start fresh.

But encrypting an SD card also has a drawback — you can't ever read the contents in another device. That means if you break your phone while the SD card was encrypted, everything on it is gone. Because of the way encryption works, even using the same password on a different phone of the same model doesn't give you access — the actual key is that random number stored in the TEE (Trusted Execution Environment) in the phone.

Outside of the phone you originally used to encrypt your card, your only option to ever use the card again is to erase it and start fresh. If you're storing things like confidential business documents on your SD card, this is a good thing. If you're using the card to keep memories from your camera, this isn't such a good thing. You'll need to decide if what you store on the card is important enough to lose forever if it falls out of your hands, or important enough that you don't want to lose it when or if your phone breaks.

My solution? I only store photos and a few (very few) videos on my SD card. I just grabbed an old slow one I had lying around until a great 200GB card goes back on sale. I do encrypt the SD card in my T-Mobile Galaxy S7 edge. But (and this is important) I also make a practice of backing up anything I can't replace, like photos or videos of family and friends, online or locally on my computer. I do both — Google Photos for pictures and YouTube for videos, as well as periodically backing up everything at full resolution and quality on my own physical network storage. I'm not keeping anything really confidential on my SD card, but I still don't want someone rifling through pictures of my wife or my grandkids. Call me old fashioned.

You'll need to think and decide for yourself whether or not to encrypt your SD card. There is no wrong answer.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.