Hi Leo!



Thank you for the wonderful compliments.

Yes, you’re right. What you’ve mentioned is exactly the case. Android encryption doesn’t offer any practical value if there is no password set. If the device is stolen, and it’s not protected with a password, the attacker can simply turn on the device, unlock it, and the data is decrypted.

In such cases of a lost device, I’d suggest using ‘Find my Device’ (https://android.com/find) to remotely lock down your phone. Here, even if the device doesn’t have a password enforced, you can remotely set one up. (Find My Device is automatically activated if you’ve added a Google Account to your device.)

Now, an MDM becomes useful when the device that’s lost belongs to one of your employees. An admin can remotely lock the device and set up a password straight from the MDM portal, without requiring the employees’ personal credentials.

I hope I’ve cleared all your queries. If not, please feel free to ping me here again.



Have a nice day Leo!

Thanks for the really good blog on this subject, it’s very informative and pretty much the best guide to this subject I have found.

I’m curious though about a particular scenario which I can’t quite make sense of.

Device = NOT enterprise managed by any MDM (is BYOD/unmanaged)
Lock screen option = NOT set (no lock screen method in place)
OS = Android v6+ (any OS where encryption occurs out of the box)

Question = how does encryption provide any value? Would it just be if the device is turned off with battery dead or removed, and it gets stolen, then the thief extracts the storage chip/hardware from the device, and tries to read the data, then it would be impossible to read right?

Otherwise, every other situation where the device is able to be turned on, would mean the data is readable right?