Due to this drawback some users converted back to sd card formated as external memory which therefore lacks encryption
For my understanding I did not get it anyway.
Generally spoken: If someone wants to have his/her data encrypted he/she should go the full path completely without GAPPS, cloud drive, GMaps, GMail etc. But keep on using GAPPS, the cloud drive, GMaps, GMail etc. and still wanting to have the personal data encrypted looks somehow contrary to me…
The Fairphone 2 has an open bootloader (for good reasons, giving the user the key to easily install alternative recoveries like TWRP and all those alternative OSes we like so much on the Fairphone 2).
Anybody who somehow gets possession of your phone can flash or boot anything (regardless of your screen lock or any other security measure when booting is finished) … to then do anything with everything in Internal Storage … your data.
How do you block this possible access to your data?
You encrypt it.
Now anybody can still flash or boot anything, but there’s no access to the user’s data … to use the phone, the data partition can only be formatted, and then the user’s data is gone … no access.
Of course you have a point that encryption users should think about how much of their data goes to Google, Facebook and the likes, but it is not the same matter.
Until only recently there was no problem.
A data partition encrypted with one of Fairphone’s OSes could be used with the other OS and with LineageOS 14.1 (Android 7.1), and with TWRP.
Now that LineageOS has gone to version 15.1 using Android 8.1 as its base, it has emerged that somehow Android 8.1 does things differently so that TWRP as of now can’t access a LineageOS 15.1 encrypted data partition. You can still use TWRP just fine for every other task, but it can’t do a complete system backup including the data partition this way anymore.
This problem is not unique to the Fairphone 2, it is widely acknowledged on many devices, but it seems nobody really knows how to “repair” this or it just is a huge task that might take time.
If you want to have access to encrypted data in TWRP while running LineageOS 15.1, the current workaround on the Fairphone 2 is to install LineageOS 15.1 on a system with a data partition already encrypted by an older Android (LineageOS 14.1, current Fairphone OS or Fairphone Open OS).
Not really a problem once you know it, and this way everything works fine as before.
Looks like learning by trial and error. It could have been expected, but was actually proven by error, we all hope for everything to go well.
Hence I am still very cautious and holding back if it comes to encryption.
If there is always the same software (tools) involved since the beginning things may work fine. But after each update (major change) no one can tell for sure if all remains operating flawless. Worst case that could happen is having lost all encrypted data. And I think some in case of Android have learned their lesson the hard way.
Well, a basic problem awareness can never hurt.
Everybody has certain ideas of what to be cautious of. These ideas might differ, so be it.
Some might want to avoid security updates and encryption because things could break (“Never change a running system!”), others might want to avoid having a lot of already identified security holes on their phone or having headaches about what the finder of a lost phone (or a thief) might do with their data because it is easily accessible without encryption.
In the end everybody just has to be content with their own decisions, there’s not much more to it.
That’s true for any current OS on any current platform in general.
That’s why there are nice people who take a risk (or have a spare device, or it’s their job) and try stuff before the mass of users is confronted.
Regarding the Fairphone 2 … For Fairphone OS and Fairphone Open OS there is an official beta testing process for every upgrade or update. With the automatic LineageOS builds some users just have to take the plunge to hopefully identify possible dealbreakers early enough, but nobody’s forced to use LineageOS.
Encryption or not is not the problem in this regard.
You can lose any data on any computer-like device including “the Cloud” caused by any software or hardware failure at any most inconvenient time.
That’s why you make backups of every data you deem important enough as regularly as you deem necessary to feel safe about it.
Please specify the “lesson”(s), or I’ll perhaps start a Wiki speculating, probably starting with “Using electronic devices at all. It’s inviting trouble.” and then zooming in from that .
I though of “lesson(s)” like e.g. dealing with backups. Having thrust in a good piece of software is good if having made positive experiences with it. Now there was a new unforeseen issue with TWRP having troubles dealing with encrypted data from the latest LineageOS. Someone affected not knowing about this workaround:
would surely start sweating at first. In this case luckily the workaround was shortly found. But affected users now may be a bit more critical when updating a vital part of the software.
Reading through this post there were more unlucky users who often finally lost data due to a misunderstanding/misuse of TWRP and had to learn the hard way that something went mercilessly wrong.
Loosing data is always the hardest which may have an impact on trustworthiness.
Ok, making backups at all is indeed a lesson many learn the hard way.
Checking at least once whether a backup can even be restored in the way one thinks is another.
I can’t consider this unlucky, this is entirely on the unability or unwillingness to read.
I will not criticize anybody for not reading the FAQ (although TWRP keeps them relatively short).
But I will criticize anybody for not reading screen output of a backup software used for the first time, and TWRP even outputs the important part in a different colour (I guess they didn’t use red because in TWRP red indicates some kind of failure, which this isn’t, it’s intended behaviour) …
Hm, that puts a much different light on the situation. Yes, reading (and understanding) the screen output is the last step before hitting the start button.
Yep, some rely on their backups (using tools) without ever having tested if restoring would even work for them.
Maybe it is also a bit misleading for inexperienced users if the software offers options like test backup file, or verify backup file.
One may think actually the restore process is being tested as well.