How does LastPass impact device encryption?

[Mahewa]

Just upgraded my Nvidia Shield to lollipop. When setting up LastPass as an accessibility service, I get the following warning: "If you turn on LastPass, your device won't use your screen lock to enhance data encryption."

That's incredibly vague. Any idea what it means?

 

[Rukbat]

Locking the screen turns on encryption. If you use LastPass it doesn't. (Lollipop now encrypts the entire phone if you want it to. Which, IMO, is a bad idea. It makes data recovery impossible. If you don't keep critical data [like the password to your bank account] on the phone, it can't get stolen, encryption or not. It's fine, though, if you make sure that your data is always fully backed up. Then you can just reset the phone and restore all the data if you forget the password, the encryption breaks, etc.)

 

[Mahewa]

That doesn't really make sense. The phone is either always encrypted or never encrypted. Turning on LastPass can't decrypt the phone, since you have to do a factory reset to do that. So I'm still not clear on how LastPass would impact the encryption.

ETA: Also, Lollipop does not encrypt your entire phone. The system partition is not encrypted. And if you buy a device that comes with Lollipop, it doesn't only encrypt if you want it to. It comes encrypted. There's not an option to have it not be encrypted.

 

[evought]

Actually, the device IS always encrypted, and enabling LastPass accessibility (or ANY accessibility service in Android 5.x) DOES disable the encryption, even though this seems counter-intuitive.

This is a known bug in Google's implementation and it is a big one.

When your device comes, it is encrypted with a default password. The password does not decrypt the drive, it decrypts a key bloc which decrypts the drive. This is a standard process in many systems these days because it lets you change the password without having to re-encrypt the whole drive. When you 'enable' encryption and set a pin, all Android is doing is re-encrypting that key block. Follow me so far?

When you enable Accessibility services (including LastPass), the password is reset to the default. It is still technically 'encrypted' but everyone and their monkey's uncle can decrypt it without knowing your pin/pattern, which makes the encryption *completely useless*. Personally, I would recommend leaving the accessibility service completely disabled on Android 5.0/5.1. This is a BIG PROBLEM and people need to pressure Google into fixing it. There is a blog post out there with details on this bug, but unfortunately, this &^$^#% forum won't let me link to it.