[Howto] Different PIN on lockscreen than for device encryption
Android 4 / ICS has a good security feature: full device encryption. But it's implementation has a big usability problem: you have to use the same password for device encryption as on the lockscreen. Meaning you have to enter the complicated encryption password every time you want to access your phone
Chosing an easy password would make encryption worthless and Android limits the lowest complexity allowed for encryption.
Technically these passwords are two completely separate things. It's just the Android UI that mingles this. So it's time to hack and separate what should be separate!
Here is how to do it, rooted phone needed:
- Make a backup
- Enable USB debugging that you have a backdoor if something goes wrong
- Install the prerequisites: SL4A including Python4Android
- Switch your SuperSU or superuser to grant su by default. You will have to accept lots of commands otherwise, and I had problems with the dialog of my SuperSU doing this
- Install my pin_change.py program in the sl4a/scripts directory on your phone, it is attached to this post. Maybe you have to rename the extension to .py (had to rename it due to forum restrictions)
- Start pin_change.py through SL4A
- It will make a backup of your current password and allow you to set a new numeric pin
- Reboot your phone, the lockscreen caches the old settings otherwise
- Disable USB debugging and switch your superuser settings back
That's it, you can now use an easy pin on your lockscreen.
Maybe you are missing the sqlite3 command. pin_change.py will check for it and notify you if it is not there. The easiest way to get it is the "Sqlite installer for root" app on the market
pin_change.py allows to restore the backup or to set a new pin. You should restore the backuped password before you change your encryption password through the Android GUI.
I tested this on a Samsung Galaxy SII and a HTC Sensation, both EU models running a 4.0.3 from the manufacturer. I just rooted them, no custom roms.
The only thing I could find was that the vpn account data is encrypted too and you now can't enter the password anymore. So you have to redo you vpn setup, no big deal.
Just to make it clear: this allows you to use a numeric pin for unlocking where e.g. the Samsung Galaxy S2 requires a alphanumeric password. This tool does not (yet?) allow to use a pattern to unlock.
You do this on your own risk, no warranty, this script may brick your phone, drink all your beer or eat little children. So be careful.