Therefore what wonders me most: if you enable device encryption on devices with external sd card, the external sd card always remains unencrypted. As you cannot really control for every app where to store its data, you have some of your app-data on internal sd (encrypted) and some of you app-data on external sd (unencrypted). To me this seems to be a security hole, concerning device encryption. Does anyone know why cm team does not include encryption for external sd cards, like some oems do? They put so much effort in security features and on the other side they leave parts of the local storage unencrypted?