Prompt [Q] Serious problem with Android's built-in encryption?

I came across a problem with Android's built-in encryption function and typical sdcard data. I searched everywhere on the internet and this is what I could collect so far:

Quote:
Also, from my research, while I cannot confirm this, I have read that prior to 4.2, external (public) storage in Android was /mnt/sdcard/ (if you are not familiar with the Android file system, "sdcard" refers to public storage that is internal...not necessarily an external sdcard), but this was just a symbolic link from the protected /data/ directory. At the time, Android only encrypted /data/, which was fine because the symbolic link would also encrypt any personal files in the public directory.
After 4.2, due to multiple profiles, the public storage was moved to /storage/emulated/legacy. That means if Android's "full disk encryption" only encrypted /data...then any sensitive data in the public directories is not encrypted (this could be downloads from work, private photos, etc).
Source and full topic: https://productforum...xus/Lzsje-4QfTQ

Quote:
This can be OEM dependent indeed, but /mnt/sdcard is now just a symlink to
a 'virtual' SD card that lives under /data. So downloaded documents, media
etc. are encrypted along with private data, etc. From the boot script:

# create virtual SD card at /storage/sdcard0, based on the /data/media directory
# daemon will drop to user/group system/media_rw after initializing
# underlying files in /data/media will be created with user and group
media_rw (1023)

If one some device /mnt/sdcard (external storage) is independent from /data,
it might not get encrypted. But then again they may modify the
firmware to encrypt it.
Source and full topic: https://groups.googl...uss/-mE-XTot0Gg (This is also only referring to Android versions =< 4.0)

1.) I checked a CM 11 installation on a Huawei Ascend Y300 and I could find the same internal SD card data in

/internal_sd -> /storage/sdcard0 (fuse)
/mnt/internal_sd -> /storage/sdcard0 (fuse)
/mnt/media_rw/sdcard0 -> /mnt/media_rw/sdcard (vfat)

2.) /data/media does not contain the files as the others in 1.).

3.) /internal_sd is the only partition visible via TWRP file manager, which could mean that the others are created during the start of Android itself.

2012
Quote:
So the actual physical storage place is still /data/media. /storage/sdcard0 is a "virtual" SD card. /sdcard and /mnt/sdcard are symbolic links of /storage/sdcard0.
Quote:
I'd guess that the virtual sdcard exists because /data/media is part of an ext# partition, so they use fuse filesystem and virtual sdcard to make it look like fat to apps, many of which don't understand ext# filesystems.
2013
I'd assume the actual physical storage place is /storage/sdcard0 now, but I'm not sure.

Conclusion: To make the encryption include typical "sdcard data" again, we would have to somehow change it back to this:

Quote:
So the actual physical storage place is still /data/media. /storage/sdcard0 is a "virtual" SD card. /sdcard and /mnt/sdcard are symbolic links of /storage/sdcard0.
Are my thoughts on this correct so far or does anyone have an idea?
Does this mean older Android versions (pre-4.2) did not actually have this problem?