Why can I view files from "Internal Storage" WITHOUT entering password either in OrangeFox recovery or via USB cable on PC?

Question

I was under impression that all user files are encrypted by default in Android using FDE. It was to my surprise that I can just run, for example, OrangeFox recovery and when it asks me for a password to decrypt data partition, I can simply cancel entering it and then still view /sdcard directory. If I then open some text file (from that /sdcard) in a built-in (OrangeFox) text editor, it would show me all the text properly without any scrambling. The same would obviously apply to all other files such as photos, videos, and etc. Similarly if I enable MTP in OrangeFox, I can also view all of that via USB on PC. At the same time, when booted to Android ROM, in Settings and Encrypt phone, it says Encrypted.

I would imagine that only after entering user password/pattern should it be possible to even mount that partition in OrangeFox. Viewing through USB again should only work if I'm either logged into Android ROM and unlocked the user or if through OrangeFox, when partition is unlocked and mounted.

Do I miss something? How to ensure proper encryption on all of the user data?

— Alexander Shukaev | Sources

Answer

The newly flashed ROM was xiaomi.eu 12.0.4. I then tried various modifications of it, but all of them expose the same issue over and over again. After I flashed Lineage OS, the behavior was as expected: no way to see any files on "Internal Storage" (/sdcard or /data/media/0). In fact, as I expected in my original post, even though /sdcard is viewable in OrangeFox, the only directory there is Fox, where it puts recovery logs and other volatile data, but there are no files from user even visible whatsoever. Accordingly the "Data" partition is not even treated as mounted, and going to "Mount" option reveals that the checkbox of it is unchecked and one cannot even check it until one explicitly decrypts it. Interestingly, I would have expected such mount-related behavior only with FDE, but I can confirm that this installation has FBE. So this looks good now, but it's a pity that latest MIUI ROMs are that broken, what a mess... :(

— Alexander Shukaev | Sources

Q & A

'/system': No such file or directory"?" alt="How to fix "mount: 'remount'->'/system': No such file or directory"?" href="/source/questions/answer/210644/how-to-fix-"mount:-remount-system:-no-such-file-or-directory"/" >How to fix "mount: 'remount'->'/system': No such file or directory"?

Is it possible to install "iproute2" on Android?

How can I get all my files off my phone without USB

Disable chat-heads (for WhatsApp, etc.) on Samsung devices

Delete free apps from Play Store library

Reusing adopted storage

How can I sort applications by cache size?

Can I repurchase apps so they can be shared with my family library?

How to use Android Auto in Poland?

How to run regular google maps on android go?

Does the auto factory reset reset the counting of 15 wrong attempts?

Can user data be recovered after formatting and flashing stock ROM?

Sony F5121: Forgot Device Encryption Passwort, locked bootloader

How can I disable the little preview on Youtube (to save mobile data)?

What actually gets backed up, how many times?

Note9: Can you sync DIFFERENT calendars on google calendar and samsung calendar at the same time?

How can I reenable Gmail notifications after disabling them through Inbox?

Samsung s10e screen protector

How to enable USB debugging in LineageOS 14 on Moto G2014?

Running "tcpdump" on Android shell gives error: "not executable: 32-bit ELF file"

Topics

2D Engines 3D Engines 9-Patch Action Bars Activities ADB Advertisements Analytics Animations ANR AOP API APK APT Architecture Audio Autocomplete Background Processing Backward Compatibility Badges Bar Codes Benchmarking Bitmaps Bluetooth Blur Effects Bread Crumbs BRMS Browser Extensions Build Systems Bundles Buttons Caching Camera Canvas Cards Carousels Changelog Checkboxes Cloud Storages Color Analysis Color Pickers Colors Comet/Push Compass Sensors Conferences Content Providers Continuous Integration Crash Reports Credit Cards Credits CSV Curl/Flip Data Binding Data Generators Data Structures Database Database Browsers Date & Debugging Decompilers Deep Links Dependency Injections Design Design Patterns Dex Dialogs Distributed Computing Distribution Platforms Download Managers Drawables Emoji Emulators EPUB Equalizers & Event Buses Exception Handling Face Recognition Feedback & File System File/Directory Fingerprint Floating Action Fonts Forms Fragments FRP FSM Functional Programming Gamepads Games Geocaching Gestures GIF Glow Pad Gradle Plugins Graphics Grid Views Highlighting HTML HTTP Mocking Icons IDE IDE Plugins Image Croppers Image Loaders Image Pickers Image Processing Image Views Instrumentation Intents Job Schedulers JSON Keyboard Kotlin Layouts Library Demos List View List Views Localization Location Lock Patterns Logcat Logging Mails Maps Markdown Mathematics Maven Plugins MBaaS Media Menus Messaging MIME Mobile Web Native Image Navigation NDK Networking NFC NoSQL Number Pickers OAuth Object Mocking OCR Engines OpenGL ORM Other Pickers Parallax List Parcelables Particle Systems Password Inputs PDF Permissions Physics Engines Platforms Plugin Frameworks Preferences Progress Indicators ProGuard Properties Protocol Buffer Pull To Purchases Push/Pull QR Codes Quick Return Radio Buttons Range Bars Ratings Recycler Views Resources REST Ripple Effects RSS Screenshots Scripting Scroll Views SDK Search Inputs Security Sensors Services Showcase Views Signatures Sliding Panels Snackbars SOAP Social Networks Spannable Spinners Splash Screens SSH Static Analysis Status Bars Styling SVG System Tags Task Managers TDD & Template Engines Testing Testing Tools Text Formatting Text Views Text Watchers Text-to Toasts Toolkits For Tools Tooltips Trainings TV Twitter Updaters USB User Stories Utils Validation Video View Adapters View Pagers Views Watch Face Wearable Data Wearables Weather Web Tools Web Views WebRTC WebSockets Wheel Widgets Wi-Fi Widgets Windows Wizards XML XMPP YAML ZIP Codes