I'm interested in encrypting my Android devices for security in the (hopefully will-never-happen) event of the phone being recovered by an unknown/unauthorized person.
How does Android filesystem encryption work and how does it stack up to other filesystem encryption solutions?
Solutions I'm more familiar with are:
Furthermore, does Android filesystem encryption also protect external microSD cards, and if not, is there a way to do that in Android?
Android uses dm-crypt for disk encryption, and it is available since Android 3.
And as you would know dm-crypt works at block device layer. So storage like YAFFS which works directly at nand flash chip level would not allow you to encrypt. But all other storage (which can be read block by block) can be encrypted.
Yes, both device and external sd cards can be protected.
Reference: https://source.android.com/devices/tech/security/encryption/
Normally on recent phones I have observed that /data and /mnt/sdcard is encrypted using dm-crypt which does block level encryption and external sdcard is encrypted using eCryptfs which does file-level encryption
refer comments in this method -http://androidxref.com/4.4.4_r1/xref/system/vold/cryptfs.c#1587
Technically it is possible to encrypt sdcard using dm-crypt but most manufactures do file-level encryption using eCryptfs.
