Doesn't work with Android 9

[jfeise]

Unfortunately, this app doesn't work with Android 9. Google has taken away the ability to use raw vdc cryptfs commands.

[tomgagdotnet]

Thank you @besendorf for the quick reply. Yes, I was reading in the meantime about hardware backed key storage, I have still to make up my mind about it. One thing I do not like is that it requires you to trust the hardware, i.e. the TPM, while with a strong FDE password, if your phone is powered off it's basically a brick. I understand your threat model may vary, but I personally don't like the idea that Android decided that somehow users do not need to manage their own security policy. Bah!

[myfirstnameispaul]

These concerns are along the lines of achieving nation-state security, which is practicably impossible.

The bigger concern is all the other criminals who are busy hacking into video surveillance systems so they can capture someone entering their phone's encryption password in broad daylight. (I would like to point out that not even Microsoft requires such a stupid policy - gives you an idea of what these "developers" think of your security.)

For all of the devices I've owned, LineageOS does not allow me to enforce fingerprint attempt limit or password attempt limit. So anyone who is kind of close can attempt enough retries to have a realistic chance at succeeding, making the over-the-shoulder attack the most likely vector.

My current choice is my phone is exclusively a selective email device and maybe some shopping/restaurant apps, audio books, etc. Nothing of consequence. The only secure option is nothing of value on the device.

[rodrigoaguilera]

I just installed a LOS 19.1 and as a workaround I used multiple accounts. You can set the long password for the owner and as soon as the device boots, swap to a secondary user with a more simple pattern