Andriod User Profile Howto

Android Encrypted Filesystem Howto

How to set up user profiles on Android. This allows you switch user profiles so that you can keep your email, facebook, twitter, etc., private yet allow others to share your Android tablet.

This utility creates an encrypted loopback file system for your data and cache partitions. Your original partitions are left untouched so that you have a “guest profile” for when your friends come over and find your tablet lying of the coffee table.

The SD card is currently left unencrypted. I did this because I want to share photos and music files across all profiles. If you'd like to encrypt the SD card too, this program can be adapted to do so. Maybe I'll add an option for that when I find time. [Update June 11, 2011: I have encrypted SD card working through manual steps. I'll try to make it part of the script.]

If you have a device that does not have internal storage (/emmc) like the Nook Color, this program will save the profiles encrypted on the SD card. (This will make encrypting the SD card too a bit more complex.)

Status:

This project is in the early development stage. It currently works on the Nook Color. It should work on other Android devices but has not been tested. Currently it is command line only. This means you need a terminal program to use it.

Requirements:

  1. A rooted Android device.

  2. A terminal emulator program. Freely available from the Android market.

  3. The adb utility. Freely available from Google.

  4. Busybox (if not already included in your ROM). Freely available.



Instructions:

These instructions are for advanced users. You need to know how to use adb and a terminal program. If you don't know how, please see the documention for those programs.

  1. Download and install the sp (switch profile) utility.
    $ adb remount
    $ adb push <path to downloaded file>/sp /system/bin/sp
    $ adb shell chmod 755 /system/bin/sp

  2. Download and install the cryptsetup binary.
    $ adb push <path to downloaded file>/cryptsetup /system/bin/cryptsetup
    $ adb shell chmod 755 /system/bin/cryptsetup

  3. Launch abd shell. Type sp setup <profile_name>. For example, “sp setup steve”
    $ adb shell
    # sp setup steve

  4. Follow the prompts. This will create an encrypted loopback filesystem for your data and cache files, copy your existing data to the new encrypted filesystem, then reboot. Be sure to size the new filesystem large enough to hold your existing data. For my Nook Color I chose 1,000 MB for data and 500 MB for cache. This gives me enough space for 3 users (plus the orginal unencrypted profile).

  5. If everything went ok, you can now type “sp <profile_name>” from your terminal program and switch to your encrypted profile. At first, your new profile will look just like your old profile. I recommend changing wallpaper, etc. so it's easy to tell which profile you're in. When you're done, reboot and it will go back to the original profile.


See example.


Supported devices:

This has only been tested on the Nook Color. Testers are needed for other devices. Please give it a try and email me with your results. sp@LTRConsulting.com