With Android 6.0 Marshmallow, Google has mandated FDE for most devices, provided that the hardware meets certain minimum standards. Encryption is the process of converting data into ciphertext using a secret key. On Android devices, FDE refers to the process of encrypting all user data using a secret key. This key is in turn encrypted by the device's personal identification number (PIN)/pattern/password that is set by the user. Once a device is encrypted, all user-created data is automatically encrypted before writing it to disk, and all reads automatically decrypt data before returning it to the calling process. FDE in Android works only with an Embedded Multimedia Card (eMMC) and similar flash devices that present themselves to the kernel as block devices.

Staring from Android 7.x, Google decided to shift the encryption feature from FDE to file-based encryption (FBE). In FBE, different files are encrypted with different keys. By doing so, those files can be accessed independently, without the need to decrypt the complete partition. As a result of this, the system can now display open notifications or access boot-related files without having to wait until the user unlocks the phone.