diff --git a/docs/html/preview/features/direct-boot.jd b/docs/html/preview/features/direct-boot.jd index 8351f4b4b10fe..60f6141856e18 100644 --- a/docs/html/preview/features/direct-boot.jd +++ b/docs/html/preview/features/direct-boot.jd @@ -14,6 +14,7 @@ page.image=images/cards/card-nyc_2x.jpg
  • Getting Notified of User Unlock
  • Migrating Existing Data
  • Testing Your Encryption Aware App
    • +
  • Checking Device Policy Encryption Status
    • @@ -186,3 +187,34 @@ $ adb shell sm set-emulate-fbe false

    Using these commands causes the device to reboot.

    + +

    Checking Device Policy Encryption Status

    + +

    Device administration apps can use +{@link android.app.admin.DevicePolicyManager#getStorageEncryptionStatus +DevicePolicyManager.getStorageEncryptionStatus()} to check the current +encryption status of the device. If your app is targeting an API level +lower than Android N, +{@link android.app.admin.DevicePolicyManager#getStorageEncryptionStatus +getStorageEncryptionStatus()} will return +{@link android.app.admin.DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE +ENCRYPTION_STATUS_ACTIVE} if the device is either using full-disk encryption, +or file-based encryption with Direct Boot. In both of these cases, data is +always stored encrypted at rest. If your app is targeting an API level of +Android N or higher, +{@link android.app.admin.DevicePolicyManager#getStorageEncryptionStatus +getStorageEncryptionStatus()} will return +{@link android.app.admin.DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE +ENCRYPTION_STATUS_ACTIVE} if the device is using full-disk encryption. It will +return +{@link android.app.admin.DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_PER_USER +ENCRYPTION_STATUS_ACTIVE_PER_USER} if the device is using file-based encryption +with Direct Boot.

    + +

    If you build a device administration app +that targets Android N, make sure to check for both +{@link android.app.admin.DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE +ENCRYPTION_STATUS_ACTIVE} and +{@link android.app.admin.DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_PER_USER +ENCRYPTION_STATUS_ACTIVE_PER_USER} to determine if the device is +encrypted.