Header Banner
Gadget Hacks Logo
Gadget Hacks
Android
WonderHowTo Gadget Hacks Next Reality Null Byte
gadgethacks.mark.png
Gadget Hacks Shop Apple Guides Android Guides iPhone Guides Mac Guides Pixel Guides Samsung Guides Tweaks & Hacks Privacy & Security Productivity Hacks Movies & TV Smartphone Gaming Music & Audio Travel Tips Videography Tips Chat Apps
how to
Home
Android

How to Encrypt Files on Android: CryptoContainer Guide

How to Encrypt Files on Android: CryptoContainer Guide

This guide walks through how to encrypt files on Android using a free app called CryptoContainer. By the end, you'll be able to encrypt any file on an unrooted phone in under a minute, decrypt it on demand, and send files directly into encryption from any other app on your phone without switching workflows or hunting through menus.

Why most "vault" apps don't actually protect your files

The app category you'd naturally search first almost certainly won't help you. University of Illinois researchers analyzed 20 popular vault apps and found that only 5 of the 20 used any encryption at all. The other 15 relied on cosmetic tricks: hidden folders, renamed file extensions, modified file headers. Techniques that anyone with basic Android knowledge could reverse without rooting the phone. Rooting recovered files from the remaining 5. Altogether, an attacker with rudimentary knowledge of the Android file system could retrieve files from 15 of those 20 apps without root access. That's not a privacy tool; it's a false sense of security with a PIN screen on top.

The reason to use a tool like CryptoContainer is straightforward: it actually encrypts files rather than merely hiding them. It uses the AESCrypt open standard, runs entirely on-device with no server involvement, and works on stock, unrooted Android 14+ devices, per the project's own repository (last updated three weeks ago). That distinction matters, and it's why this guide covers this tool specifically.

Best for: Encrypting specific files before storing, sharing, or transferring them documents, photos, archives—anything you want to password-protect on your Android phone before it leaves your hands.

Not for: Building an ongoing private library of hundreds of files you browse regularly. See the alternatives section at the end for that use case.

Two modes, one app: which one this guide covers

CryptoContainer supports two encryption approaches. Knowing the difference takes thirty seconds and will save you from choosing the wrong one.

AESCrypt mode encrypts a single file, or a batch, into a portable .aes file. Set a password, encrypt, done. The .aes format is an open standard, not a proprietary format tied to this app. This is the mode this guide covers, and it's the right choice for most people who need to encrypt a file quickly.

VeraCrypt mode creates encrypted container volumes password-protected drives that you mount, browse, and close. Better for an ongoing private workspace with many files; more involved to configure. The project repository confirms the app supports both modes, including standard and hidden VeraCrypt volumes and keyfile authentication, on the same unrooted Android 14+ device. That workflow is a separate guide.

Prerequisites

  • Android 14 or later

  • CryptoContainer installed available via the project's GitHub releases page; confirm the current distribution method before installing, as Play Store availability is unconfirmed at time of writing

  • The file you want to encrypt accessible in local storage

  • A strong password you won't forget—there is no account recovery, no reset option, no backdoor

How to encrypt files on Android with CryptoContainer

Method 1: From inside the app

  1. Open CryptoContainer and tap the AESCrypt tab.

  2. Tap Encrypt File.

  3. Use the file picker to select the file you want to encrypt.

  4. Select the output folder this is where the .aes file will land.

  5. Enter your password, then re-enter it to confirm.

  6. Adjust the output filename if needed. The app appends .aes to the original name by default.

  7. Tap Encrypt.

What you'll see: A new .aes file in your chosen output folder. The original file stays on your phone encryption creates a new file, it does not replace the old one.

⚠️ Do not delete the original yet. Decrypt the .aes file first and confirm the output looks correct. Then delete the plaintext original. If you skip verification and something went wrong—wrong output folder, corrupted file, mistyped password you won't have anything to fall back on.

Method 2: From any other app, using the share sheet

This is what separates CryptoContainer from a manual file-manager workflow. According to the project repository, the app registers itself as a share target, meaning you can push files straight into encryption from wherever you're already working.

  1. In any app a file manager, your gallery, or a document viewer select the file or files you want to encrypt.

  2. Tap Share.

  3. Choose Encrypt Using AESCrypt from the share options. CryptoContainer opens directly to the encryption flow.

  4. Follow the same password and output steps as Method 1.

Encrypting multiple files at once: Select several files, share them all, and CryptoContainer automatically packages them into a ZIP archive before encrypting producing one .aes file containing everything. (CryptoContainer GitHub)

This works from any app that supports Android's standard share sheet. Encrypt a photo straight from your gallery, a PDF from a document viewer, a downloaded file from your browser the workflow doesn't change. Pick the files, tap Share, choose Encrypt Using AESCrypt, set your password.

One practical note: if you're encrypting something sensitive and then sending it to someone else, the share sheet approach is faster than bouncing between apps. Select the file, encrypt it, then share the resulting .aes file from the same flow.

How to decrypt a file

Three paths to the same result. Use whichever fits the situation.

Method 1: Tap the file directly

Opening any .aes file in a file manager routes straight into CryptoContainer's decrypt dialog, per the project repository no need to open the app manually.

  1. Tap the .aes file in your file manager.

  2. Select the output folder for the decrypted result.

  3. Enter your password.

  4. Tap Decrypt. On success, use Open File or Open Folder from the result panel to access the content.

Method 2: From inside CryptoContainer

  1. Open CryptoContainer and tap the AESCrypt tab.

  2. Tap Decrypt File.

  3. Select the .aes file.

  4. Select the output folder.

  5. Enter your password and tap Decrypt.

Method 3: Via the share sheet

From any app, select a .aes file, tap Share, and choose Decrypt Using AESCrypt. (CryptoContainer GitHub) same result as tapping the file directly—useful when you're already working inside another app and want to decrypt without switching contexts.

Password forgotten means file gone. AES encryption has no bypass. That's what makes it work. Store your password in a password manager before you encrypt anything, not after.

A note on the password

The password is the entire security model. There's no account to reset, no recovery email, no support ticket that unlocks anything. If the password is lost, the encrypted file is unrecoverable—not difficult to recover, unrecoverable.

That's not a flaw; that's how AES encryption is supposed to work. The University of Illinois research that exposed 15 of 20 vault apps as essentially unprotected found the core problem was that those apps didn't use real encryption at all. AESCrypt doesn't have that vulnerability. But a weak password or a lost password is a weakness you'd be introducing yourself.

Use a passphrase that's long and memorable, or generate a random one and store it in a password manager. Either approach works. What doesn't work is a six-character password or the assumption you'll remember it.

If you need persistent encrypted storage instead

The AESCrypt workflow handles file-by-file encryption cleanly. If the actual need is a permanent private library photos, videos, and documents accessed regularl that's a different problem, and two options are worth a quick mention.

CryptoContainer's VeraCrypt mode is the natural next step: encrypted containers you mount and browse on-device, with support for standard and hidden volumes and keyfile authentication. Same app, no additional install, more setup. (CryptoContainer GitHub)

Cryptomator is worth considering if the priority is encrypting files before uploading them to a cloud service like Google Drive or Dropbox. It encrypts both file content and filenames using AES-256, with vault passwords hardened against brute-force attacks via scrypt, per its F-Droid listing (last updated earlier this year). Cryptomator requires a paid license key on Android it's not free.

Neither replaces the AESCrypt workflow when portability and single-file encryption are what you need. They solve a different problem.

Three things to keep in mind

The password is the whole security model. A strong password stored somewhere safe is the one thing that makes the rest of this work. Use something long.

Verify before you delete. Encrypt the file, then decrypt it and confirm the output is intact, then delete the plaintext original. That sequence matters. Skipping verification is how people lose files they thought they'd protected.

The .aes format travels within the AESCrypt ecosystem. Files encrypted on Android can be decrypted on any device running compatible AESCrypt software, since AESCrypt is an open format rather than a proprietary system built to lock you into one platform. That said, confirm compatibility with your specific target environment before relying on this for cross-device workflows.

Apple's iOS 26 and iPadOS 26 updates are packed with new features, and you can try them before almost everyone else. First, check our list of supported iPhone and iPad models, then follow our step-by-step guide to install the iOS/iPadOS 26 beta — no paid developer account required.

Sponsored

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!