diff --git a/CommandListener.cpp b/CommandListener.cpp
index 004cead..2e90ecb 100644
--- a/CommandListener.cpp
+++ b/CommandListener.cpp
@@ -619,6 +619,14 @@ int CommandListener::CryptfsCmd::runCommand(SocketClient *cli,
                 Process::killProcessesWithOpenFiles(DATA_MNT_POINT, 2);
             }
         }
+    } else if (!strcmp(argv[1], "maybeenabledefaultcrypto")) {
+        if (argc != 2) {
+            cli->sendMsg(ResponseCode::CommandSyntaxError,
+                         "Usage: cryptfs maybeenabledefaultcrypto", false);
+            return 0;
+        }
+        dumpArgs(argc, argv, -1);
+        rc = cryptfs_maybe_enable_default_crypto();
     } else if (!strcmp(argv[1], "changepw")) {
         const char* syntax = "Usage: cryptfs changepw "
                              "default|password|pin|pattern [newpasswd]";
diff --git a/cryptfs.c b/cryptfs.c
index 8747540..61c0490 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -3243,6 +3243,49 @@ int cryptfs_enable_default(char *howarg, int allow_reboot)
                           DEFAULT_PASSWORD, allow_reboot);
 }
 
+static int device_is_force_encrypted() {
+    int ret = -1;
+    char value[PROP_VALUE_MAX];
+    ret = __system_property_get("ro.vold.forceencryption", value);
+    if (ret < 0)
+        return 0;
+    return strcmp(value, "1") ? 0 : 1;
+}
+
+int cryptfs_maybe_enable_default_crypto()
+{
+    // Enable default crypt if /forceencrypt or /encryptable and
+    // ro.vold.forceencrypt=1, else mount data and continue unencrypted
+    struct fstab_rec *fstab_rec = 0;
+    fstab_rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
+    if (!fstab_rec) {
+        SLOGE("Error getting fstab record");
+        return -1;
+    }
+
+    // See if we should encrypt?
+    if (      !fs_mgr_is_encryptable(fstab_rec)
+           || (!fs_mgr_is_force_encrypted(fstab_rec)
+               && !device_is_force_encrypted())) {
+        int rc = 0;
+
+        rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT, fstab_rec->blk_device, 0);
+        property_set("vold.decrypt", "trigger_load_persist_props");
+
+        /* Create necessary paths on /data */
+        if (prep_data_fs()) {
+            return -1;
+        }
+
+        property_set("ro.crypto.state", "unencrypted");
+        property_set("vold.decrypt", "trigger_restart_framework");
+        SLOGD("Unencrypted - restart_framework\n");
+        return rc;
+    }
+
+    return cryptfs_enable_default("inplace", 0);
+}
+
 int cryptfs_changepw(int crypt_type, const char *newpw)
 {
     struct crypt_mnt_ftr crypt_ftr;
diff --git a/cryptfs.h b/cryptfs.h
index 39ea29a..67592a5 100644
--- a/cryptfs.h
+++ b/cryptfs.h
@@ -218,6 +218,7 @@ extern "C" {
   int cryptfs_enable(char *flag, int type, char *passwd, int allow_reboot);
   int cryptfs_changepw(int type, const char *newpw);
   int cryptfs_enable_default(char *flag, int allow_reboot);
+  int cryptfs_maybe_enable_default_crypto();
   int cryptfs_setup_volume(const char *label, int major, int minor,
                            char *crypto_dev_path, unsigned int max_pathlen,
                            int *new_major, int *new_minor);