Roger Fingas
Despite initial promises by Google, and rival Apple implementing the technology in iOS 8 last September, new devices loaded with Android 5.0 Lollipop are not using default full-disk encryption meant to prevent criminals, police, and spy agencies from getting unauthorized access to private data.
In September, Google stated that all devices launching with Lollipop pre-installed would have encryption on "out of the box," according to ArsTechnica. The company echoed this sentiment in October, mentioning that user data partitions would be encrypted "at first boot." Indeed the latest first-party Android devices — the Nexus 6 smartphone and Nexus 9 tablet — are shipping with encryption activated.
Third-party Lollipop devices are being announced at this week's Mobile World Congress in Barcelona, but Ars observes that phones like the 2015 Moto E and Samsung Galaxy S6 aren't being fully encrypted automatically. Google instead appears to have altered its policies, stating in the most recent Android Compatibility Definition document (PDF) that while new devices must be capable of supporting full-disk encryption and should ideally have it on out-of-the-box, the company only expects to make default encryption mandatory in "future versions of Android."
Google may be backtracking because of complaints about the performance of the Nexus 6. Reviews have commented that with full-disk encryption on, the device can sometimes be slower than 2013's Nexus 5. The company may therefore be postponing default encryption as a standard until hardware vendors have memory and processors that can cope.
Both Apple and Google have pledged to improve device security in the wake of revelations from former National Security Agency contractor Edward Snowden, who exposed the vulnerability of many devices to external intrusion. The NSA was shown to have methods and programs for scooping up masses of personal data, even from people not accused of any crime; the agency secured cooperation from major American technology corporations. In theory Apple and Google's new encryption schemes are so secure that even they can't help spy or police agencies break through them.
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
Malcolm Owen
25 Comments
That's what you get for using software based encryption (Android) instead of hardware (Apple).
Funny that Apple has had on-device hardware encryption since the 3GS. How many years ago did that phone come out?
Of course they did. Did anyone expect Google to prioritize security, privacy, honesty, or consumers above pleasing it's OEMs? Samsung probably told Google to **** themselves, and they did.
Encryption overhead. I wonder if this is why iOS 8 reportedly runs slower on older Apple devices?
And weren't the Fandroids going "HA! Take that iSheep!" when this crap was announced? Who's laughing now??? Not only was their encryption based on software, which is always more vulnerable and slower performing than hardware, but if left up to the OEM's, that shove every last possible vestige of bloatware onto their devices which already compromises the devices' performance, do you really expect them to take user security and privacy more seriously than the razor-thin profits they're able to eek out from that bloatware? Get real, this is Android we're talking about it, where the customer is the product, and they're personal privacy be damned.
[quote name="Suddenly Newton" url="/t/185013/google-postpones-ios-8-style-full-disk-encryption-of-android-devices#post_2684348"]Encryption overhead. I wonder if this is why iOS 8 reportedly runs slower on older Apple devices?[/quote] iOS 8 runs slower because it's doing much more. More features, more libraries to load, required support for more devices and now-larger displays. This story is pretty telling that Apple has planned their software and hardware platforms more thoroughly. Egg on Google's face.