Google backtracks on Android 5.0 default encryption

1 Comment

Credit: Kevin C. Tofel / Gigaom

When the Nexus 6 handset arrived late last year, it came with full data encryption enabled out the box. Google also pushed its hardware partners to do the same at first, but now appears to have quietly changed the requirement with a strong recommendation to enable encryption by default, reports ArsTechnica.

The same site noted performance issues with Google’s Nexus 6 in November, particularly with regards to read and write disk speeds, which it attributed to the encryption. How much of an impact did the tests show? In some cases, the new [company]Google[/company] Nexus 6 was slower than the Nexus 5 it was designed to replace, even though the handset had much improved internal components.

Nexus 6 side

Google did say in September of 2014 that the then called Android L software — later to become Android 5.0 Lollipop — would have encryption enabled by default out of the box. New devices with Android 5.0, however, don’t have the security feature enabled: The new $149 Moto E with LTE, is a perfect example. So what’s changed?

According to Ars, Google’s Android Compatibility Definition document is what’s changed; specifically, the section on disk encryption with Google making emphasis on what it recommends:

If the device implementation has a lock screen, the device MUST support full-disk encryption of the application private data (/data partition) as well as the SD card partition if it is a permanent, non-removable part of the device. For devices supporting full-disk encryption, the full-disk encryption SHOULD be enabled all the time after the user has completed the out-of-box experience. While this requirement is stated as SHOULD for this version of the Android platform, it is very strongly RECOMMENDED as we expect this to change to MUST in the future versions of Android.

Essentially, Google has gone back to having encryption as an option for new Android 5.0 devices, not a requirement: They must support it but it isn’t necessary to enable it by default. However, the last sentence in the guidelines indicates that hardware partners should be ready for this to change back in a future version of Android.

From security standpoint, this is a bit of a disappointment. If encryption impacts performance, however, Google has little choice here.

The concern I have is that most mainstream Android users won’t know that they should enable encryption their device or simply don’t know how. My hope is that if Google reduced the requirements due to performance, it finds a way to address the root cause of the issue and then get device encryption back as a default option.

1 Comment

ewalsh5

It’s curious to note how the device encryptions, or any options for cross platform device management using intelligent EMM API and tools, lifecycle integration location tracking, LDAP based device selection or active directory config keep running into the UX benefits and visualization ROI arguments. Security isn’t something which is compromisable (if that’s a word) .. why can’t we use something like Kony EMM suite? (bit .ly / 1Bmq11k)

Comments are closed.