STE WILLIAMS

Google quietly drops promised encryption by default for Android Lollipop

Composite image of lollipop and encryption, courtesy of ShutterstockGoogle has confirmed reports: that sweet encryption-by-default it promised for Android Lollipop left a sour taste when it came to device performance.

That’s why Google has quietly backed away from the headline-grabbing full-disk encryption that it had promised, last year, to deliver on all new phones.

Older Android devices had supported optional disk encryption, but as of Android 5.0 Lollipop, it was slated to become a standard feature, the company announced in September 2014.

Google confessed in a statement sent to Engadget that, due to sludgy performance, full encryption hasn’t exactly worked out:

In September, we announced that all new Android Lollipop devices would be encrypted by default. Due to performance issues on some Android partner devices we are not yet at encryption by default on every new Lollipop device. That said, our new Nexus devices are encrypted by default and Android users (Jelly Bean and above) have the option to encrypt the data on their devices in Settings Security Encryption. We remain firmly committed to encryption because it helps keep users safe and secure on the web.

Google spokeswoman Niki Christoff told The Washington Post in September that owners wouldn’t have to think about encryption. Out of the box, it would be a done deal:

For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement.

As part of our next Android release, encryption will be enabled by default out of the box, so you won’t even have to think about turning it on.

But that announcement has now been followed by some quiet backtracking.

The first devices to come out after the encryption-by-default announcement were Google’s own: the Nexus 6 and Nexus 9.

They were both encrypted by default.

Older Nexus devices such as the 2014 Moto G, while they could be upgraded to Lollipop, weren’t able to enable default encryption, even after a full reset, Ars Technica reports.

Now that third party devices are arriving with Lollipop, though, it seems that they aren’t encrypted by default, including the user data partition in the second-generation Moto E.

And news out of Mobile World Congress is that the new Galaxy S6 demo units aren’t encrypted by default, either.

Is it time for FBI Director James Comey to heave a sigh of relief?

In October, Comey had reproached both Google and Apple for having encryption turned on by default, saying that it was stymieing law enforcement as they tried to get at text messages and GPS data on suspects’ mobile phones.

But as Naked Security noted at the time, encryption doesn’t just stop the cops from getting at our data; it stops crooks from grabbing it, too.

Hopefully, Google will iron out the performance issues with full disk encryption soon, so it can deliver on the promise it so quietly let drop.

Composite image of lollipop and encryption courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/DtMe7jXmDUw/

Comments are closed.