In Google’s efforts to make Android a more secure platform, the company once required that all devices with Android 5.0 Lollipop or higher would have key partitions of the system disk permanently encrypted upon first boot. The Nexus 6 and Nexus 9 — the first publicly available devices with Lollipop — sure enough followed suit.
But several other devices to launch with Lollipop since then seem to come without encryption enabled. Many of the newest handsets introduced at Mobile World Congress are also found to have no encryption. So what, exactly, is going on?
Google quietly changed their Android Compatibility Definition policy to say that OEMs are no longer required to enable encryption on their phones out of the box. They still have to support encryption, but there’s nothing that says they have to enable it out of the box.
9.9 Full-Disk Encryption
If the device implementation has a lock screen, the device MUST support full-disk encryption of the application private data (/data patition) as well as the SD card partition if it is a permanent, non-removable part of the device. For devices supporting full-disk encryption, the full-disk encryption SHOULD be enabled all the time after the user has completed the out-of-box experience. While this requirement is stated as SHOULD for this version of the Android platform, it is very strongly RECOMMENDED as we expect this to change to MUST in the future versions of Android.
Does that mean Google’s vision for an encrypted Android is dead? Not at all. In fact, the company notes that they will be reintroducing the requirement for a later version of Android, and it’s that very reason they urge manufacturers to make a habit of enabling device encryption by default.
So that answers the question of why new devices aren’t coming encrypted out of the box. Now the question changes: why has Google decided to hold off?
The likely answer is that device encryption either isn’t as ready as they thought it was, or that it’s too messy for an OEM to implement if they haven’t designed their phones with the encryption requirement in mind. Device encryption was blamed for the problematic performance issues of the latest Nexus devices (we even showed you how to disable it on the Nexus 6 to boost performance), though Google has yet to confirm whether it’s that feature which causes the issues.
For what it’s worth we’re hearing that many of the issues will be cleared up with the big Android 5.1 Lollipop bug fixer that’s due later this month so perhaps that’s the future version of Android Google is referring to. The delay might also give OEMs more time to adjust their firmware and hardware to handle device encryption more efficiently. Adjustments might include the use of a faster file system and faster flash storage.
Of course, only Google and their OEM partners know the true answer so we’ll have to wait for more details to leak before knowing why, exactly, they’ve decided to shelve the requirements.
[via Ars Technica]
Yeah, I’m willing to bet it is due to the Nexus 6’s performance issues.
Nothing wrong with mine.
“Issues” was probably the wrong word to use. Have you tried it with encryption off? I have a Nexus 6 too but with encryption off and it is faster than it was when it was on.
When encryption is on there is just this slight delay when opening apps and returning to the homescreen. I’ll agree that it probably isn’t a big deal for most, but it was noticeable enough for me to keep it off.
It’s faster with encryption off? Next thing you’ll tell me the sky is blue.
Enough faster, for me, to leave encryption off was my point. I found it noticeable, as I said.
My N6 is faster than my N5 was … and it’s encrypted. Most of the perf issues with the N6 are in folks heads me thinks. ;)
Convinced that some people here just speak what they read on internet sites and don’t actually look into “issues” themselves.
That big 5.1 update for the 18 people in the US with Lollipop on their devices. Finally.
Nexus 6 user with 5.0.2 reporting for duty.
Same here… ready and waiting
Wait until 5.1 for further orders!
umadbro?
My butt is hurting so bad right now man.
Once Qualcomm and other SoC manufacturers implement AES-NI instructions across the product line, performance won’t take a hit. That’s probably what they’re waiting for: ubiquitous AES-NI on most SoCs
This is pretty much what I was thinking. They are waiting until the hardware to take advantage of is everywhere first. Which is smart.
Either that or time for Google to integrate dm-req-crypt support into AOSP.
OEMs probably balked at having Google require something that performed poorly with Google’s reference implementation for Qualcomm devices, despite Qualcomm’s implementation performing MUCH better.
(Qualcomm-based Nexus devices do NOT use Qualcomm’s crypto engine despite it being there…)
And what happened with Lollipop theft protection? The one that was supposed to lock the recovery too and would kill the phone if someone steals it…
*Insert corporate entity name here* wants to sell all your data to make money. *Insert corporate entity name here* has been doing so for years.
Welcome to America.
I still have the encryption on my N6 and everything runs smoothly… But I am sure that it would run just a little faster with out it. But I am very happy with it’s current performance. Looking forward to 5.1 fixes and tweaks.
The performance difference isn’t noticeable, imo. It’s just some slightly boosted r/w speeds, primarily.
Hopefully some better battery performance too without all the unnecessary r/w
…..and what does this have to do with a locked recovery?
They’re holding off because the realized that encryption solves a problem that most people don’t have or don’t think they have. And since people make buying decisions based on user experience they don’t see the tradeoff of forced encryption. (Note for Repliers: I am neither associating nor disassociating myself with “most people.”)
They are holding off until Android phones come with a dedicated chip for the encryption like the iPhone does. That is the reason for the performance hit on the Nexus.