Google softens Android full-disk encryption requirement

Encryption has become a touchy subject. What was once was, and still is, a standard way to protect data has become controversial in light of recent events. But while most tech companies hailed its privacy and security benefits, few, especially on the mobile device sector, choose to enforce it. It seems that, at least for the time being, the cause has lost one strong proponent. Google has rather quietly revised its Android 5.0 compatibility requirements to let OEMs choose whether to enable full-disk encryption or not.

Google made headlines last September when it revealed that every new mobile device running Android 5.0 Lollipop would come with full-disk encryption enabled. Android has long supported this feature but it remained completely optional and defaulted to being turned off. As it turns out, very few users took advantage of its benefits because of that. Enabling it by default meant that users are protected right from the start without even having to lift a finger. This was hailed by security and privacy proponents and irked governments that want access to such devices when, not if, the need arises.

The first Android Lollipop devices to arrive with full-disk encryption were unsurprisingly the Nexus 6 and the Nexus 9. Older devices that were upgraded to Lollipop, even Nexus ones, didn't switch it on automatically, which is a good thing. Disabling encryption on an already encrypted device would require doing a factory reset. But when new OEM devices started coming in, they were surprisingly unencrypted too. It turns out that Google sneakily revised its compatibility guide sometime between September and January to soften the language of the requirements. In section 9.9 on Full-Disk Encryption, it says:

Optional for Android device implementations without a lock screen.

If the device implementation has a lock screen, the device MUST support full-disk encryption of the application private data, (/datapartition) as well as the SD card partition if it is a permanent, non-removable part of the device [Resources, 107]. For devices supporting full-disk encryption, the full-disk encryption SHOULD be enabled all the time after the user has completed the out-of-box experience. While this requirement is stated as SHOULD for this version of the Android platform, it is very strongly RECOMMENDED as we expect this to change to MUST in the future versions of Android.

In short, full-disk encryption may still become enforced in an unspecified future version of Android, but it is no longer the case for Android 5.0.

As silent as Google was in this change, it is equally silent on the reason why. Government conspiracy theories aside, it might very well be because of performance issues. As we covered in Android Community, AnandTech discovered that the Nexus 6, with device encryption enabled by default, performed the worse in read and write operations. This could also be the reason why older devices don't get it enabled when upgrading to Lollipop. Without an official statement from Google, we can only presume that it is delaying its enforcing policy to give OEMs some time to iron out the kinks in encrypted disk performance or for storage technology to catch up.

SOURCE: Google (PDF)

VIA: Ars Technica