One of the biggest criticisms of Google’s open mobile platform is security. For some, especially those looking from the iOS camp, Android’s security framework is a joke. That’s not to say that Google hasn’t been working on improving the situation significantly. Especially in its first ever “by Google” smartphone, the Pixel. Now Google briefly explains some of the added security measures implemented for the device, specifically on the rather contentious topic of encryption.
While smartphones, both iPhone and Android, have been capable of encrypting their storage for quite a while now, the matter really came to a head this year when Apple was ordered by a court on the FBI’s behalf to unlock the San Bernardino shooter’s iPhone. Since then, encrypting mobile devices has been become a common recommendation to protect one’s self from spying or hacking.
In the Pixel, Google implemented file-based encryption or FBE, as opposed to full disk encryption (FDE) that is the most common method used on smartphones. In a nutshell, this means that different files get encrypted and later decrypted with different keys. There are some benefits to this system, as it allows Android to have handle different types of encrypted data at different times. For example, during boot, you can immediately get access to important functionality, like alarms and phones, immediately, without having to wait for the device to be decrypted.
But encryption’s promise of security does come at the price of performance. On beefier desktop computers and SSDs, that might be negligible. Not so for smartphones with more meager resources. That is why for the Pixel, Google ditched the industry-standard eCryptFS for a slightly newer encryption feature baked right inside the Linux ext4 filesystem. With this, Google was able to implement file-based encryption with the same speed as full disk encryption.
For those not using Pixel smartphones, the new FBE encryption is also available as long as they are running on Android Nougat. The new ext4-based encryption, however, is still too new and is currently only for Pixel owners.