Google to implement encryption by default in Android L

JC Torres - Sep 19, 2014, 4:50am CDT
3
Google to implement encryption by default in Android L

Following Apple’s privacy policy statement yesterday, Google is reported to be coming out with a similar hard-line stance in its next Android release. Devices that will be running the upcoming Android L, sometimes called Android 5.0 or Lemon Meringue Pie, will have their phone’s data encrypted and password-protected by default, which would hinder both authorities and miscreants alike from gathering users’ private data.

To be clear, Android has had the option to encrypt devices for a long time. The only problem, from a security point of view, is that it isn’t enabled by default and that users are unlikely to know about it. This makes this rather important feature rather moot in most cases, leaving devices and users open not only to hacking but even to government fishing expeditions, legal or otherwise. For Android L, the feature will be turned on from the get go and users will have to knowingly and intentionally opt out of it if they want to. Following the same reason above, they are unlikely to do so.

These developments from Apple’s and Google’s platforms are undoubtedly caused by revelations of rampant government spying revealed by Edward Snowden and subsequent whistleblowers. The US Supreme Court has already ruled that authorities would still need search warrants for digital data stored on mobile devices, but this adds a technical restriction just in case. Since the password for decrypting users’ data are not stored on either Apple’s or Google’s sides, a government request for information, whether with a warrant or without, would be meaningless.

That said, Google’s transition to a more secure Android platform by default won’t be as smooth as Apple’s, as it will hit its own dreaded Android fragmentation problem. Whereas Apple will be able to rollout such changes across all devices that support the new iOS 8, the release of Android L will be staggered and inconsistent. Aside from its own Nexus devices, Google Play Editions, and, now, Android One smartphones, Google has no direct control over the schedule of Android releases on OEMs and carriers, which could take weeks or even months, especially for such a major change.

Encryption by default might upset, or at the very least annoy, a small subset of Android users, particularly those who run custom ROMs, community-built versions of the Android OS derived from Android’s open source code. Many of the power user process, such as recovery and flashing, by default work on files stored in the /data folder of the system. Since it is the folder that gets encrypted, this would mean a few additional steps for such users. But then again, these are the type of users who would mostly know their way around and can flip switches on and off as they wish, provided Google doesn’t remove those switches.

SOURCE: The Washington Post


Must Read Bits & Bytes