New Android Lollipop Phones Lose Default Disk Encryption
According to ArsTechnica, some new Lollipop phones from Google's partners are shipping without encryption turned on. One of them is the second-generation Moto E, and it's being reported that Samsung's
This runs contradictory to multiple statements Google made in the past.
Image Source: Flickr (Jan Persiel)
"For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement," Google spokeswoman Niki Christoff told
Google even dedicated a blog post to Lollipop's security features. In it, Google talked up the benefits of encryption and said the feature would "be the default from the moment you power on a new device running Lollipop, keeping your data safer without needing you to fiddle around in the settings."
Full device encryption was supposed to occur at first boot, though contrary to what Google promised several months ago, it seems that you might need to do some fiddling. We're not sure why Google changed its mind, but instead of requiring its partners to enable encryption by default, the guidelines OEMs must follow for official Lollipop certification now say encryption "is very strongly RECOMMENDED." Google also said (again) that it plans to make the feature a requirement in a future version of Android.
Straight to the point -- if you're concerned about privacy and are running Lollipop, don't assume that encryption is turned on.