New Android Lollipop Phones Lose Default Disk Encryption
Encryption has been a feature of Android since 2011, though it's never been turned on by default. That was supposed to change with Android 5.0 Lollipop, as Google said in no uncertain terms back in September 2014 that users wouldn't have to give the feature a second thought. Unfortunately, it appears as though Google has backed down from its requirement that all Lollipop devices ship with encryption enabled by default.
According to ArsTechnica, some new Lollipop phones from Google's partners are shipping without encryption turned on. One of them is the second-generation Moto E, and it's being reported that Samsung's demo units of its just-announced Galaxy S6 at Mobile World Congress also don't have the featured enabled.
This runs contradictory to multiple statements Google made in the past.
"For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement," Google spokeswoman Niki Christoff told The Washington Post last September. "As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on."
Google even dedicated a blog post to Lollipop's security features. In it, Google talked up the benefits of encryption and said the feature would "be the default from the moment you power on a new device running Lollipop, keeping your data safer without needing you to fiddle around in the settings."
Full device encryption was supposed to occur at first boot, though contrary to what Google promised several months ago, it seems that you might need to do some fiddling. We're not sure why Google changed its mind, but instead of requiring its partners to enable encryption by default, the guidelines OEMs must follow for official Lollipop certification now say encryption "is very strongly RECOMMENDED." Google also said (again) that it plans to make the feature a requirement in a future version of Android.
Straight to the point -- if you're concerned about privacy and are running Lollipop, don't assume that encryption is turned on.
According to ArsTechnica, some new Lollipop phones from Google's partners are shipping without encryption turned on. One of them is the second-generation Moto E, and it's being reported that Samsung's demo units of its just-announced Galaxy S6 at Mobile World Congress also don't have the featured enabled.
This runs contradictory to multiple statements Google made in the past.
"For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement," Google spokeswoman Niki Christoff told The Washington Post last September. "As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on."
Google even dedicated a blog post to Lollipop's security features. In it, Google talked up the benefits of encryption and said the feature would "be the default from the moment you power on a new device running Lollipop, keeping your data safer without needing you to fiddle around in the settings."
Full device encryption was supposed to occur at first boot, though contrary to what Google promised several months ago, it seems that you might need to do some fiddling. We're not sure why Google changed its mind, but instead of requiring its partners to enable encryption by default, the guidelines OEMs must follow for official Lollipop certification now say encryption "is very strongly RECOMMENDED." Google also said (again) that it plans to make the feature a requirement in a future version of Android.
Straight to the point -- if you're concerned about privacy and are running Lollipop, don't assume that encryption is turned on.
