Slashdot Mirror

← Back to Stories (view on slashdot.org)

Next Android To Enable Local Encryption By Default Too, Says Google

Posted by timothy on from the keep-it-to-yourself-bub dept.

An anonymous reader writes The same day that Apple announced that iOS 8 will encrypt device data with a local code that is not shared with Apple, Google has pointed out that Android already offers the same feature as a user option and that the next version will enable it by default. The announcements by both major cell phone [operating system makers] underscores a new emphasis on privacy in the wake of recent government surveillance revelations in the U.S. At the same time, it leaves unresolved the tension between security and convenience when both companies' devices are configured to upload user content to iCloud and Google+ servers for backup and synchronization across devices, servers and content to which Apple and Google do have access.

2 of 126 comments (clear)

  1. If you believe this by zeigerpuppy · · Score: 5, Insightful

    You need your head read. Google has shown time and again that it does not care about your security. There is no need to trade off convenience for security in cloud backup. Encrypt locally and send the data encrypted to backup. This would be great but i bet that Google also holds they keys and decrypts on their end. Google says it wouldn't be able to use your data for their massive data mining and information theft machine if it were properly encrypted. This is why the data sits on their servers unprotected by encryption, they are the antithesis of your guardians of security. If you value your data, turn off all Google services and manage your own backups.

  2. Re:Good by Dr_Barnowl · · Score: 3, Insightful

    In addition to the notes that this is a minimal burden on most modern CPUs, Android L will offer much better battery life - on the same devices - owning to it's new execution environment, which will more than offset the additional cost.

    I think it's a sop though - the problem, as demonstrated so well recently to a host of famous women, is not that your local device is terribly vulnerable. After all, we're talking one of the few pieces of data storage that most people will have on their person most of their waking hours.

    The real problem is cloud storage. While much has been made of the tactics used to gain access to them, note that any sysadmin on the cloud services responsible likely has the same level of access. You'll only have "private" cloud when your device carrys a private encryption key that the service is not privy to - and this isn't going to happen on the big services (excepting MEGA, allegedly), because the reason they let you store your stuff on their cloud for free is because they can mine it for information. And could you really trust a "private" cloud client anyway? Who says the software doesn't leak your private key back to the author?

    If you want private data, Free Software is really the only answer, and having your own private hardware would help too.