Next Android To Enable Local Encryption By Default Too, Says Google

An anonymous reader writes The same day that Apple announced that iOS 8 will encrypt device data with a local code that is not shared with Apple, Google has pointed out that Android already offers the same feature as a user option and that the next version will enable it by default. The announcements by both major cell phone [operating system makers] underscores a new emphasis on privacy in the wake of recent government surveillance revelations in the U.S. At the same time, it leaves unresolved the tension between security and convenience when both companies' devices are configured to upload user content to iCloud and Google+ servers for backup and synchronization across devices, servers and content to which Apple and Google do have access.

Really?

[ArcadeMan]

Google has pointed out that Android already offers the same feature as a user option and that the next version will enable it by default.

Why isn't it already the default setting?

Re:Really?

[BarbaraHudson]

Because some of us really don't care if some droid somewhere is poking around in the text massages in our droids.

And anyone stupid enough to take nude selfies, maybe they need to learn that selfies are neither an art nor an art form? Take a lesson from Mother Nature - clouds leak (it's called rain).

I don't encrypt my phone data because I don't see any benefit for my own use, just more hassles. Just like I don't encrypt my on-disk or on-usb-key data. If/when I come into a situation where I need to, I will, but really, so far that hasn't happened.

Re:Why bother when Carrier IQ and friends exist ?

You're right. Maybe Apple/Google cannot decrypt a phone that has been seized, but they can certainly be compelled by the government to push an OS update that enables a backdoor in a phone that is in active use.

Are they going to fix the bugs?

[wronkiew]

That's great that Google is going to enable device encryption by default. But are they going to fix the usability and security problems for Android L?

If you enable device encryption on Android, you can no longer back up and restore your data over USB or through third party tools. You can create encrypted backups over USB, but you can't restore them because of bugs in the ADB tools. The only way to back up and restore is by uploading your data to Google's cloud servers, where your data is much more likely to be purloined than if you had just left your device unencrypted in the first place.

When you enable encryption, you set a password. The encryption password becomes your lock screen PIN and there is no way to change it. So, which are you going to choose? A secure encryption password that you'll spend 15 seconds entering on the tiny keyboard every time you want to unlock your phone? Or a useable PIN that is trivial to crack if an attacker gets your encrypted data?

It's clear someone added device encryption to Android to check it off the list and didn't intend for anyone to use it. I hope their product team realizes this before they bring it to a wider audience.

Re:If you believe this

[steelfood]

I know everybody talks about encryption, but the word itself is just the tip of security. What's the key size? What's the algorithm? What data is encrpyted? Is it even relevant to talk about local encryption with respect to metadata (which is just as if not more useful to the NSA than the actual data). What about backups? Is it a snapshot of the encrypted contents each time? Or does the backup use a different encryption key, and the data transferred securely? There are so many layers to security (including the user), the "encryption" buzzword is meaningless without full context.

My guess is, Google's not encrypting anything they're really interested in. They're probably not nearly as interested in your pictures or your contact list as say, Facebook. That's data they may currently collect, but ultimately throw away. They're probably more interested in the websites you go to, the links you used followed to get there, the links you followed from that site, the people you actually contact (text, chat, etc.), the geographical location of that person as well as your location, the date and times of your conversations, the contents of your conversations, etc. Local encryption does not apply to any of that data.

In fact, local encryption doesn't even matter much with regards to securing your phone's data. Your phone is probably leaking the encrypted data through one if not more applications. Facebook, Candy Crush, Twitter, etc. largely negate the effects of local encryption. The only thing it will do is keep your private information out of the hands of someone who picked up your lost phone and decided to keep it (or sell it).

Re:If you believe this

[swillden]

I know everybody talks about encryption, but the word itself is just the tip of security. What's the key size? What's the algorithm?

It uses Linux dm_crypt. Here's the source code that configures it, and protects the dm_crypt master key: https://android.googlesource.c...

What data is encrpyted?

The /data partition, which holds everything which isn't part of the system image. An easy way to understand the distinction is to note that on unrooted Android devices everything but /data is mounted read-only. So any data that is stored after the device leaves the factory is in /data, and is therefore encrypted, unless it's written to removable media (SD card).

Most of the rest of your post is speculation assuming that Google is intensively mining everything backed up. I'm quite certain that's not true, but I probably shouldn't comment in more detail.

The only thing it will do is keep your private information out of the hands of someone who picked up your lost phone and decided to keep it (or sell it).

Yes, that's what device encryption is for.

(Disclaimer: I'm an Android security engineer. I'm speaking for myself, not for Google.)