Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Backs Off Default Encryption on New Android Lollilop Devices

Posted by Soulskill on from the give-the-people-what-the-government-wants dept.

An anonymous reader writes: Although Google announced in September 2014 that Android 5.0 Lollipop would require full-disk encryption by default in new cell phones, Ars Technica has found otherwise in recently-released 2nd-gen Moto E and Galaxy S6. It turns out, according to the latest version of the Android Compatibility Definition document (PDF), full-disk encryption is currently only "very strongly recommended" in anticipation of mandatory encryption requirements in the future. The moral of the story is: don't be lazy — check that your full-disk encryption is actually enabled.

4 of 124 comments (clear)

  1. FDE on Android doesn't work as of yet by Anonymous Coward · · Score: 5, Insightful

    The issue with FDE in Android has for long been the lack of combining strong passwords with a pattern lock or pin lock for unlocking the screen. In other words, your encryption key is only as strong as the pin code or password you are willing to put in every time you open your screen lock. Who wants to type in a 20+ password every time they open their screen lock? Who even bothers with FDE if the key will be no stronger than what, six numeric characters?

    There has been some dirty hacks you could do to combine FDE with e.g. pattern lock for the screen, but these have had the tendency to break the whole thing eventually.

    1. Re:FDE on Android doesn't work as of yet by fph+il+quozientatore · · Score: 4, Insightful

      So the protection is only effective if someone steals my phone while it's turned off, which is, like, 0.1% of the time?

      --
      My first program:

      Hell Segmentation fault

    2. Re:FDE on Android doesn't work as of yet by DigiShaman · · Score: 3, Insightful

      But how much? At least on Intel CPUs that have the AES-NI instructions, FileFault2 on a MacBook Pro is of minimal impact. Throwing a number out there, but perhaps less than 1% hit in performance?? And this is me running and compacting (cleanup) VMs (massive read/write operations) on an encrypted SSD. Certainly these new CPUs in mobile phones contain a similar feature as AES-NI, no?

       

      --
      Life is not for the lazy.
    3. Re:FDE on Android doesn't work as of yet by LordLimecat · · Score: 3, Insightful

      A hardware crypto device can en-/decrypt faster than the disk transfers. Therefore, no latency at all.

      Latency and bandwidth are distinct measurements. Im not sure your assumption is safe at all.