Google Backs Off Default Encryption on New Android Lollilop Devices

An anonymous reader writes: Although Google announced in September 2014 that Android 5.0 Lollipop would require full-disk encryption by default in new cell phones, Ars Technica has found otherwise in recently-released 2nd-gen Moto E and Galaxy S6. It turns out, according to the latest version of the Android Compatibility Definition document (PDF), full-disk encryption is currently only "very strongly recommended" in anticipation of mandatory encryption requirements in the future. The moral of the story is: don't be lazy — check that your full-disk encryption is actually enabled.

Re:FDE on Android doesn't work as of yet

[PriyanPhoenix]

Or at the very least it would need to come with a significant enough processor jump that no one notices the drop in responsiveness from any earlier device. I briefly switched on FDE on a Nexus 5 and it only took a few days to decide the trade-off was (for me) unacceptable. Had I jumped to the Nexus 6 at the same time, however, that may not have been an issue.

Re:FDE on Android doesn't work as of yet

[DrXym]

Most SoCs have encryption circuitry so I doubt it has any appreciable effect on performance or battery providing its done through hardware. In Linux disk encryption is via dm-crypt which in turn is via the crypto api so Android could probably use that to provide blanket crypto in addition to whatever crypto is done higher up by apps or user storage.

Android privacy guard app

Do you remember back in Android 4.3 where Google added a feature similar to Cyanogenmod's "Privacy Guard"? That let you withhold rights to your contacts, Wifi, camera, microphone, GPS etc. from Apps selectively? Regardless of what the App demanded?

Then later they withdrew the app, and it never appeared again, they claimed it broke applications, yet the one in Cyanogenmod and Paranoid Android distributions work fine. Yet Google withdrew their privacy feature.

http://www.pixeldynamo.com/editorial/2013/12/14/1869/google-withdraws-android-privacy-tools/

"It was a surprise therefore, to find that Android 4.3 contained an undocumented feature, the Android Permissions Manager, or AppOps. Pictured below, AppOps groups applications based upon the type of permissions requested (Location, Personal, Messaging), ordering them by how recently they used that feature."

"Tapping on any app then shows all permissions granted to the application in question, allowing you to toggle them at will. iOS includes a similar feature, albeit with less granularity, listing applications under broad categories such as location, contacts, photos, and calendar access, again allowing users to see what has requested access, and, if they prefer, disable it."

"In the second point release of Android 4.4, Google has now withdrawn AppOps, claiming it was never intended to be accessed by end users."

-------
Do you know you handed Google your wifi password?
You did that when you handed your wife or brother your Wifi password, and when Google asked them to 'back up to their server', and they clicked yes, they handed that password to Google and to NSA via PRISM.

There are some serious issue in Android, and encryption is just the latest of them.

Re:FDE on Android doesn't work as of yet

[anybody_out_there]

Had I jumped to the Nexus 6 at the same time, however, that may not have been an issue.

As a recent Nexus 6 owner, I can confirm that encryption is enabled by default. I have not noticed any performance lag and the battery life has been really good. I will admit, I'm coming from an 'ancient' phone, so maybe that's why I think it's fast enough; way faster than my old phone.

Re:FDE on Android doesn't work as of yet

[kenshin33]

nexus 5 has the hardware to do it, just not used. the CAF variante of CyanogenMod (http://github.com/CyanogenMod/android_device_lge_hammerheadcaf) has that enabled. No nightelies for the moment but you can build it from source, give it a spin, if you'de like (bear in mind that there's no upgrade path from SW encryption to HW one, ie : a wipe is required to go from on to the other).

Re:FDE on Android doesn't work as of yet

[swillden]

Had I jumped to the Nexus 6 at the same time, however, that may not have been an issue.

As a recent Nexus 6 owner, I can confirm that encryption is enabled by default. I have not noticed any performance lag and the battery life has been really good. I will admit, I'm coming from an 'ancient' phone, so maybe that's why I think it's fast enough; way faster than my old phone.

As mentioned by Gaygirlie, a big factor is the AES-NI instruction in the ARMv8 instruction set supported by your Nexus 6. It dramatically reduces the performance and power hit of AES operations.

Re:FDE on Android doesn't work as of yet

All you've told me is that, again, Android is inferior to Apple devices, even though it *should* be better. I've spent 6 years and 1200 dollars on phones trying to convince myself it's better or would be better. It's not, screw Google and screw Android. I've already bailed on the tablet last year and couldn't be happier with my iPad. My girlfriend's basic iPhone 6 runs circles around my Samsung Galaxy S4, which is something like 20 months old. Google's 18 month old Nexus is even worse than my S4. Also, having used both app stores, holy crap does Google Play suck and the apps are generally inferior if they're from anything but the biggest companies. This is not shocking for fairly obvious reasons, which can be easily googled (oh the irony), so yes I'm handwaving and calling it okay in this instance.

So screw it, I'll keep running my linux desktops, but I'm done with Android.