Google Not Requiring Manufacturers To Turn On Android Lollipop Encryption By Default

Google has apparently left it on smartphone manufacturers to turn on/off Android Lollipop Encryption if they so wish, retracting from its original pledge which required full-disk encryption to be enabled by default.

In September 2014, Google had pledged that OEMs whose devices ran on the latest Android 5.0 Lollipop would be required to enable full-disk encryption. While older Android operating systems offered support for the feature, Android 5.0 Lollipop would make it common place.

However, per an Ars Techina report, a number of new devices that come with Google's latest OS are shipping without default encryption being enabled. These devices include the Moto E, as well as the demo units of the Samsung Galaxy S6 on display at the MWC 2015.

Apparently, between Google's initial announcement and its publishing of the hardware requirements for Android Lollipop in January this year, the company chose to ease the requirements, shifting the measures to a future Android version instead.

"If the device implementation has a lock screen, the device MUST support full-disk encryption of the application private data (/data partition) as well as the SD card partition if it is a permanent, non-removable part of the device. For devices supporting full-disk encryption, the full-disk encryption SHOULD be enabled all the time after the user has completed the out-of-box experience. While this requirement is stated as SHOULD for this version of the Android platform, it is very strongly RECOMMENDED as we expect this to change to MUST in the future versions of Android," notes Google's section 9.9 in the Android Compatibility Program.

So basically, Google now requires that devices running Android 5.0 Lollipop need not necessarily require encryption, but should support the ability. Google's Nexus 6 and Nexus 9 devices, however, have it on default.

The Google document, however, does not reveal why OEMs have the option of leaving the full-disk encryption off for the time being.

Perhaps Google's change of heart may be influenced by the U.S. government's opposition of such action by tech companies as it could possibly hamper investigations that are often time sensitive. Full-disk encryption basically scrambles data and guards it against illegal breaches such as hacks or monitoring by government organizations.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics