Benchmarks show effect of device encryption on Nexus 6 performance

by: Bogdan PetrovanNovember 20, 2014
797

nexus 6 review aa (8 of 14)

Nexus devices shipping with Lollipop have full device encryption turned on by default. That’s great from a privacy point of view, but the downside is encryption takes its toll on performance, as benchmarks from AnandTech and direct observations show.

Background

A bit of background: Google has first included the ability to fully encrypt a device on Honeycomb. But that was optional, and most users weren’t even aware of it. However, following the NSA revelations and the growing public awareness of digital privacy issues, Google decided to enable device encryption by default on devices shipping with Lollipop.

Starting with Lollipop, all the data on the device is encrypted by default (with a default password when no password is set, and using the user’s PIN/password/patterns when those are set.) This means the processor must do a bit of extra work each time data is written (encrypted) or read from storage (decrypted).

According to benchmarks ran by AnandTech’s Brandon Chester and Joshua Ho the impact of all those cryptographic operations is quite significant. The two ran a benchmark called AndEBench, that is designed to test storage read/write performance, on the Nexus 6 with encryption on (default state), on a modified Nexus 6 with encryption off, as well as on Nexus 5 with Lollipop and Nexus 5 with KitKat.

anandtech device encryption

The difference between the Nexus 6’s storage performance with encryption on and off is massive

The difference between the Nexus 6’s storage performance with encryption on and off is massive: the benchmarks show drops of 62.9% (random read performance), 50.5% (random write performance, and 80.7% (sequential read performance) between the unencrypted Nexus 6 and the encrypted Nexus 6.

To be clear, these benchmarks are specific for storage performance and real life performance is affected by other factors as well. Nevertheless, this performance hit could be noticeable in some cases, especially when the phone works with a lot of data.

Note that when you update to Lollipop, the encryption state remains unchanged, so you shouldn’t worry about it if you’ve just got your OTA on the Nexus 5.

Also worth noting is that this issue affects even users who don’t set a password, PIN, or pattern on their device. That’s because data, as per Google, is encrypted with a default password on first boot, and setting a password simply encrypts the original encryption key.

So what can you do?

There are instructions on XDA that allow you to turn off encryption on a Nexus 6. It involves a bit of work, but if you’re worried about the impact of encryption on your device or just want to have the fastest device possible, it may be worth a look.

Some users on XDA and Reddit are reporting that the change made a noticeable difference for them. As one Redditor put it: “I honestly didn’t think it was that slow before, but seriously, it’s screaming now” (though there could be a placebo component to reports like this one.)

Turning off encryption may also improve battery life, by reducing the workload on the processor.

Keep in mind however that this may not be the cure to the lag/stutter that some Nexus 6 users have reported. AnandTech’s Brandon Chester tested an unencrypted Nexus 6 and he still noticed lag occurring.

Depending on your device, you may not see this issue at all: the Nexus 9 for instance is powered by a different processor and may not behave the same.

Should you even disable encryption?

If you truly care about privacy, it’s probably better and easier to leave your device as is. If you worry about an attacker (be it someone who found your phone, a “commercial” hacker, or a state entity) accessing your private data, an unmodified Nexus 6 with a long password provides the best protection.

If you never secure your device with a PIN, password, or pattern, you’re exposed anyway. If that’s the case, or if you simply don’t care about anyone gaining access to your device data, disabling encryption could result in a better experience. But keep in mind that your results may vary. Plus, there’s a chance a future update will fix these issues.

  • Alicemad

    Whatever good they did to speed and performance with ART they took it back with the silly encryption. Encryption by “default” but without any password is not a real encryption thus is useless. Apple has encryption too but there its different and it does not affect the performance at all. They use a separate encryption chip. The best solution would be to make encryption optional and put a toggle so we can remove it.

    • guest qwe

      The S805 has built in hardware encryption AFAIK. . . of course, google chose not to use it, clearly, and went with a very dumb implementation.

      • Andrew T Roach

        Who says this isn’t the S805 encryption? The encryption is still performed by the SoC.

        The issue is using the main SoC to encrypt. It slows everything down. Apple’s separate encryption chip is a more elegant, and obviously more effective solution.

        • guest qwe

          From what I’ve read on XDA, that’s who says :p

    • A.C. Smith

      This isn’t exactly true. Apple uses the separate encryption chip as a hardware middleman to store the devices unique key for fast wiping procedures (just clearing the flash) which renders the data useless IF you had already implemented a device password for data protection. This is why it took so long to get it’s FIPS 140-2 validation for use in government spaces.

      Enabling the password on Apple turns on your data protection features; and there is certainly a difference in speed albeit not very noticeable. If you never enable the password on your iOS device, your data will be accessible during possible recover efforts. The encryption on the Android L side of the house has data-protection enabled whether you create a password on it or not; so it doesn’t make the encryption any less real it just means the data is accessible on the device immediately. If the data on the device is wiped, a recovery option sans the default password is still going to be protected from possible restoration.

  • Andrew T Roach

    iOS 8 has always on encryption, but it doesn’t cripple the storage performance.

    Storage performance has a big effect on snap responsiveness and overall fluidity.

    Until Google can present a solution without significant drawbacks, it should be disabled by default.

    • Rickrau5

      Nor does it cripple on Android, but it does slow iOS, just not as bad thanks to 64 bit encryption

  • guest qwe

    I’m still mind-blown at how google could possibly implement such a poorly thought out way of doing encryption. . . gobsmacked!

    and I don’t want to hear the “open-source” argument. . . doesn’t cut it.

    • Did they ever implemented something in a richly thought way?

      • guest qwe

        Live wallpapers?

  • Roberto Tomás

    on the nexus 6 you can definitely see the difference there .. but a year from now newer devices will probably be up in the range of the nexus 5 there in the chart .. and it won’t matter any more

    • tiagoSi

      but, that’s stupid, because it could be much faster. And ios will be much faster, loading apps and games, and boot time.

      • Roberto Tomás

        its not stupid … adding a necessary layer of protection that makes a system less usable has pluses and minuses to weigh. but adding that layer of protection when it doesn’t make the system less usable is a no-brainer.

        • tiagoSi

          Yes it stupid, because only Google amauterish is making the OS slow.

          iOS is not any slower because of encryption.

          Also Windows support hardware SSD bitlocker encryption with no penalty at all…

          http://www.anandtech.com/show/6891/hardware-accelerated-bitlocker-encryption-microsoft-windows-8-edrive-investigated-with-crucial-m500

          • Roberto Tomás

            I think you are looking for a different adjective. It is one thing if you disagree with the decision with the NAND hardware currently .. or if you disagree with me about it eventually making sense .. but it is just ignorant of you to keep coming back yelling “it’s stupid!” I”it’s stupid!””
            … no but really .. it’s stupid to do that.

          • tiagoSi

            ok it’s perfect. iOS and Windows have hardware encryption with no slowdown at all. Google have an incredible penalty time implementation. So it’s perfect implementation from Google. Take the bike.

          • tiagoSi

            what i am saying is that to me, Google should worked better their implementation. There’s no excuse for a company like Google.
            At least make encryption optional until it handles encryption implementation correctly.

          • Roberto Tomás

            now that makes sense .. but android is really the open source platform.. it can change :) not only are we getting vnand and sub 20nm nands soon, but maybe improved software as well

  • s2weden2000

    That’s right!

  • Eric Climaco

    If this is a “software” fix then this should become a non-issue, if in fact that moto/lenova/google decided to use low end NAND…there will be no fix. Curious if the reviewers were using the latest build release. I know there was a very recent OTA to rectify some gremlins. I’m still interested in the “unicorn”, but there are too many uncertainties at the moment.

    • gilahacker

      It’s software-based encryption, so it’s *possible* they could improve storage performance via a software update. Now, if Motorola had built the phone with a processor that included built-in hardware-based encryption* this would be a non-issue and the only concern would be the quality of the NAND.

      *Supposedly the Snapdragon chipsets coming out next year will have hardware-based encryption. I was told this by a friend who’s been researching this stuff, so please take it with the requisite grain of salt.

  • Captain jack

    They put the best hardware in latest nexus but this encryption thing took back everything in terms of speed..

  • Jim McPartland

    So were the Android Authority Nexus 6 reviews done last week (or two weeks ago) with the encryption on??

    • Joeye12

      Yes they were.

  • Guest

    So, can you disable the encryption? Can´t check it myself, still waiting for OTA on Nexus 7 2013…

    • ReturnOfTheMack

      Devices that force encryption and enable it by default are only those that launched with Android 5.0, so just the N6 and N9.

      Of course it’s still available on other devices should you want/need it.

    • Alex

      “Note that when you update to Lollipop, the encryption state remains unchanged, so you shouldn’t worry about it if you’ve just got your OTA on the Nexus 5.”

      From the article. So it’s only forced enabled on devices that ship with Lolipop, or if you do a clean flash of it. OTA’s won’t alter the encryption state, so if you have it disabled before the OTA, you should have lolipop with encryption disabled after the OTA.

  • philosopher_Mk

    Android is laggy…..again.

    • hohopig

      :P right … do you even know the subject matter that was discussed here? :P Obviously not.

      • philosopher_Mk

        I am frustrated to,believe me, I am waiting for non laggy android for years.

        • Nexus Ninja

          i had a non laggy android years ago. Try out an android phone every 5 years or so.

  • Karly Johnston

    This isn’t it a problem with 64 bit encryption coupled with high caching availability. Blame this on the low cache 32 bit cores of the 805, this isn’t an issue on ARMv8 chips.

  • John-Phillip Saayman

    This sucks. Now you can’t have a fast phone. Unless of course it gets fixed. Maybe we should make more noise about it. A software update might do the trick. Or a toggle.

    • sacredjunk

      or you could just disable the encryption?

      • John-Phillip Saayman

        Yeah but it’s not like it super easy or without risk. It requires root and flashing. And each new update to lollipop will enable the encryption again.

  • Jason Grima

    Does anyone know if this is an issue on the Nexus 9? I mean, the Nexus 9 definitely has encryption by default, has anyone tested if the encryption is a costly on the storage performance?

  • Alex Ohannes

    All I can say is, I told everyone so. But noooooooooo, nobody listens. They don’t want a government computer looking at a bit if their personal data, but they’re ready to shovel their info over to Google. Yes, I trust my information in Google’s hands a lot more than I trust it in the government’s hands, but so far, there has been no real incident that has happened because if the NSA’s data collection. The controversy now is that they aren’t doing enough with the data they collect.

    Everyone’s afraid of their own shadow, and this is why we can’t have really nice things.

  • tiger

    Don’t forget this tidbit:

    “Unfortunately, I haven’t noticed any improvements to many of the areas where there are significant frame rate issues such as Messenger and Calendar. *****I speculated in the Nexus 6 review that the performance issues may simply be the result of insufficient GPU performance or memory bandwidth to drive the QHD display******.”

    WTF?! When will Android OEMs (and Google apparently) learn?! Pure marketing has come back to bite Android in the arse…over and over again.

    Add FDE to this laggy crap…and you get full Android experience…as Nexus 6 and 9 have shown in full glory! Congrats Google. Good job! NOT.

    • Rickrau5

      Hey buddy relax. Want a cookie?

  • SAM

    Wow.. People here are screaming as if nexus6 is the slowest device out there when its the fastest! Until this post everybody had the notion of nexus 6 being most responsive and suddenly the reverse.! With encryption off it is just more faster!

  • crutchcorn

    This is sad to see. I want to see a way to disable this. :( Or, as @Alicemad:disqus said, just add it as an option and have OEMS start adding chips

    • tiger

      They can’t do that…why? Google wants this feature permanent to advertised to the business world that it can trust Android. iOS has been dominating business world due to its security and privacy features. Leaving encryption as optional is a big shot in the foot for Android.

      • crutchcorn

        I suppose, but there can be differences between personal and buisness… At lease make it an advance setting which can be disablable on work versions… IDK, the lease they could’ve done is add an encryption chip on the Nexus to pave the way for other OEMs….

        • tiger

          But Google does not make the device nor make the processor. This clearly separates iOS from Android. iOS designs software, chip, and device.

          • crutchcorn

            Yes, thank you for reminding me something I am well aware of. Who makes Apple’s chips? *cough*Sammy*cough* At any rate, they at lease have say in the device

          • tiger

            Samsung is the workhorse…or at least nowadays, it is TSMC (not Samsung). Apple design the thing. Samsung just makes it blindly. Why do you think it is taking Samsung over one year to come out with ARMv8 (64-bit) chip? And Samsung chip is based on generic ARM cores, not custom design like Apple.

            Do you think Qualcomm makes the Snapdragon chips themselves? No, it is their design…they let someone else make it.

            Does Samsung has a say in Qualcomm designing the chip? No. Does Sony or HTC have a say? No.

            This is Android biggest issue. Everyone do their thing without much discussion…throw parts together and pray that it works. Individually, the parts may look great…like QHD displays…but then you pair it with chips that can’t run it smoothly without overheating! Or pair it with software that is not ready for it. You get my point.

          • crutchcorn

            I get your point and there does need to be a certain fix to this… IDK, I just don’t see why this can’t be done when it’s obviously out there

  • tiger

    Turn off encryption you guys say? Google can’t do that…why? Google wants this feature permanent to advertised to the business world that it can trust Android. iOS has been dominating business world due to its security and privacy features. Leaving encryption as optional is a big shot in the foot for Android and its ambition to become a business tool.

    This is what happens when Google designs only the software…and lets someone else design the phone…and lets yet another design the processor.

    iOS vertical integration all of a sudden makes damn good sense….

  • Billy

    I have no encryption performance issues with Nexus 5 just upgraded to Android 5.0.

  • ziplock9000

    Of course it has an effect, what IT background does the poster have?

  • Albin

    Something else to think about for all the folks with older devices antsy to upgrade to Lollipop. I turned of the nags on my Jellybean tablet to upgrade it to KitKat, because of the microSD crippling. LP is supposed to reverse that so I’ve been interested again, but not forcing encryption on a two year old device or monkeying with workarounds. Very few users need more than an encrypted folder or two to protect confidential data.

  • Umair Mahmood

    What If I factory reset my Nexus 5 after updating to latest Lollipop 5.0? Will it turn on Encryption on Nexus 5 by default? and then there will be no toggle in Nexus 5 also to disable it?

  • Dying_in_this_Crap_World

    show this vs. galaxy s6 so we can compare