Affiliate links on Android Authority may earn us a commission. Learn more.
Google no longer requiring OEMs to encrypt Lollipop-running devices by default (updated)
Update: In a statement issued to Engadget, Google explained that they did in fact drop the requirement for default encryption because of “performance issues”. You can read Google’s full statement after the original post.
Original post: Back when Google introduced Android 5.0 Lollipop, it made headlines for seemingly all the right reasons. Among the huge visual overhaul and the switch to the new ART runtime, Google announced that new devices running Lollipop would need to be encrypted by default. It seemed as though everyone was singing Google’s praises as this meant in the future, Android as a whole would be, essentially, much more secure. But Google seems to be changing their minds on this whole matter, as the company is now not requiring OEMs to encrypt devices by default.
Encryption by default isn’t dead in the water, though. Google has plans to relaunch this feature in a future update to the OS. According to the Android 5.0 Compatibility Definition, the rules have changed from being required to encrypt by default, to just being very strongly recommended.
9.9. Full-Disk Encryption:
If the device implementation has a lock screen, the device MUST support full-disk encryption of the application private data, (/datapartition) as well as the SD card partition if it is a permanent, non-removable part of the device [Resources, 107]. For devices supporting full-disk encryption, the full-disk encryption SHOULD be enabled all the time after the user has completed the out-of-box experience. While this requirement is stated as SHOULD for this version of the Android platform, it is very strongly RECOMMENDED as we expect this to change to MUST in the future versions of Android.
This wasn’t the case with Google’s initial release of the update, though. The Nexus 6 and Nexus 9 devices both had encryption turned on by default when the launched. Alternatively, the demo models of the Samsung Galaxy S6 and HTC One M9 handsets at MWC didn’t have encryption turned on, and neither does Motorola’s Moto E (2nd Gen.) handset.
So, what changed? Perhaps we need to look back to November, when a few folks decided to run benchmarks on Google’s Nexus 6. It turns out, having a device with encryption turned on by default causes significant performance issues compared to one without it turned on. We obviously have a problem on our hands, and perhaps Google released this feature too early.
Ars Technica guesses that Google isn’t enabling encryption by default anymore in order to give OEMs ample time to plan for the change. The problems caused by performance can obviously be countered by updated processors, faster flash memory, and more.
No matter the reasoning, there’s no need to worry. If you’re planning on getting a new device running Lollipop in the near future, you can still turn encryption on manually. We’ll be sure to let you know when Google reverts back to its original default encryption methods.
From Google: In September, we announced that all new Android Lollipop devices would be encrypted by default. Due to performance issues on some Android partner devices we are not yet at encryption by default on every new Lollipop device. That said, our new Nexus devices are encrypted by default and Android users (Jelly Bean and above) have the option to encrypt the data on their devices in Settings —> Security — >Encryption. We remain firmly committed to encryption because it helps keep users safe and secure on the web.