We are reader supported. External links may earn us a commission.


Google stands its ground with Android Marshmallow full-disk encryption requirement

By Stephen Schenck October 19, 2015, 3:42 pm
Android Encryption

Google’s been taking serious steps to make Android a secure computing experience for ages now, and with last year’s release of Android Lollipop, the company took one of its boldest stances to date: devices shipping with Android 5.0 were required to take advantage of the platform’s full-disk encryption, securing user data even in the case of loss or theft. And while that may have been an admirable goal, it wasn’t long before pressure (presumably from OEMs) forced Google to back down: earlier this year we saw the company admit that the performance trade-off inherent in encrypting and decrypting all the data going on and off device storage was sometimes just too severe to make encryption mandatory, and it remained an optional feature … for the time. Now that Marshmallow’s here, Google’s revisiting the topic, and while there are still exceptions, the company’s taking a much firmer stance that will see encryption mandated on most Android hardware.


In the latest version of its Android Compatibility Definition document, Google pulls out the big guns: unless a Marshmallow-running device is specifically exempt due to having low RAM or fails to meet a formally defined encryption throughput target (50MB a second), manufacturers are required to enable encryption, out of the box.

This doesn’t affect phones and tablets which previously launched with Lollipop or earlier, and will only upgrade to Marshmallow, but from the next crop of hardware – devices which will run Marshmallow from day one – manufacturers have no choice but to force users to encrypt.

By and large, that’s very much a good thing, as it can be difficult to convince users to accept trade-offs (however small) to keep their data more secure, and removing user (to say nothing of manufacturer) choice from the equation should help see adoption rates seriously improve.

Then again, there’s also something to be said for giving informed users the choice to opt-out, which sounds like it won’t be happening going forward. If you’ve got an “indoor” tablet that lives in your nightstand or on your coffee table, there’s a fair case to be made for why mandatory encryption is just hurting performance with no tangible security gain. Still, this is the route Google’s going, so we’d better get used to it.

Source: Google (PDF)
Via: Android Police


Latest Articles


How to skip CAPTCHAs with iOS 16?

In this article, we will explore how Apple aims to avoid CAPTCHAs and the settings you must have configured on your iPhone to ensure you're ready to breeze past any puzzles.

By Aryan Suren June 26, 2022, 4:00 pm

iPad Pro 2022: Everything we know so far!

It is expected that before the end of 2022, we may have the chance to see the next generation of iPad Pro, and in this article, we've compiled all the information that's currently available about these upcoming tablets.

By Aryan Suren June 26, 2022, 10:30 am