Google stands its ground with Android Marshmallow full-disk encryption requirement

Google’s been taking serious steps to make Android a secure computing experience for ages now, and with last year’s release of Android Lollipop, the company took one of its boldest stances to date: devices shipping with Android 5.0 were required to take advantage of the platform’s full-disk encryption, securing user data even in the case of loss or theft. And while that may have been an admirable goal, it wasn’t long before pressure (presumably from OEMs) forced Google to back down: earlier this year we saw the company admit that the performance trade-off inherent in encrypting and decrypting all the data going on and off device storage was sometimes just too severe to make encryption mandatory, and it remained an optional feature … for the time. Now that Marshmallow’s here, Google’s revisiting the topic, and while there are still exceptions, the company’s taking a much firmer stance that will see encryption mandated on most Android hardware.

In the latest version of its Android Compatibility Definition document, Google pulls out the big guns: unless a Marshmallow-running device is specifically exempt due to having low RAM or fails to meet a formally defined encryption throughput target (50MB a second), manufacturers are required to enable encryption, out of the box.

This doesn’t affect phones and tablets which previously launched with Lollipop or earlier, and will only upgrade to Marshmallow, but from the next crop of hardware – devices which will run Marshmallow from day one – manufacturers have no choice but to force users to encrypt.

By and large, that’s very much a good thing, as it can be difficult to convince users to accept trade-offs (however small) to keep their data more secure, and removing user (to say nothing of manufacturer) choice from the equation should help see adoption rates seriously improve.

Then again, there’s also something to be said for giving informed users the choice to opt-out, which sounds like it won’t be happening going forward. If you’ve got an “indoor” tablet that lives in your nightstand or on your coffee table, there’s a fair case to be made for why mandatory encryption is just hurting performance with no tangible security gain. Still, this is the route Google’s going, so we’d better get used to it.

Source: Google (PDF)
Via: Android Police

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!