Google relaxes mandatory encryption requirement for Android Lollipop devices

Android Lollipop smartphone mobile
Credit: Florence Ion

Google has quietly backed away from a pledge that new Android devices running Lollipop would have full-disk encryption enabled by default. 

According to an Ars Technica report, multiple devices are shipping without the encryption enabled by default, like the new Moto E. A subtle change has been introduced to Android's documented encryption requirements, stating that it's "very strongly recommended, as we expect this to change to must in the future versions of Android." (See section 9.9 of the linked PDF.)

This indicates that Google still intends to make device encryption a requirement at some point, but there is some kind of engineering issue that makes the company feel it can't force all its hardware partners to get on board. 

Testing from AnandTech in November showed that encryption devastated the Nexus 6's storage performance, with encrypted devices being anywhere from 50.5 to 80.7 percent slower than an unencrypted Nexus 6, depending on what was being measured. That sort of performance drop-off may have spurred Google's softened stance on device encryption, at least for now.

We'll keep an eye on all the new phones coming out of Mobile World Congress and elsewhere this year to see how this plays out.

Why this matters: Device encryption is an important security matter, especially in the post-Snowden era, and it's disappointing to see Google backtrack on this. At the very least the Android documentation indicates the company is still committed to making this happen, as full-disk encryption protects your data from unauthorized entry by hacking or other government agencies. It also makes it unreadable when it's time to sell off your phone for the latest and greatest device.

View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies