Google reverses its promise to enable encryption by default in Android Lollipop

UPDATED: The search giant will let phone makers decide whether or not to enable encryption-by-default because of performance issues on older devices.
Written by Zack Whittaker, Contributor
(Image: CNET/CBS Interactive)

Phones and tablets running Android "Lollipop" will not have device encryption switched on by default, despite an earlier promise by the software maker.

Ars Technica first reported Monday the company's move to reverse its policy. Although all phones and tablets running Android "Lollipop" will support encryption, it will be the responsibility of the phone or tablet maker to decide how to implement it.

In an email to ZDNet, Google confirmed the decision. Instead, encryption by default will be reserved for "future versions" of the mobile operating system.

Update: A Google spokesperson confirmed the reason in an email was "due to performance issues on some Android partner devices," adding: "We remain firmly committed to encryption because it helps keep users safe and secure on the web."

Although all phones and tablets running Android "Lollipop" will support encryption, it will be the responsibility of the phone or tablet maker in how to implement it.

For now, only Google's-own Nexus 6 phone and Nexus 9 tablet have device encryption enabled by default when the device is first switched on.

Non-Nexus device owners will have to enable the feature manually.

Google made headlines earlier this year after it said it would put the onus of device security in the hands of the phone or tablet owner.

"As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on," Google spokesperson Niki Christoff told The Washington Post in September.

A month later, Google reaffirmed the statement in a blog post, noting that the encryption would happen "at first boot" using an encryption key that "never leaves the device."

Apple was first to announce that the latest version of its mobile operating system iOS 8 would come with device encryption by default.

The decision by Google and Apple to enable encryption by default was slated to be in response to the Edward Snowden leaks; Google and Apple were named (along with many other Silicon Valley tech titans) as successful targets of the intelligence agency's activities.

But older devices upgrading to the new Android operating system, as well as new "Lollipop" devices rolling off the production lines, are not enabling the feature.

Ars Technica said Monday that the Samsung Galaxy S6, which runs the latest Android software, does not come with encryption switched on by default. (We checked the Moto E model which we reviewed late last month, and it also does not come with encryption switched on by default.)

Google did not comment on the record, but did cite its Android Compatibility Definition document, in which the company says encryption "should" be enabled after the device is taken out of the box.

"We expect this to change to 'must' in the future versions of Android," the document says.

It's not clear why the policy was changed. Ars Technica suggests (and cites multiple sources of data) that default device encryption caused severe performance issues. Some users upgrading older Nexus devices warned of "unusable" devices following the upgrade to the pre-release Android "Lollipop" software.

Editorial standards