Google is enforcing a full-disk encryption in Marshmallow software for its brand new Android phones before the out-of-the box setup. The requirement covers not just those new devices that come with Marshmallow, but also with AES crypto performance above 50MiB-per-second. Google published an Android Compatibility Definition Document regarding the encryption.
ARS Technica noted the status of devices which are exempted from the encryption by default. These include phones and tablets that have older Android versions, without lock screens, and those that have no minimum crypto performance requirements. The exemptions were due to devices that have low-end 32 bit SoCs and lack hardware acceleration for encryption and decryption. In addition, ZD Net noted Google's document which stated, "If a device implementation is already launched on an earlier Android version with full-disk encryption disabled by default, such a device cannot meet the requirement through a system software update and thus MAY be exempted."
Concerning the lock screen, Google said in the Android Police that it is not necessary to set a lockscreen out of the box because manufacturers can secure the encryption through a default passcode. In such case, it is no longer needed to encrypt the disk whenever users decide to secure lockscreen due to the default key. The report also mentioned that Google changed CDD and that it decided to not mandate encryption anymore, but instead, to strongly recommend it. On the other hand, the full-disk encryption has been receiving complaints regarding the reduction of the phone's performance, related report said. Though, there has been little to no complaints about the security benefits of the encryption.
Google has not identified or provided the list of new devices that will have a full-disk encryption by default. Regardless, the decision of Google shall inspire the manufacturers to follow the encryption requirement.
Join the Conversation