Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Spotty Android encryption is the story behind the story of Apple’s battle with the FBI

Macworld Staff | June 22, 2016
Google CEO Sundar Pichai voiced his support for Apple and for strong and safe encryption, but he didn’t give specifics on how Google would deal with this situation if it were in Apple’s shoes.

Savvy Android users know that Apple's face-to-face with the FBI is only the beginning of the phone-encryption furore. Google CEO Sundar Pichai voiced his support for Apple and for strong and safe encryption, but he didn't give specifics on how Google would deal with this situation if it were in Apple's shoes.

That's because if Syed Rizwan Farook, the San Bernardino shooter, had been using an older Android smartphone, we probably wouldn't be having this discussion.

Encryption has so far lost out to openness in the Android ecosystem. It's been supported since version 4.0 (KitKat), and the latest iterations of Google's own Nexus devices have encryption on by default, but the rest of Android has been slower on the uptake, especially internationally.

"Android is different because the entire ecosystem is fragmented," explains Mike Murray, VP of security research at Lookout. "The version of Android that Samsung installs on their phone is different than the version that Google installs on their phone and it's way different than the third party aftermarket vendor who's building low-end phones in India or China."

It's those smaller manufacturers making budget devices that have especially stymied Google. They fear that onboarding mandatory encryption will hamper their phones' performance; for example, lower-end processors can struggle with the encrypt-and-decrypt process. But as standards for processors improve, there's little reason why encryption could not become the norm when you got a new smartphone.

So many Android phones, so little encryption

Google tried again, making encryption mandatory across the board late last year with Android 6.0 Marshmallow. But there's another flaw in this plan: only 4.6 percent of the Android landscape is running Marshmallow (as of this writing), and the compulsory encryption rule applies only to new phones running 6.0, not older phones that have been upgraded (it's optional in that case). Once again, Android is a patchwork.

On-by-default makes a huge difference in how a person uses a device or an app. Typically, people don't change the settings much unless they have something specific in mind. By having encryption off by default, a large number of users likely remain unencrypted and oblivious of their vulnerability.

"Every company manufacturing devices that store sensitive data should be using full disk encryption by default," says Evan Greer, campaign director Fight for the Future, which staged rallies in support of Apple. She added that corporations need to shoulder more of the responsibility in encrypting devices. "We need to build a movement to hold companies accountable and demand that they do everything technologically possible to protect our private information from hackers, and from illegal government surveillance."

Google's commitment to privacy is regularly challenged, whether it's in the company's expansive use of user data, or more specifically in a Manhattan DA report that claimed Google could remotely access most Android phones.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.