Google quietly backs away from encrypting new Lollipop devices by default [Updated]

Last year, Google made headlines when it revealed that its next version of Android would require full-disk encryption on all new phones. Older versions of Android had supported optional disk encryption, but Android 5.0 Lollipop would make it a standard feature.

But we're starting to see new Lollipop phones from Google's partners, and they aren't encrypted by default, contradicting Google's previous statements. At some point between the original announcement in September of 2014 and the publication of the Android 5.0 hardware requirements in January of 2015, Google apparently decided to relax the requirement, pushing it off to some future version of Android. Here's the timeline of events.

Loud announcement, quiet backtracking

Google's decision to encrypt new Lollipop devices by default was reported widely, in both tech-focused and mainstream publications.

“For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement,” Google spokeswoman Niki Christoff told The Washington Post in September. “As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on.”

Google reaffirmed the statement in an October blog post about Lollipop's security features. Encryption of the userdata partition would occur "at first boot," and it would be "on by default from the moment you power on a new device running Lollipop."

For a while, the only new devices we had that ran Lollipop were Google's own Nexus 6 and Nexus 9, both of which were indeed encrypted by default. Older devices that were upgraded to Lollipop—a number of older Nexus devices, the 2014 Moto G, and a handful of others—didn't enable encryption by default, even when you performed a full reset of the phone. This made some amount of sense; suddenly encrypting devices that weren't designed with encryption in mind could impact performance and cause complaints.

A little over three months after Lollipop's release, we're finally beginning to see new devices from third parties. One is the second-generation Moto E. Its userdata partition is not encrypted by default. Ars Reviews Editor Ron Amadeo tells me that new Galaxy S6 demo units at Mobile World Congress aren't encrypted by default either.

We asked both Motorola and Google about this, and we eventually discovered what was going on. The latest version of the Android Compatibility Definition document (PDF), the guidelines OEMs must follow to create Google-approved Lollipop devices, includes a subtle change in policy. Here's the relevant passage, emphasis Google's:

9.9 Full-Disk Encryption 

If the device implementation has a lock screen, the device MUST support full-disk encryption of the application private data (/data patition) as well as the SD card partition if it is a permanent, non-removable part of the device. For devices supporting full-disk encryption, the full-disk encryption SHOULD be enabled all the time after the user has completed the out-of-box experience. While this requirement is stated as SHOULD for this version of the Android platform, it is very strongly RECOMMENDED as we expect this to change to MUST in the future versions of Android.

In short, devices are required to support encryption, but it's still up to OEMs to actually enable it; this is exactly what Google was doing in KitKat and older versions (PDF, see section 9.9). Full-disk encryption is expected to become a requirement in some future Android version, but it remains optional in Lollipop despite Google's earlier statements.

What happened?

We've asked Google why it relaxed that requirement after publicizing it so prominently, but the company hasn't responded to our inquiry as of this writing. We'll publish an update if it does.

Here's what we think is most likely. Lollipop's encryption requirement made headlines again in November, this time because it had a huge impact on the new Nexus 6's performance. Our review of the Nexus 6 showed that the new phone could be slower than the old Nexus 5 in certain tasks, and AnandTech supplied additional numbers that showed just how severe the performance impact was.

Those reports were circulated pretty widely—Google "Lollipop encryption" and stories about the slowdown dominate the first page. By the time the compatibility definition document was updated in January, full-disk encryption was no longer a required feature.

Our best guess at this point is that the encrypted-by-default requirement was relaxed to give OEMs more time to prepare their hardware for the transition. The performance problems can be offset by using faster flash memory, faster file systems like F2FS, and chips that are better at encrypting and decrypting data quickly, but phones and tablets take long enough to design that OEMs will need time to make these changes. Whether the change in policy was prompted by external pressure or an internal decision isn't clear, but the performance explanation makes the most logical sense.

If you want encryption on your Android phone now, you'll still have to enable it yourself. Unfortunately, even though this compatibility document was published over a month ago, most publications and Android users still believe that Lollipop will encrypt their devices by default. Google needs to make it clear that it has changed its policy.

Update: In a statement to Engadget, Google confirmed that "performance issues on some partner devices" is to blame for the backtracking. The company said it would continue encrypting Nexus devices by default, and that Google remains "firmly committed to encryption because it helps keep users safe and secure on the web."