Google won't force Android encryption by default (update)

Not too long ago, Mountain View was trumpeting that new gadgets with Lollipop would have encryption turned on by default, but, as Ars Technica reports, that isn't the case. The Nexus 6 handset and Nexus 9 tablet offer it, but third-party devices aren't cropping up with the feature turned on out of the box. Specifically? The new Moto E, with Ars saying that Samsung's Galaxy S6 demo units at Mobile World Congress lack it, as well.

Update: Google has issued a statement about the change, confirming to us that it is the result of "performance issues" on some hardware. The full statement is included after the break.

Well, there's a reason for that and it's outlined in Google's Android Compatibility Program (PDF):

"If the device implementation has a lock screen, the device MUST support full-disk encryption of the application private data (/data partition) as well as the SD card partition if it is a permanent, non-removable part of the device. For devices supporting full-disk encryption, the full-disk encryption SHOULD be enabled all the time after the user has completed the out-of-box experience. While this requirement is stated as SHOULD for this version of the Android platform, it is very strongly RECOMMENDED as we expect this to change to MUST in the future versions of Android."

Essentially, Mountain View isn't requiring OEMs to turn it on right now. Instead it's saying that hardware must support encryption, but activating it is a suggestion that may become mandatory in the future. Ars posits that this likely has more to do with hardware and hits to performance as opposed to any sort of negligence on Google's behalf. This is different than pulling a new phone out of its box and, say, the HDR photo setting not being activated by default, though. The idea behind device encryption being the standard is that everyone's data would be safe, almost automatically, from prying eyes unless your password was compromised. By turning the feature on by default, mobile devices protect their users' privacy without you even having to think about it.

Encryption has come up quite a bit recently, too: The United Kingdom wants to ban communications that it can't eavesdrop on; a student with Asperger's was jailed for six months because he refused to decrypt his computer for law enforcement officials. More or less, encryption is the only way to truly safeguard your data (device manufacturers don't store the decryption password and thus can't divulge it to the authorities), and the world's governments aren't very keen on the idea.

As of iOS 8, much of the data on iPhones is automatically encrypted with the user's passcode, and Blackphone's main selling point is its out-of-the-box support for encrypted communications. Switching to default encryption on all Android devices could take longer as manufacturers play catch-up, but we don't know where the pressure to hold off came from yet. We've contacted Google about its current policy and will update this post should we hear back.


In September, we announced that all new Android Lollipop devices would be encrypted by default. Due to performance issues on some Android partner devices we are not yet at encryption by default on every new Lollipop device. That said, our new Nexus devices are encrypted by default and Android users (Jelly Bean and above) have the option to encrypt the data on their devices in Settings ---> Security --- >Encryption. We remain firmly committed to encryption because it helps keep users safe and secure on the web.