When Google announced Android Lollipop, one of the most important features for customers in the post-Edward Snowden era was hardware encryption enabled by default. Put simply, on first-boot your personal data would be kept far safer on your personal device. Unfortunately, it looks like default hardware encryption in Lollipop is a nice-to-have, not a must-have, and many Android phone vendors have simply decided to keep it off. From Ars Technica:
A little over three months after Lollipop's release, we're finally beginning to see new devices from third parties. One is the second-generation Moto E. Its userdata partition is not encrypted by default. Ars Reviews Editor Ron Amadeo tells me that new Galaxy S6 demo units at Mobile World Congress aren't encrypted by default either.We asked both Motorola and Google about this, and we eventually discovered what was going on. The latest version of the Android Compatibility Definition document (PDF), the guidelines OEMs must follow to create Google-approved Lollipop devices, includes a subtle change in policy.
The reason seems to be architectural:
Google wisely no longer mandates full disk encryption for new Android 5.0 devices. Many devices do not have hardware-accelerated crypto.Google wisely no longer mandates full disk encryption for new Android 5.0 devices. Many devices do not have hardware-accelerated crypto.— Canalys (@Canalys) March 2, 2015March 2, 2015
In other words, hardware encryption was wreaking havoc with Android read/write performance on those phones, so it was turned off. Jerry Hildrenbrand, writing for Android Central:
Interestingly, Google is not using the Qualcomm hardware cryptographic engine in AOSP or for the Nexus 6. This is inefficient as it forces CPU-based encryption and decryption during disk I/O (likely at every 512 byte interval) versus using Qualcomm's hardware-based performance features. We're not going to second guess why this is done, but know that OEMs are free to implement it as they like. We hope they will.
That's what, apparently, led to complaints about the Nexus 6 performance as well. Hardware encryption can still be turned on for all Android phones running Lollipop — now estimated to be 3.3% of devices — but absent hardware acceleration or manufacturers upgrading to faster media to make up for the encryption overhead, doing so will likewise negatively affect performance. It's also arguable whether or not everyone who could benefit from it will know they can turn it on.
By contrast, Apple has supported hardware encryption in every iPhone since the iPhone 3GS{.nofollow}. What's more, the iPhone has supported hardware acceleration for AES encryption and SHA1 hashing since iPhone 5s.
It's especially notable that the hardware acceleration comes courtesy of the 64-bit ARMv8 Apple A7 "Cyclone" chipset, which caught the rest of the mobile processor industry flat footed and led some to claim Apple was advancing needlessly fast.
Suffice it to say, iPhone owners enjoying full, accelerated hardware encryption going on two years likely disagree. And it's just one of the many security and privacy benefits of switching to iPhone.
Whether you need hardware encryption — or full disk encryption as it's sometimes called — is a matter of some debate. For iPhone owners, you have it whether you need it or not. And make no mistake, that's a good thing.
For Android owners, I'll again point you to Jerry's excellent explainer on Android Central:
Plenty of us will find full disk encryption useful. If you have sensitive information that you never, ever want to fall into the wrong hands on your phone, FDE is a godsend. For someone to get into your data, they must know your device password. No amount of fiddling over a wire is going to let them break in, and provided you used a strong password, your data is safe because after a handful of wrong guesses, everything goes on lockdown.For others, just the standard lock screen security will enough. If we lose a phone, we can remotely wipe it via Android Device Manager or another utility, and if someone is able to go offline before we can wipe, then get lucky enough to bypass our lock screen password (it can happen), all they get is a few pictures and Google account access that we can quickly change a password on.There also is the whole government snooping issue to think about. While most of us don't have a reason to fear any consequences for what we have stored on our phones, we still deserve a bit of privacy and protection when our personal data is concerned. Full disk encryption gets us closer to keeping our data secure from government agencies who think they need to see it.
