New Androids will encrypt your data just like iPhones

News by Thurstan Johnston

Google has promised that the next generation of Android phones will automatically encrypt data - preventing police and other agencies snooping on their users.

The pledge was made just hours after arch-rival Apple announced on Wednesday that it has introduced the same data encryption by default on iPhones as part of its new iOS 8 operating system, with even Apple itself unable to access the data.

But the Android change will only come into effect with the next version ‘L' of the operating system, which is predicted to start shipping next month - and only then on the phones that run that latest version of the OS.

Google said it has provided optional encryption on Android devices since 2011, but this relies on users activating the option. Now it will happen automatically, with only the password holder being able to access any data held on the phone.

A Google spokesperson confirmed: “For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement.

“As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on.”

The twin moves by Android and Apple are in response to people's increased concerns over the privacy of their data, in the wake of the Snowden revelations of mass surveillance by US and UK intelligence agencies.

They also come after the ‘Celebgate' leaking of nude celebrity photos through security gaps in the Apple iCloud storage service.

The upgrades mean it will be harder for law enforcement agencies to access data from the mobile phones in question, even if they have a valid search warrant.

Other US tech firms have been publicly trying to protect the privacy of their customers' data. Microsoft is currently fighting a court battle against a US Government search warrant to access the email data of one of its customers held in its data centre in Dublin.

The changes have been welcomed by security and privacy experts.

Speaking to SC via email, Mark James, a security specialist at ESET, said: “It is a fantastic move to include encryption by default on mobile devices. All too often when security is available, but not by default, the end user is not only unaware that it exists, but anxious about enabling it in case something goes wrong.

“Making it default in the very core of the operating system is a better way of integrating it.”

But James pointed out the advantage Apple has over Google in making the extra security available across all devices.

“In this instance it enables Google to catch up to Apple and offer its protection on the newer L-release of their software. Sadly, unlike Apple, they will struggle getting that encryption out to all their older devices.

“With iOS 8 it's going to be compatible from the 4S upwards, and most users of Apple iPhones like to keep up-to-date with the latest iOS.

“With Google this causes a problem. A lot of the Android phones will not be compatible with the new release, so if you want the latest protection you will have to upgrade your phone.”

James also warned that the extra security may come at a price.

“This will possibly restrict our ability to retrieve any data stored on the device if we lose our PIN codes or security methods to unlock the phone,” he told SC.

“Users must also remember that just because their device is encrypted, does not mean their private information is completely protected.

“Users should be mindful of where they store their backups and how their device keeps copies of their data in the cloud.

“Using good secure passwords and two-factor authentication where possible will help. However, more importantly if a user doesn't want their data to be available on the internet, then they should not store it on their phone.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews