Default Storage Encryption Remains Optional In Lollipop Until Future Android Version

[Guest]

Google's Android compatibility policies give away the fact that Android Lollipop default storage encryption is in fact optional, not mandatory as Google had everyone believe.

Default Storage Encryption Remains Optional In Lollipop Until Future Android Version : Read more

 

[house70]

Both my Nexus 6 and Nexus 9 are left encrypted by default. While there are some benchmarks that would imply a lower performance due to encryption, I have yet to see an objective report regarding impact in everyday usage and performance, i.e. nobody has come forward claiming that their device takes 15 ms to open an app while encrypted, while it takes only 10 ms to do it without encryption. Benchmarks are just that, and they do not reflect real life performance. Both my devices run perfectly to my naked eye and I prefer the added security of encryption. IMO, the sheer number of opened apps have a far greater impact on day-to-day performance than encryption.

 

[Solandri]

One annoying thing with this policy is that it treats internal storage and the microSD card the same. That is, if you encrypt internal storage, you must also encrypt the microSD card. Which makes it useless for transferring files between the device and your computer.

My friend had been hoping to use his microSD card to transfer photos and movies he took with his phone to his computer. His workplace mandates that the phone have encryption turned on however, which effectively turned the microSD card into nothing more than extra internal storage. There's no option to encrypt one but not the other.

I understand encrypted internal storage + unencrypted microSD has the potential for secured data to be copied to the microSD card. But even with the forced encryption, you can still transfer secured data to a (unencrypted) cloud data service (which is how he's transferring his photos and movies). So I don't really see what's being gained by forcing the microSD card to also be encrypted.

 

[koga73]

I'm all in favor of encryption however there needs to be a way to decrypt the storage device from a PC. My last phone was encrypted and when I broke the screen I was unable to decrypt the device... and when plugging the device into a PC the internal storage doesn't get mounted because it hasn't been decrypted yet. So I ended up losing everything on it

 

[Peter Cockerell]

No, it's not an annoying part of this policy, which states clearly that the SD drive only needs to be encryptable (not encrypted, as yet) if it's non-removable (i.e. the "emulated" partition). It doesn't refer to removable SD cards. Your friend is subject to his employer's policy, probably communicated via an ActiveSync Provision command specifying the RequireStorageCardEncryption policy, enforced by Device Administrator, or some equivalent policy enforcement. This is different from what Google is mandating.

 

[dmb77]

Does that mean the FBI and other government agencies will be unable to retrieve data as well? That doesn't sound good.

 

[house70]

Does that mean the FBI and other government agencies will be unable to retrieve data as well? That doesn't sound good.

Yep, doesn't sound good... sounds excellent.