In a report published in the Wall Street Journal, security experts estimated that “fewer than 10%” of all Android phones currently have full device encryption enabled. On Android, the feature has to be manually configured and isn’t available on older phones, still representing a substantial portion of Android devices.
Google has pledged to stand beside Apple in its appeal against the Department of Justice’s order to help it unlock the iPhone of San Bernardino shooter Syed Rizwan Farook. With encryption clearly not ubiquitous across Android devices, its argument may be weaker though as there is an obvious disparity between the two platforms.
Google’s relationship with device manufacturers makes it difficult for it to dictate which features should be included on Android phones. It has over 400 different partners and a total of 4,000 devices running its software. Deciding on a single approach to security would be nigh on impossible, leaving Google to let manufacturers essentially do as they please around encryption.
“There is a push and pull with what Google wants to mandate and what the [manufacturers] are going to do,” said Andrew Blaich, lead security analyst at Bluebox Security Inc, to the Wall Street Journal. He added that Google is “at the mercy” of brands such as Samsung and LG that effectively control the direction of Android through their market share.
Google’s own Nexus devices are a drop in the ocean, holding an inconsequential share of the smartphone market. They have device encryption enabled out of the box, like an iPhone, but are the exception rather than the rule. With the majority of users unlikely to dig into settings to manually enable the feature, encryption simply doesn’t get used on Android phones.
This leaves data without any hardware protection, making it much easier for hackers or law enforcement to gain access to. Encryption works by scrambling the data in files using a special key. Without knowing the key – stored safely on the phone’s storage and visible only to itself – it is virtually impossible to restore the data to a readable format.
Having to use this key to access files each time they are accessed can slow phones down though. For this reason, manufacturers have been slow to implement device encryption, particularly on budget handsets.
In 2014, Google pledged that every Android phone would be encrypted from the word go but was forced to reverse its decision by hardware manufacturers. Some brands found that their budget handsets took several seconds longer to launch apps with encryption enabled, making them less attractive to general consumers.
Last year, Google came up with a new plan. All phones with Android 6.0 Marshmallow and a high-end processor must now be encrypted, increasing security without impacting performance. Marshmallow is currently on a measly 2.3 percent of devices though and not all of them will be powerful enough to support the feature.
Google is still trying to find wide support for encryption on Android despite its issues. It told the Wall Street Journal it wants to make “the best security it possibly can” but has run into “practical constraints” along the way. From Apple’s perspective, encryption comes as standard though, a vital component of a smartphone that no user should make do without.