Google compromises: no longer forcing full-disk encryption in Android 5.0

[[128567]]

MWC 2015 welcomed a large number of devices running Android 5.0, including Samsung's most beautiful Galaxy S6 and S6 Edge, the "same line" HTC One M9, and Moto E (2015), etc. Regarding Android 5.0 itself, what many people don't realize is that Google has quietly relaxed the restrictions on full disk encryption, and these devices do not have this feature turned on by default.

When Nexus 6 was first released, iFanr reported that turning on the "full disk encryption" feature by default in Android 5.0 would seriously slow down the system's read and write performance: According to AnandTech's test results, when FDE was turned on, the random read performance of Nexus 6 running Android 5.0 dropped by 62.9%, the random write performance dropped by 50.5%, and the orderly read performance dropped by an astonishing 80.7%.

Full Disk Encryption, or FDE, when FDE is turned on, all data written to the hard disk must be encrypted first, and all data read must be decrypted first. This is an important improvement of Android 5.0 compared to previous products, which greatly enhances the security of Android devices, and Google has emphasized the positive significance of this improvement on many occasions.

The frustration is that under the current Android hardware conditions, the eMMC flash memory equipped on most models does not have its own encryption standard, and the SoC on the phone does not have a dedicated module to handle data encryption/decryption functions. These directly lead to a significant drop in machine performance after Android 5.0 turns on full disk encryption.

[[128568]]

Security or performance? This may not be a difficult question for many people to weigh, because at present, there are only two machines that enable full-disk encryption by default - Nexus 6 and Nexus 9. Even the original Nexus series models will not enable this feature after upgrading to Android 5.0.

Now, Google has returned the choice to OEMs and "recommended" turning on full disk encryption, but it seems that not many mobile phone manufacturers have responded. However, we hope that Google's efforts in system security will not be in vain. The main reason is, as mentioned above, that the hardware design of mobile phones has not kept up with the rapid changes in mobile operating systems. Relatively safe and feasible solutions include using faster flash memory chips, faster file systems such as F2FS, and optimizing the data encryption and decryption performance of SoC.

Unlike Google's fanfare over the security features of "full disk encryption" when it released Android 5.0, Google modified the Android system compatibility document a month ago, but end users knew very little about it. Even many technology media only discovered this change today. It has to be said that Google's policy changes are not transparent and its publicity efforts are not strong enough, which will undoubtedly touch the nerves of users who are sensitive to personal information and data.