Android 5.0 Lollipop, the latest version of Google’s mobile operating software, will indeed shield files, photos and other user information on Android phones from prying eyes. But that protection isn’t quite as all-encompassing as the company’s earlier statements might have led you to think.
A month ago, Google announced that Lollipop would automatically encrypt user data on Android phones, essentially scrambling it so that the police, spies and jealous lovers can’t read your texts and email or snatch up your private pictures. “[E]ncryption will be enabled by default out of the box, so you won’t even have to think about turning it on,” the company’s statement read.
See also: Understanding Encryption: Here’s The Key
On Tuesday, Google provided some more details about how that encryption actually works. New phones that ship with Lollipop will begin encrypting data once they’re turned on, using encryption keys generated internally by Android software and phone hardware (technically, chip-based random-number generators).
Those master keys, according to Adrian Ludwig, Android’s lead security engineer, never leave the device. That means Google has no access to them and can’t provide them to law enforcement or other authorities even if presented with a legal order to do so.
Lollipop’s encryption scheme greatly speeds up the process of protecting users’ stored data, since it starts off with a largely empty phone and then encrypts new data as it’s added. Android has actually allowed users to encrypt their phones for roughly three years, but it didn’t draw attention to the option, which was buried in the settings menu.
See also: Why Google Wants To Padlock The Web
Worse, encryption was irreversible, somewhat clumsy to use (it requires you to enter a decryption password when your phone or tablet starts up, a step Lollipop eliminates) and very slow to initialize. It can take an hour or more to encrypt the data on a typical phone.
But There’s A Catch
Make that three catches, actually.
First, the encryption doesn’t help much if you haven’t set a passcode. Ludwig said studies have shown that roughly have of users don’t set passcodes on their devices, largely because they find it inconvenient to keep entering them dozens of times a day. Lollipop will still encrypt your data, but it will also automatically decrypt it in normal use. So if you don’t have a passcode, much of your information will be available to anyone who picks up your phone.
Lollipop’s encryption still offers some limited protection even under those circumstances—for instance, by protecting stored data against anyone who tries to read it directly from the phone’s memory. That could shield user passwords and other sensitive data from attackers.
Ludwig said Google is trying hard to address the usability issues with encryption. For instance, Lollipop has another feature that will let you unlock your phone with a trusted device such as a smartwatch. But most users probably aren’t set up to use that sort of feature yet—and it may have drawbacks of its own.
Second, the encryption process only protects files and photos that are stored in a specific location known as the /data partition. It will not protect anything stored on a removable microSD storage card.
Many Android apps store data directly on the SD card; if you want to protect that, you’ll need to find a separate encryption program. (Some manufacturers such as Samsung include SD-card encryption as an option on their phones.)
Finally, even Lollipop won’t encrypt your data by default if you upgrade to Android 5.0 instead of buying a new phone. That’s by design, since otherwise you could end up waiting 45 minute to an hour or more while the operating system encrypted your files. But it could leave you with a false sense of … well, security, if you upgrade to Lollipop thinking that it will encrypt all your files automatically.
Lead image by Tim RT