Google Plans To Encrypt Android Data By Default
After Apple CEO Tim Cook talks up iOS8 data security, Google says the next version of Android will shield data on devices more effectively.
10 Ways Google Must Improve Android
10 Ways Google Must Improve Android (Click image for larger view and slideshow.)
Following Apple CEO Tim Cook's declaration on Wednesday that Apple is unable to decrypt devices using iOS 8, Google let it be known that the next version of Android will shield data on devices more effectively.
Android has supported user-controlled device encryption since the debut of version 2.3.4 (Gingerbread), with improvements over the years. But now Google plans to turn device encryption on by default. A company spokesperson told the Washington Post, "As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on."
The next Android release is called "Android-L." No specific release date has been announced, but Google intends to deliver the update before the end of 2014, possibly as soon as October.
By turning device encryption on by default, Apple and Google are declaring their disinterest in surveillance-as-a-service. Government agencies often ask the companies to help them access data on smartphones seized in the course of investigations, when investigators cannot access that data on their own. When authorities make such demands in accordance with valid legal process, companies must provide whatever data they can access. Default device encryption means Apple and Google will be unable to assist authorities with data on devices, whether they want to or not.
[Will these move influence sales of wearables? Read Android Wear to Beat Apple Watch?]
"What is so interesting and smart about this move is that rather than [Apple] telling the government that they no longer want to help the government, they re-architected iOS so they are unable to help the government," Christopher Soghoian, principal technologist and senior policy analyst for the ACLU, wrote in a blog post. "Think of it as Apple playing a game of chicken, and the company has just thrown the steering wheel out of the window."
Google may find it harder to get credit for promoting privacy than Apple, because it's committed to collecting data about its users to help its advertising business -- a point to which Cook alluded. And as long as Google has accessible data, people will come asking for it. But Google deserves some credit. The company has already advanced online privacy in many ways, including its 2010 decision to enable HTTPS in Gmail by default, its Safe Browsing API, and its Transparency Reports, among other related initiatives. Apple's advantage is that it's in the hardware business, rather than the information business.
In any event, both companies, along with others in the technology industry, stand to benefit by embracing ignorance of customer data. By doing so, they should be able to mitigate the mistrust of cloud computing created by Edward Snowden's revelations about the scope of government-backed surveillance. Yet putting users in control of device data will only get them halfway there.
Neither Apple nor Google provides user-controlled encryption, by default or choice, in iCloud or Google Drive. Apple does encrypt most iCloud data, except for Mail and Notes, but because the company controls the encryption keys rather than the customer, it can provide access if necessary. Google Drive files are not encrypted -- doing so would limit sharing and collaboration -- but there are third-party file encryption options.
Do you need a deeper leadership bench? Send your most promising leaders to our InformationWeek Leadership Summit, Sept. 30 in New York City, for a day of peer learning and strategic speakers.
About the Author
You May Also Like