BY CRAIG TIMBERG
The next generation of Google’s Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones.
Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devices so that encryption happens automatically; only somebody who enters a device’s password will be able to see the pictures, videos and communications stored on those smartphones.
The move offers Android, the world’s most popular operating system for smartphones, a degree of protection that resembles what Apple on Wednesday began providing for iPhones, the leading rival to devices running Android operating systems. Both companies have now embraced a form of encryption that in most cases will make it impossible for law enforcement officials to collect evidence from smartphones – even when authorities get legally binding search warrants.
“For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement,” said company spokeswoman Niki Christoff. “As part of our next Android release, encryption will be enabled by default out of the box, so you won’t even have to think about turning it on.”
The move, which Google officials said has been in the works for many months, is part of a broad shift by American technology companies to make their products more resistant to government snooping in the aftermath of revelations of National Security Agency spying by former contractor Edward Snowden.
Expanded deployment of encryption by Google and Apple, however, will have the most direct impact on law enforcement officials, who have long warned that restrictions on their access to electronic devices make it much harder for them to prevent and solve crimes. In June, the Supreme Court ruled that police needed search warrants to gain access to data stored on phones in most circumstances. But that standard is quickly being rendered moot; eventually no form of legal compulsion will suffice to force the unlocking of most smartphones.
Privacy advocates are ecstatic about the changes by Apple and Google, and especially about their shift toward making encryption automatic, through default settings, so that users get privacy protections without taking any action on their own.
“Most people aren’t going to go out of their way to do these things,” said Joseph Lorenzo Hall, chief technologist for the Center for Democracy & Technology, a Washington-based non-profit group that receives substantial industry support. “It’s so awesome, as someone who has worked on these issues for a long time, to see these two companies switch their defaults to where these things will be strongly encrypted, and rightly so.”
Apple and Google have been engaged in an increasingly pointed competition over the lucrative smartphone market, with Apple in recent weeks portraying the iPhone as a safer, more secure option – despite a recent run of bad publicity over the leak of intimate photos from the Apple accounts of celebrities.
There remain significant differences between how Apple and Google are handling encryption. Apple, which controls both the hardware and software on its devices, will be able to deliver the updated encryption on both new iPhones and iPads and also most older ones, as users update their operating systems with the latest release, iOS 8.
That is likely to happen over the next several weeks, and for those with iOS 8, the encryption will be so secure that the company says it will lack the technical ability to unlock the phones or recover data for anyone — whether it be for police or even users themselves if they forget their device passcodes. Much data is likely to remain on iCloud accounts, which back up pictures and other data by default for many iPhones and iPads; police with search warrants will still be able to access this information. Users who want to prevent all forms of police access to their information can adjust their phone settings in a way that blocks data from flowing to iCloud.
By contrast, Google does not have the ability to deliver its updated operating system, called the “L-release,” quickly to most users. Several different manufacturers make smartphones and tablets that use the Android operating system, and those devices are sold by many cellular carriers worldwide. This results in what experts call “fragmentation” – meaning there are hundreds of different versions of Android worldwide, many several years old, making it difficult to keep them current with the latest security features.
The newest Android devices will likely ship with default encryption after October, but it will take many months and probably years before most Android devices have encryption by default.