Via The Daily Dot
-----
People with Android devices might be a bit frustrated with Google after a report
from the New York District Attorney's office provided detailed
information about smartphone security, and Google's power to access
devices when asked to by law enforcement. The report went viral on Reddit over the weekend.
Google can unlock many Android phones remotely when given a search
warrant, bypassing lock codes on particular devices. The report reads:
Forensic
examiners are able to bypass passcodes on some of those [Android]
devices using a variety of forensic techniques. For some other types of
Android devices, Google can reset the passcodes when served with a
search warrant and an order instructing them to assist law enforcement
to extract data from the device. This process can be done by Google
remotely and allows forensic examiners to view the contents of a device.
When compared to Apple devices, which encrypt by default on iOS 8 and
later, Google's seemingly lax protection is irksome. The report
continues:
For Android devices running operating
systems Lollipop 5.0 and above, however, Google plans to use default
full-disk encryption, like that being used by Apple, that will make it
impossible for Google to comply with search warrants and orders
instructing them to assist with device data extraction. Generally, users
have the option to enable full-disk encryption on their current Android
devices, whether or not the device is running Lollipop 5.0, but doing
so causes certain inconveniences, risks, and performance issues, which
are likely to exist until OEMs are required to standardize certain
features.
In October, Google announced
that new devices that ship with the Marshmallow 6.0 operating system
(the most recent version of Android) must enable full-disk encryption by
default. Nexus devices running Lollipop 5.0 are encrypted by default as
well. This means that Google is unable to bypass lock codes on those
devices. However, because of the massive fragmentation of Android
devices and operating systems, Google can still access lots of Android
devices running older versions when asked to by law enforcement.
And
despite the encryption updates to the Android compatibility
documentation, a number of devices are exempt from full-disk encryption,
including older devices, devices without a lock screen, and those that
don't meet the minimum security requirements.
The number of
devices that actually have full-disk encryption appears to be low. Just
0.3 percent of Android devices are running Marshmallow and more than 25
percent of Android devices are running Lollipop 5.0, but most of those
aren't Nexus, according to ZDNet.
When
compared to Apple, Google's security appears lacking. Apple made
encryption mandatory in iOS 8 back in 2014, which of course extends to
iOS 9, its most recent mobile OS update. Data shows
that 67 percent of Apple users are on iOS 9, and 24 percent of devices
are still on iOS 8. Just nine percent of devices run an older version of
iOS.
Android users are often at the mercy of carriers who decide
when to roll out Android updates, which is an obstacle for some Android
owners who want the latest OS.
If you do have a compatible
device and want to enable encryption, head over to your security
settings and select "encrypt device."
