Google’s Android Encryption Problem

The headlines these days would have been very different if the San Bernardino shooters had used an Android phone instead of a late model iPhone. While iPhones come, more or less, encrypted out of the box, Android phones, on the whole, tend to break the other way.

Much to the discomfort of Google — Android’s de facto maker — which would very much like to see all Android phones encrypted. Alphabet even encrypts its line of Nexus devices.

The problem for Android is that, unlike Apple, Alphabet doesn’t make all its own handsets, and other makers have objected that encryption reduces function. Google hasn’t forced the issue for fear of device makers backing away from the Android model, where it makes the most money.

And so, only about 10 percent of Android phones globally are encrypted, as opposed to 95 percent of Apple’s iPhones.

Such are the problems when one heads up the open-source operating system for a network of more than 400 manufacturers and 4,000 devices. Apart from having to use Android branding and to offer standard Google map and search services, device makers have a fairly open hand in how they configure their Android-based products.

“There is a push and pull with what Google wants to mandate and what the [manufacturers] are going to do,” said Andrew Blaich, lead security analyst at Bluebox Security Inc., which helps secure mobile apps. In some ways, Google is “at the mercy of the larger [manufacturers], like Samsung and LG, that are driving the ecosystem.”

Google has, of late, started ramping up the pressure on those larger device makers. The latest instantiation of the OS, Marshmallow, requires makers to encrypt phones with high-powered processors, meaning all high-end Android phones will come encrypted going forward.

But, as of yet, only 2.3 percent of Android devices run Marshmallow, while almost 80 percent of iPhones run the most current iOS (9), despite the fact that the OS upgrades were released within a month of each other.