Google changes its stance on Android Lollipop disk encryption from mandatory to optional

Last year, when Google announced Android 5.0 Lollipop, one of the key features was full disk encryption that would make it impossible for someone to get data off your device even if they had the device. While this worked in a very specific scenario (it required having a passcode lock on the phone) it was still more secure than before.

Unfortunately, this came with a terrible performance penalty, as noted by AnandTech and Ars Technica in their reports, where the new Nexus 6 with disk encryption was slower than the older Nexus 5 in several tests due to its permanently enabled encryption feature.

Previously, Google had decided that encryption would be a permanent feature in Lollipop devices, and that it would be enabled the first time the phone was switched on. But other than Google’s own Nexus 6 and Nexus 9, none of the devices that launched with Lollipop since have had this feature enabled.

As it turns out, Google has relaxed the requirements for enabling encryption on Lollipop devices. Google still requires having the feature on OEM devices but it’s still up to the OEMs to choose whether or not they want to have it enabled, and clearly no one wants that so far.

The exact reason for this is unknown but it’s easy to guess. The current memory is not fast enough to handle read/write tasks with the added load of encrypting and decrypting the data every time. It’s too much work and that tends to slow down the performance of the memory unit, which in turn affects the entire device performance. Google will likely make it mandatory in future to have encryption enabled when the hardware is fast enough to handle it but for now OEMs can ship devices with the feature disabled.

Source