The next generation of Googles Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones.

Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devicesso that encryption happens automatically; only somebody who enters a device's password will be able to see the pictures, videos and communications stored on those smartphones.

The move offers Android, the worlds most popular operating system for smartphones, a degree of protection that resembles what Apple on Wednesdaybegan providing for iPhones, the leading rival to devices running Android operating systems. Both companies have now embraced a form of encryption that in most cases will make it impossible for law enforcement officials to collect evidence from smartphones even when authorities get legally binding search warrants.

For over three years Android has offered encryption, and keysare not stored off of the device, so they cannot be shared with law enforcement, said company spokeswoman Niki Christoff. As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on.

The move, which Google officials said has been in the works for many months, is part ofa broad shift by American technology companies to make their products more resistant to government snooping in the aftermath of revelations of National Security Agency spying by former contractor Edward Snowden.

Expanded deployment of encryption by Google and Apple, however, will have the most direct impact on law enforcement officials, who have long warned that restrictions on their access to electronic devices make it much harder for them to prevent and solve crimes. In June, the Supreme Court ruled that police needed search warrants to gain access to data stored on phones in most circumstances. But that standard is quickly being rendered moot; eventually no form of legal compulsion will suffice to force the unlocking of most smartphones.

Privacy advocates are ecstatic about the changes by Apple and Google, and especially about their shift toward making encryption automatic, through default settings, so that users get privacy protections without taking any action on their own.

"Most people aren't going to go out of their way to do these things," said Joseph Lorenzo Hall, chief technologist for the Center for Democracy & Technology, a Washington-based non-profit group that receives substantial industry support. "It's so awesome, as someone who has worked on these issues for a long time, to see these two companies switch their defaults to where these things will be strongly encrypted, and rightly so."

Apple and Googlehave been engaged in an increasingly pointed competition over the lucrative smartphone market, with Apple in recent weeks portraying the iPhone as a safer, more secure option despite a recent run of bad publicity over the leak of intimate photos from the Apple accounts of celebrities.

There remain significant differences between how Apple and Google are handling encryption. Apple, which controls both the hardware and software on its devices, will be able to deliver the updated encryption on both new iPhones and iPads and also most older ones, as users update their operating systems with the latest release, iOS 8.

Originally posted here:
Newest Androids will join iPhones in offering default encryption, blocking police

Encryption has been available on Android since 2011, but most users probably didn't know how to turn it on.

And for Google's next trick, the search giant will launch its next-generation Android L operating system with encryption on by default.

"For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement," a company spokeswoman told PCMag. "As part of our next Android release, encryption will be enabled by default out of the box, so you want even have to think about turning it on."

The move was first reported by The Washington Post, which noted that encryption has indeed been available on Android since 2011, but the average user was not really aware of how to turn it on.

Apple is doing something similar with iOS 8.

"On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode," Apple said on its website. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."

Tech firms like Google and Apple have been rushing to offer more secure solutions in the wake of Edward Snowden's NSA spying revelations, not to mention hacks like the recent nude celebrity photo leaks.

This summer, the Supreme Court unanimously ruled that police must get a warrant before they can search the contents of your mobile device. It doesn't matter whether you carry the latest smartphone or a dated feature phone: If the cops want to know what secrets it holds, they need to talk to a judge first.

As the Post noted, Apple's iOS updates roll out all at once to eligible handsets, meaning a good number of iPhone owners will have an encrypted device very soon. Apple's iOS 8 rolled out on Wednesday, and the iPhone 6 and 6 Plus, which are pre-loaded with iOS 8, hit stores today in the U.S.

Android updates, meanwhile, are usually at the discretion of mobile carriers, meaning that Android L - and encryption - will be rolling out piecemeal on a device-by-device and carrier-by-carrier basis later this year.

View original post here:
Google's Android L to Include Default Encryption

Turning on data encryption can make a huge difference in case your Android device is lost or stolen, as it will make it extremely difficult -- if not impossible -- for a third-party to access yourfiles. It also gives you quite a bit of time to remotely wipe your device, which means that your photos, videos, texts and whatnot have a better chance of remaining private.

And if the local authorities want to take a peek, theyare also out of luck -- it's good news for those involved in criminal enterprises, and others as well. All this sounds great from a privacy and security standpoint, except that encryption has never been enabled by default in Android. But that is soon about to change.

In a statement that was just given to The Washington Post, Google spokesperson Niki Christoff revealsthat "As part of [Google's] next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on".

Google's next Android release is known as "Android L" at this stage, and will be ready for prime time later this year, if the launch date of past releases is of any indication. Android L has been made available to beta testers, and features a redesigned user interface, a new default runtime, extra security features, 64-bit support and more. You can read about it here.

The encryption key, which is needed to unlock the contents of the internal storage (and, presumably, the microSD card too), will continue to be only in your control, as it has been the case in the past three years, according to Christoff. This is very similar to how Apple's now doing things with iOS 8, which also only gives you the encryption key. To take advantage of this, a passcode must be set up.

That last bit is extremely important because encrypting an Android device without using any sort of passcode is practically impossible right now, and, frankly, pointless. For instance, Android 4.4 KitKat requires users to set up a PIN in order to encrypt the contents of the internal storage and microSD card.

How strong the PIN is will determine how easy it will be for a third-party to render your encryption efforts useless. Using a complex sequence is recommended, even though it may make the unlocking more difficult. That said, I am using an eight-digit PIN right now and I quickly got used to it.

Photo Credits:Slavoljub Pantelic/Shutterstock

Excerpt from:
Google: Android L turns data encryption on by default