Google officially announces Android 5.0 ‘Lollipop’ with default encryption

Google officially announced the latest version of its popular Android mobile operating system (5.0, dubbed "Lollipop") in a blog post Tuesday, which includesa feature that will automatically encryptusers data by default. The updatewill begin rolling out in November.

The company has allowed users to encrypt information storedon some mobile devices running the Android operating system since 2011. But the feature was not widely adopted.

Soon, devices with the latest version of the Android software will be encrypted by default during the activation process -- preventing Google from unlocking the device, even at the request of law enforcement. The new default encryption works by creating a unique key for decryptingthe device that is stored on the phone and not accessible to Google.

Only someone who knows the device's password would be able to see the pictures, messages and videos stores on the device, although law enforcement could still gainaccess to information backed up in the cloud, as well as metadata from wireless carriers throughcourt orders.

Not all Android users are likely to receive the latest versionat the same time. Android devices are made by various manufacturers and supported by various wireless carriers -- each of whom tailors Android updates to consumers. So it may be months before this update makes its way into the hands of most or even some consumers.

The move to default encryption wasrevealedlast month, shortly after Apple announced a similar shift in its latest mobile operating system. It comes as major tech companies have rushed to add layers of security to their products and services in the wake of former contractor Edward Snowden's revelations about the pervasiveness of data collection by the National Security Agency.

Law enforcement figures have sharply criticized the companies for theencryption,arguing that it will limit the ability of investigators to pursue legitimate warrants. Earlier this month, FBI Director James Comey said he was "deeply concerned" about the companies' actions in a remarksataBrookings Institution event -- suggesting they had to potential to create a "black hole" that law enforcement count not penetrate.

Others, including The Washington Post's editorial board,have argued that techcompanies should maintain a "golden key" to be used only in the event of a court-approved search warrant. But security experts widely mockedsuchsuggestions, saying thatsuch a universal key amounted to the creation of a backdoor that would fundamentally weaken the mobile device's security and create an avenue that could be exploited bycybercriminals.

"Software systems are incredibly complex, and it is a challenge to protect them from attack even in the most ideal circumstances," saidTom Cross, director of security research at network visibility vendor Lancope, who has written about problems in systems designed to help law enforcement access data. "Deliberately introducing additional vulnerabilities for law enforcement access just makes matters worse we don't know how to design those backdoors reliably."

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government.

Read more from the original source:
Google officially announces Android 5.0 ‘Lollipop’ with default encryption