Apple’s Battle With FBI Underscores Android’s Poor State of Encryption

By | March 16, 2016

Apple's Battle With FBI Underscores Android's Poor State of Encryption: Report

Google CEO Sundar Pichai last month backed Apple in its ongoing fight with FBI over encryption. While privacy advocates welcomed Pichai’s stand on supporting Apple, they are still concerned about the poor state of encryption on Android devices. According to estimates, fewer than 10 percent of Android phones are encrypted.

If San Bernardino shooter Syed Rizwan Farook was using an Android phone, FBI may have closed the case within hours without much assistance from Google. The reason is simple: most Android phones aren’t as secure as an iPhone.

In fact, according to an investigator for France’s Gendarmerie Nationale, the specialised software that authorities use to crack passcodes will only take about an hour to crack a locked, but unencrypted, Android phone.

According to experts cited in a Wall Street Journal report, fewer than 10 percent of 1.4 billion Android phones are encrypted. This, when compared to iPhone’s 95 percent adoption rate, seems alarmingly low. The reason why most Android phones aren’t encrypted resides in how they are manufactured and sold.

The long-debated fragmentation issue is still crippling Android ecosystem. When more than 400 manufacturers build Android phones, their preference and commitment towards issuing updates play a major role in exactly how soon — if at all – their customers will have a certain feature.

According to the Manhattan district attorney, cited in the report, investigators can bypass passcodes on some older Android devices. And Google can remotely reset passcodes on others.

Google is taking steps, albeit very slowly, to improve security on Android. To recall, Google introduced full-disk encryption with Android 5.0 Lollipop, but ultimately didn’t make it mandatory for all manufacturers to enable the encryption by default. The company had initially promised it would be enabled by default, responding to increased device encryption introduced by Apple in iOS 8. It wasn’t until last year (and Android 6.0 Marshmallow) that Google made it mandatory for its OEMs to enable the feature by default.