Android L Will Keep Your Secrets Safer

Google has promised that the next version of Android will provide encryption by default, a move that will bring device security on a par with that provided by Apple's newly bolstered iOS 8. While phones and tablets will be much harder to hack, there's still the itty-bitty problem of the cloud. "Consumers should not be led to believe that they are now 100 percent safe," said analyst Michael Morgan.

Hard on the heels of increased security measures in Apple’s newly released iOS 8, Google this week confirmed that encryption will be turned on by default in the next release of Android.

Android has offered encryption for more than three years, and keys are not stored off the device, so they can’t be shared with law enforcement, Google said. In the next Android release, encryption will be enabled by default.

Like Apple’s new measures, the heightened security planned for Android L is in part a reaction to the widespread privacy concerns that have arisen as a result of spying efforts by the National Security Agency, said Ronald Gruia, director of emerging telecoms at Frost & Sullivan.

“Both Apple and Google are attempting to distance themselves from that,” he told TechNewsWorld.

‘Not Everybody Knew About This’

It’s true that Android devices have offered encryption for some time — but only as an option, meaning that users had to actively turn the feature on.

One reason for leaving it off by default is that encryption has a negative effect on battery performance, noted Chris Hazelton, a research director for mobile and wireless with 451 Research.

Recent processor advances, however, have made that less of an issue, he told TechNewsWorld.

Many users have been unaware of the encryption feature, and “not too many people know how to do it,” Gruia pointed out.

Though turning encryption on by default will ease that problem, it still won’t provide perfect security, he added. While data will be encrypted as it travels to and from Google, that won’t be the case inside Google’s services. So, messages sent via Google’s Hangouts service, for instance, won’t be scrambled in the way that messages from outside Google will be.

Still Not 100 Percent

“I think it is a good move by all companies to make encryption standard, but consumers should not be led to believe that they are now 100 percent safe,” said independent mobility analyst Michael Morgan. “There are further practices that need to be instilled.”

Multifactor authentication is one example, he told TechNewsWorld: “For instance, even if the hacker knows your iPhone password, does he also have your fingerprint to unlock the device? Or … is the Apple watch currently connected to the device?”

In addition, “just because the data is more secure on the device, users must remember that once this data is shared — even over a VPN connection — they no longer have control of the data in terms of security,” added Morgan.

‘It Is an Endless War’

Of course, “all security can be hacked. It is not always easy, but if a talented, motivated hacker can get to your device, they will eventually be able to get to your data,” Morgan pointed out.

The purpose of security, then, is to make it more expensive for the hacker to get the information than the data is worth to the hacker.

“It is an endless war,” Morgan said, “where the hackers find quicker and cheaper ways around the security system and then the security experts invent ever-more-powerful protection methods.”

‘The Entire Process Is One-Way’

Full-data encryption is “a huge win for privacy generally,” but it does come with a number of disadvantages, Thomas McCourtie, a research analyst for mobile devices with ABI Research, told TechNewsWorld.

“Firstly, forgetting the passcode means not even the OEM will be able to retrieve the data,” he said. Then, too, there’s the drain on battery, computational resources, processing speeds and storage that still occurs as a result.

Also important to realize is that “the entire process is one-way,” said McCourtie. “Once encrypted, users cannot undo the changes made, with the only solution being the restoration of the device’s factory settings, which in turn would wipe all other changes and alterations made to the device prior.”

‘Out of the Loop’

Finally, like any other technology, the new encryption feature can be used for nefarious purposes as well as honorable ones, Gruia pointed out.

“If you’re part of a terrorist network, you may potentially use this to your own advantage,” he explained. “If your phone gets confiscated, there’s not much authorities can do to nail you.”

That, of course, helps keep companies like Apple and Google out of the picture when law enforcement becomes involved, said 451 Research’s Hazelton.

Getting embroiled in legal cases represents “a huge cost for them, in terms of both time and money,” he explained, “so why not push that back onto law enforcement and take themselves out of the loop?”

Katherine Noyes has been reporting on business and technology for decades. You can find her on Twitter and Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Katherine Noyes
More in Cybersecurity

Technewsworld Channels