Google’s plan to encrypt user data on Android devices by default will get a new push with Android 6.0, also known as Marshmallow.
The company requires Android devices capable of decent cryptographic performance to have full-disk encryption enabled in order to be declared compatible with the latest version of the mobile OS.
Google’s first attempt to make default full-disk encryption mandatory for phone manufacturers was with Android 5.0 (Lollipop), but it had to abandon that plan because of performance issues on some devices.
This put Android at a privacy disadvantage with iOS, which already encrypts user data out of the box in a way that not even Apple, or government agencies for that matter, can recover it.
With the release of Android 6.0, the Android Compatibility Definition Document (CDD), which sets guidelines for manufacturers, has also been updated. The document now lists full-disk encryption as a requirement instead of a recommendation.
If a device does not declare itself as a low-memory device—with about 512MB of RAM—and supports a secure lock screen, it must also support full-disk encryption of both the application data and shared storage partitions, the document says.
Furthermore, if the device has an Advanced Encryption Standard (AES) cryptographic operation performance above 50MB/s, the full-disk encryption feature must be enabled by default during the initial set-up.
The document also specifies other encryption implementation details, like the use of 128-bit or greater AES keys, not writing the encryption key to the storage area at any time, encrypting the encryption key with another key derived from the lock screen password after applying an algorithm like PBKDF2 or scrypt to it, and never transmitting the encryption key off the device, even when the key is encrypted.
The move is likely to draw criticism from law enforcement officials in the U.S. who have argued over the past year that the increasing use of encryption on devices and online communications affects their ability to investigate crimes.
In addition to encryption, Google also mandates verified boot for devices with AES performance over 50MB/s. This is a feature that verifies the integrity and authenticity of the software loaded at different stages during the device boot sequence and protects against boot-level attacks that could undermine the encryption.