Google has a long-held ambition to make full-disk encryption mandatory on Android. It didn’t quite work for Lollipop — so it’s taking another stab with Marshmallow.
With Android 5.0, attempts to roll out all-encompassing encryption fell through because many devices lacked the specs to make it happen. That led Google to simply ‘strongly recommend‘ full-disk encryption to phone manufacturers rather than make it obligatory.
If a handset does not declare itself as a low-memory device — which means 512MB of RAM or less — and it supports a secure lock screen, it must also support full-disk encryption. And if the device has what’s known as Advanced Encryption Standard (AES) cryptographic operation performance of over 50MB/s, the encryption feature must switched on by default when the phone is first set up.
Elsewhere, the same document also describes other rules for encryption on Android — demanding encryption uses 128-bit keys, along with insisting that the encryption key is never written to storage or transmitted off the device. All very sensible, though it will do little to cheer U.S. authorities, that already take umbrage at Apple and Google’s love of encryption.
Image by Scott Akerman under Creative Commons licence