The revised version of the Android Compatibility Definition Document states that a full-disk encryption should be enabled by default prior to the device's setup process.

The new version was launched following the first attempt that Google made earlier this year when it has also considered a full device encryption for phones and tablets that are running Android 5.0.

Several months after the announcement, Google once again made headlines when it backed down on its decision and has strongly recommended Android device makers instead to enable encryption as opposed to adding the feature as a mandatory requirement.

The reason for the change could be attributed to performance issues brought by the full-disk encryption which seemed too much for some devices to handle. As a result, Google allowed manufacturers to turn on encryption as a default feature in an optional clause.

However, it seemed like Google is requiring once again the full-disk encryption particularly on devices that release with the latest Android 6.0 Marshmallow. As such, it now states [pdf] in the Android Compatibility Definition Document that "the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience."

The full-disk encryption requirement only covers devices that launch with Android 6.0 which means that those who get the new OS through an update would be exempted.

Apart from the device's OS version, it is also worth stressing that the above-mentioned requirement is dependent on whether the device is capable of meeting a particular performance standard.

Once again, the issue on performance is being echoed. There are two angles being considered. The first one involves devices that meet the performance requirement wherein an encryption hitting performance will remain a subtle occurrence. The second involves an encryption done outright wherein users are left with no knowledge on what they are missing since devices cannot be set up if they are not encrypted.

"If a device implementation is already launched on an earlier Android version with full-disk encryption disabled by default, such a device cannot meet the requirement through a system software update and thus MAY be exempted," states the document.

Google is also not requiring users to set a lock screen up front which could work against the security feature brought by encryption. Devices with no lock screens and are shipping with Android 6.0 are also exempted from the encryption by default requirement.

Since having a secure lock screen is not a unanimous choice among users, Google may just have succeeded in providing a better user experience at this point. Users who would later on decide to add a PIN or a passcode to their lock screen don't have to worry about re-encryption either, relieving them from bearing with a time-consuming process.

ⓒ 2021 All rights reserved. Do not reproduce without permission.