Skip to main content

Google to encrypt user data as default on Android 5.0 Lollipop

Google's latest version of its Android operating system, dubbed Lollipop, will include a feature that automatically encrypts user data by default.

The update, which will begin rolling out in November, will prevent Google from unlocking the device, even if asked to do so by police officials.

Read more: How to get Android 5.0 Lollipop on your smartphone or tablet

It will mark the first time the search engine giant has included data encryption as a default option. Since 2011, the company has allowed users to encrypt information, but the feature has not gained much traction.

The new encryption software creates a unique key to decrypt the device that is stored on the handset. Images, video and other information stored on the device is only be accessible by using the correct password, although law enforcement could still use court orders to access data stored by cloud services.

The decision to include default encryption is likely to have been influenced by increased security fears in the wake of Edward Snowden's revelations earlier in the year. The NSA whistleblower's disclosure of widespread surveillance programmes has led to a number of tech firms adding extra layers of security to their products.

However, law enforcement officials have criticised the use of default encryption amidst concerns that it will make pursuing legitimate warrants more difficult. FBI Director James Comey claimed that the practice could create a "black hole" that investigators are unable to penetrate.

Some have proposed that tech companies should keep a "golden key" to access devices in the event of a court-approved search warrant, but security expert Tom Cross told The Washington Post that such a move would be a gift for cyber criminals.

Read more: Android 5.0 Lollipop packs a kill switch - the good kind

"Software systems are incredibly complex, and it is a challenge to protect them from attack even in the most ideal circumstances," he said. "Deliberately introducing additional vulnerabilities for law enforcement access just makes matters worse – we don't know how to design those backdoors reliably."