Friday, September 19, 2014

Google to turn on encryption by default in next Android version

Law enforcement would have to approach a device's owner since the encryption keys are stored on the device

Google is turning on data encryption by default in the next version of Android, a step that mirrors broad moves in the technology industry to ensure better data security.
Android has been capable of encryption for more than three years, with the keys stored on the device, according to a Google spokesman.
That means Google or another service provider wouldn't be able to provide access to the encrypted data. Law enforcement would have to approach the device's user. Android L, which is still in a developer preview mode, is due for release before the end of the year.
Turning encryption on by default means one less step for users, who may not even be aware of the option. It also protects users in other scenarios, such as if they lose their phone.
Many developers are striving to make applications and systems where they do not hold encryption keys, which could be obtained by law enforcement through a court order.
While many technology companies have vowed to fight overly broad court orders for the government that seek data, the companies generally have to comply with ones with a proper focus.
But if only encrypted data passes through their data centers, and the keys to unlock the data remain in possession of their users, there's little to turn over, which is what many service providers these days would prefer.
On Wednesday, Apple sought to assure its customers about how it handles data. The company said it doesn't have access to data protected by a passcode in iOS 8, making it impossible for it to comply with a government warrant.
Earlier this week, Apple also made two-step verification an option for its iCloud online storage service following the theft of nude photos from the accounts of celebrities.

No comments:

Post a Comment