When Lollipop launched on the Nexus 6 and Nexus 9, Google made a big deal about the changes to device-level encryption that it would bring. Instead of offering the ability to enable encryption after purchase, Google proudly declared that all Android Lollipop devices would feature out-of-the-box encryption. That is, encryption by default.
However, six months after Lollipop’s debut, that might be changing. Ars Technica reports that the Galaxy S6 units on the show floor at MWC aren’t encrypted by default, and neither is the second-generation Moto E, which was just announced last week. This is apparently not an oversight. Both Motorola and Samsung are still adhering to Google’s guidelines. It’s Google’s own guidelines that have been changed.
Ars reports that Google has started to relax its encryption requirement. The latest version of the Android Compatibility Definition document now states that though encryption “SHOULD” be enabled out of the box, it as actually only “very strongly RECOMMENDED.” The reason for this bolded, all-caps recommendation? Because Google expects this “SHOULD” to change to a “MUST” in future versions of Android.
The theory put forward by Ars Technica revolves around the impact out-of-the-box encryption can have on performance and OEMs’ need for time to develop hardware that can absorb the impact encyrption has on performance. In other words, perhaps the next major version of Android and next year’s flagships will have encryption enabled at first boot, but don’t expect that of your brand new Lollipop handset, despite Google’s October blog post about a “Kevlar wrapping” for Lollipop.