Google to Apple: We Have Default Encryption, Too
According to a Legal Process Guidelines document that the company created for U.S. law enforcement, Apple noted that any devices running iOS 8 would include a default encryption setting that prevents anyone but the device’s owner from gaining access to the data stored on the device. “For all devices running iOS 8.0 and later versions, Apple will no longer be performing iOS data extractions as the data sought will be encrypted and Apple will not possess the encryption key,” stated Apple.
Meanwhile, Apple’s webpage on government information requests included a not-so-subtle dig at Google — the maker of Android, the world’s most popular mobile operating system. “Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” noted Apple. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.” In other words, you can trust us, but we’re not so sure about those other guys.
Google’s implementation of default encryption in Android could potentially have an even greater impact than Apple’s implementation in iOS. According to IDC data, Android and iOS combined accounted for 96.4 percent of the worldwide smartphone operating system market in the second-quarter of this year. However, over 84 percent of the smartphones in the world run some form of Google’s open source operating system. While this means that over 96 percent of the world’s smartphones could potentially feature default encryption software, the reality is a little different. Google’s Android is notoriously fragmented, with many devices running versions of the mobile operating system that are several generations old. On the other hand, most Apple users tend to quickly adopt the latest version of iOS. Still, for Android users that want it, a default encryption option will soon be available when the so-called “Android L” version is publicly released later this year.
Both companies’ use of default encryption follows Apple’s widely publicized iCloud hacking scandal. Last month, it emerged that many of the stolen celebrity photos that surfaced on the Internet had been obtained from victims’ iCloud accounts. However, Apple has maintained there has been no “breach in any of Apple’s systems including iCloud or Find my iPhone” and that the hackers were able to access accounts through “a very targeted attack on user names, passwords, and security questions.” It should be noted that Apple will still have the technical capability to extract data from users’ iCloud accounts if compelled by the government. However, Apple users can change their iPhone settings to prevent data from being automatically backed up to iCloud.
The implementation of default encryption in iOS and Android also comes amid the public’s increasing concern over privacy issues following the exposure of the NSA’s bulk data collection program by former NSA contractor Edward Snowden last year. By making it technically impossible for them to help law enforcement extract data from users’ mobile devices, Apple and Google are effectively removing themselves from the ongoing privacy debate and putting the onus of data collection completely on the government’s shoulders. Regardless of the reasons behind these two companies’ moves toward improved security, it appears that both iOS and Android users will soon benefit.
Follow Nathanael on Twitter (@ArnoldEtan_WSCS)