Google to Apple: We Have Default Encryption, Too

Source: Thinkstock

Source: Thinkstock

When it comes to mobile device security, it appears that peer pressure can sometimes be a good thing. On September 17, Apple made iOS 8 — its latest mobile operating system — publicly available for download for its mobile device users. Alongside the new operating system, Apple unveiled a new privacy policy webpage that revealed that the Cupertino-based company was taking a more proactive stance on protecting users’ data that is stored on their mobile devices.

According to a Legal Process Guidelines document that the company created for U.S. law enforcement, Apple noted that any devices running iOS 8 would include a default encryption setting that prevents anyone but the device’s owner from gaining access to the data stored on the device. “For all devices running iOS 8.0 and later versions, Apple will no longer be performing iOS data extractions as the data sought will be encrypted and Apple will not possess the encryption key,” stated Apple.

Meanwhile, Apple’s webpage on government information requests included a not-so-subtle dig at Google — the maker of Android, the world’s most popular mobile operating system. “Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” noted Apple. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.” In other words, you can trust us, but we’re not so sure about those other guys.

However, it now appears that Apple won’t be the only company doing a technical end run around the government’s attempts to force software makers to give them access to users’ data. Soon after Apple published its revised privacy policy, Google announced that its next-generation Android release would also include a similar default encryption feature.

“For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement,” Google spokesperson Niki Christoff told The Washington Post. “As part of our next Android release, encryption will be enabled by default out of the box, so you won’t even have to think about turning it on.” While the company’s announcement came on the heels of Apple’s privacy policy change, Google claimed that its own default encryption change has long been in the works.

Google’s implementation of default encryption in Android could potentially have an even greater impact than Apple’s implementation in iOS. According to IDC data, Android and iOS combined accounted for 96.4 percent of the worldwide smartphone operating system market in the second-quarter of this year. However, over 84 percent of the smartphones in the world run some form of Google’s open source operating system. While this means that over 96 percent of the world’s smartphones could potentially feature default encryption software, the reality is a little different. Google’s Android is notoriously fragmented, with many devices running versions of the mobile operating system that are several generations old. On the other hand, most Apple users tend to quickly adopt the latest version of iOS. Still, for Android users that want it, a default encryption option will soon be available when the so-called “Android L” version is publicly released later this year.

Both companies’ use of default encryption follows Apple’s widely publicized iCloud hacking scandal. Last month, it emerged that many of the stolen celebrity photos that surfaced on the Internet had been obtained from victims’ iCloud accounts. However, Apple has maintained there has been no “breach in any of Apple’s systems including iCloud or Find my iPhone” and that the hackers were able to access accounts through “a very targeted attack on user names, passwords, and security questions.” It should be noted that Apple will still have the technical capability to extract data from users’ iCloud accounts if compelled by the government. However, Apple users can change their iPhone settings to prevent data from being automatically backed up to iCloud.

The implementation of default encryption in iOS and Android also comes amid the public’s increasing concern over privacy issues following the exposure of the NSA’s bulk data collection program by former NSA contractor Edward Snowden last year. By making it technically impossible for them to help law enforcement extract data from users’ mobile devices, Apple and Google are effectively removing themselves from the ongoing privacy debate and putting the onus of data collection completely on the government’s shoulders. Regardless of the reasons behind these two companies’ moves toward improved security, it appears that both iOS and Android users will soon benefit.

Follow Nathanael on Twitter (@ArnoldEtan_WSCS)

More From Tech Cheat Sheet: