Encryption AH-1

Android Headliner: Encryption Highlights Android’s Fundamental Flaw

March 17, 2016 - Written By John Anon

As big as the Android N news has been over the last week or two, there is one story which Android N has not managed to drown out just yet. Encryption. What started with a simple “no” from Apple, has turned into a fully fledged heated debate across the tech industry, the political spectrum and just about everywhere in-between. What has been even more apparent within the tech industry specifically, is the divisiveness of this topic. While the encryption debate has seemingly united competing companies like Apple and Google, smartphone owners seem far less cohesive in their view. Which is interesting as it is essentially their data that is up for grabs. Especially, Android device owners.

It is no secret that Android is not ‘as safe’ as iOS. While both companies have pushed forward recently with full encryption on the latest versions of the respective operating systems, the difference lies in the updating process for each. Apple is always keen to get as many i-related devices up and running on their latest iOS version as quickly as possible and this has resulted in most iPhones now running the latest version of iOS. A move which is not mirrored in the Android world. The topic of fragmentation has long been debated among Android users and without wanting to beat a dead horse here, the issue is raising its ugly head once more. As the later versions of Android are where encryption has really taken off, the result of this is the sheer majority of Android devices are not running an encrypted version of Android. In fact, according to a report out of WSJ this week, the difference with encryption lying around the 95-percent level for Apple’s devices, which compares to less than 10-percent of all the Android devices currently in circulation. And here is where the issue for Google and Android lies. Not to mention, the importance of finding a way to rectify the fragmentation issue as well. Earlier this week, we discussed whether Google had released Android N too early and many responded with a clear ‘no, it is not too early’ – with the logic being that the sooner updates arrives for Android, the better. However, With Android N arriving while Marshmallow is only at the 2.3-percent adoption level and Lollipop only for the first time taking over KitKat, all Android N is going to do is confuse the matter of fragmentation further.

Android DIstribition March 2016

More to the point though, is the fragmentation of the operating system is only one side of the fragmentation puzzle. There is also the fact that Android is so fragmented with manufacturers too. The ‘be together. not the same’ mantra that Android has now adopted is a clever one and certainly does bring forward the idea of what Android is all about. The variance on offer and the ability to not only choose your manufacturer, but also choose your model and choose your color and even to some extent, choose your operating system version. While in contrast, Apple is essentially ‘be together and all the same’. A point which was so very poetically summed up in one of the most recent promo videos from Google.

While it is true that all of those middle-c keys sound the same, in the real world, they all also represent the same level of security and encryption that Apple has managed to achieve. Having a standardized operating system for all of their devices, being in control of the manufacturing process and not having to negotiate their operating system in anyway has meant that even now, when encryption is a selling point for all companies, Apple can stand tall and say our devices are protected. By all means Google can stand with Apple and echo their sentiment and reiterate how important encryption is and why devices need to be encrypted and the sanctity of encryption in general. Although, Google will be standing there saying this while virtually all of their devices remain unencrypted and unprotected. And there is not exactly a lot Google can actually do about this.

Google can look to enforce Android device manufacturers to employ encryption on their devices, but the only leverage Google has is the use of their Google suite of apps. Which in truth is a leverage Google does not want to be applying too heavily. Android is free to anyone who wants it and that is its appeal. While most smartphone manufacturers are happy to conform to Google’s standards, it is in Google’s interest that they do. If manufacturers chose not to abide and were effectively banished from the Google ecosystem, they would still be able to use Android in any way they wanted just the same. In fact, banishing manufacturers would only hurt Google in the long run, as a lot of their revenues come from the Google suite of apps and not the free use of Android. Not to mention, we are already seeing and hearing some companies (you know who) claiming they want to ‘free Android from Google’, so it is always likely there will be another suite of apps waiting in the wings for banished manufacturers to include. Therefore, Google’s ability to control manufacturers is not infinite, there is a limit and while we are always talking about the latest and greatest smartphones, it is the lower and mid-range devices that could prove to be the most problematic.

Affordable smartphones AH_1

This non-flagship category is big business in certain regions of the world (in all regions in reality. as affordable devices are driving all markets now) and the issue with low to mid-range devices, is that they are limited in performance and subsequently, their ability to deal with aspects like encryption. At least, not without performance being further impaired. As these are already ‘slower’ devices and are already aggressively priced, how much benefit is there for manufacturers to want to include elements like encryption on them? Aspects which might not only affect performance of already performance-limited devices, but aspects which would likely make affordable devices, more costly to produce in the first place. It is these devices that could prove to be the downfall for any ‘you must’ instructions set out by Google.

Now some of the Android community will instantly draw on this as a prime example of why everyone should buy Nexus and not opt for carrier or non-Nexus handsets. After all, all Nexus devices tend to get the updates at the same time and therefore, the element of being able to control aspects like encryption or whatever else arises in the future, is doable if everyone owned a Nexus. And that is a logical argument. However, if that was the case and everyone interested in Android did go out and buy the new Nexus, then would this not fly in the face of be together, not the same. Wouldn’t Android just be another version of Apple then? And it is this line of thinking which inherently raises the fundamental issue with Android – it is by nature not able to offer such across the board protection. It is the essence of Android that continually makes it so vulnerable.

So here is the interesting food for thought to take home. While the Android community seems divided on whether tech companies should be helping law enforcement in gaining access to encrypted smartphones, for now, it is a topic which largely does not concern the majority of them. By any means of measurement, the majority of Android devices are not protected and are devices that would not particularly need Google’s help to access. This could all change in the future, however with the issue of fragmentation seemingly becoming even more concerning with the now even earlier releases of future versions of Android, the ability for Google to widely roll out any security measure, encryption or otherwise, will remain an issue for them and by association, for all of us.