The State of Encryption on Smartphones

The battle between the FBI and Apple over unlocking the San Bernadino shooters iPhone has raised awareness of mobile phone encryption. It appears however that unlike Apple’s iPhone, most Android phones are not encrypted. According to Jose Pagliery writing for CNN Money:

“Although 97% of Android phones have encryption as an option, less than 35% of them actually got prompted to turn it on w”hen they first activated the phone. Even then, not everybody chooses that extra layer of security.”

This is not much of a surprise. Most android phones do not use high end flash storage. As a result there is a definite performance hit when using the devices and android device manufacturers do not enable encryption by default. Which is probably why newer phones are required to encrypt by default:

“A Google spokesman said that encryption is now required for all “high-performing devices” — like the Galaxy S7 — running the latest version of Android, Marshmallow. But only 1.2% of Android phones even have that version, according to Google.”

This is in stark contrast to iPhones:

By comparison, most Apple products are uniformly secure: 94% of iPhones run iOS 8 or 9, which encrypt all data. Apple (AAPL, Tech30) makes its devices, designs the software, and retains full control of the phone’s operating system.

“If a person walks into a Best Buy and walks out with an iPhone, it’s encrypted by default. If they walk out with an Android phone, it’s largely vulnerable to surveillance,” said Christopher Soghoian, the principal technologist at the American Civil Liberties Union.

This is probably why we don’t hear about FBI requests to unlock Android phones. Most of them are not encrypted by default and others prompt you once. For those concerned about their privacy and data protection, there does not seem to be a better choice using an iPhone.