contador pagina web Skip to content

default encryption flops

In September 2014, Apple updated its privacy policy to take into account the new features linked to the release of iOS 8. The Apple firm then also announced the encryption of the majority of user data. A post-Snowden initiative in a climate of suspicion and including vis-à-vis government requests.

Apple wrote that on iOS 8 devices, personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes and alerts are protected by the password (or code).

Encryption" Unlike our competitors, Apple cannot bypass your code and therefore access this data. It is therefore not technically possible for us to respond to government requests to extract the data. "

In the process, Google had reacted to highlight the fact that data encryption would be activated by default for new devices equipped with Android L. The real novelty here was this activation by default without having to go into the settings of the terminal .

When Android L became Android 5.0 Lollipop, Google wrote about data protection that their encryption is done by default from the moment a new Lollipop device is turned on. " The complete encryption of the device occurs at first start-up, using a unique key that never leaves the device. "

Except that walking through the aisles of MWC 2015 in Barcelona, ??Ars Technica found that the promise of a default activation of encryption on new Lollipop terminals is not kept as it was the case with Nexus 6 and Nexus 9. It turns out that the Mountain View company has discreetly relaxed its directive.

In the latest version dated January 11, 2015 of its Android 5.0 Compatibility Definition (PDF) document for partner manufacturers, the semantics have changed. The encryption obviously remains in the game, but the manufacturer decides whether to activate it by default or not. An activation which if necessary resumes its optional character (manual) as with Android KitKat.

Default encryption? it will ultimately be an obligation to " future versions "Android. And again, that's what Google says it hopes. Google has confirmed this policy change without explaining it.

For Ars Technica, it is the consequence of a default encryption which degraded the performance of a device. The goal would be to give manufacturers more time to adapt and allow the equipment to make the transition. " Performance issues can be compensated for by using faster flash memory, faster file systems like F2FS and chips which are better for fast encryption and decryption of data. "

It's a similar view for The Register that Android doesn't have all of the drivers to take advantage of AES acceleration in chips. This is the kind of concern that Apple does not know, which retains sole control of the software and hardware for its iOS terminals.

The most suspicious will wonder if the American authorities, who openly criticized the encryption on the terminals, were simply not heard.