Google Joins Apple In Making Android Devices Encrypted By Default

Google is implementing stronger data security measures for Android smartphones and tablets running the upcoming version of its mobile operating system by enabling device encryption by default, a protection already set for users of Apple iPhones and iPads.

Company spokeswoman Niki Christoff told the Washington Post Friday that Google would enable encryption in Android L "out of the box, so you won't even have to think about turning it on."

Google unveiled Android L in June at its Google IO conference for developers. The upcoming Android operating system has a redesigned interface and is currently in beta for Nexus devices. It is expected to be released by the end of the year.

[Related: Mobile Security Smackdown: iOS vs. Android vs. BlackBerry vs. Windows Phone]

Sponsored post

Solution providers call the out-of-the-box encryption a significant security improvement for the devices, which have posed an increased risk at organizations that are under regulatory pressure to control sensitive data. If encryption is enabled, criminals would need a passcode to view and retrieve data from a lost or stolen Android device.

Device encryption or full-disk encryption on laptops, PCs, smartphones and removable drives is rarely fully deployed at businesses, but organizations roll it out selectively to users that may be carrying sensitive data while working remotely, said Paul Deur, a principal at New York-based managed services and security consultancy Eden Technologies. Encryption can have a major impact on worker productivity if not properly planned and implemented, Deur said.

"More laptops and mobile devices present a need for businesses to encrypt all those endpoints, but there really is no cookie cutter approach for organizations," Deur said. "Encryption needs to be deployed systematically and implemented properly or a criminal can easily get around it."

The default encryption is one of a number of security and privacy improvements that Google is rolling out for devices in the upcoming Android L release.

The company is also adding Universal Data Controls function that is designed to prompt permission requests when an app performs a function that impacts privacy, such as tapping into contacts or retrieving location data. The company said it is also making it difficult for thieves to conduct a factory wipe of stolen devices. A factory reset will require the device owner's password in Android L.

Google is also addressing how it pushes out security updates to Android users. Future security updates will be delivered through Google Play services for some handsets. Security experts have pointed out that Google's security issues stem from its lack of control over its hardware ecosystem, which has slowed the deployment of critical security updates in the past. Hardware makers and carriers will continue to control the release of firmware updates, but security fixes will be deployed through Google Play.

Android L will also sport a new feature called Android For Work, which is designed to better protect corporate data by isolating it from the owner's personal information. The feature incorporates Samsung KNOX and can isolate applications approved for the work space and keep unauthorized applications on a segmented part of the device.