The Haves And Have-Nots in Device Security

Blog Post created by todb Employee on Nov 2, 2015

Today's story about the ongoing issues law enforcement is running into with Apple's encrypted-by-default design illustrates a major difference between the iPhone and the Android security models. Encryption by default on older Apple devices makes it impossible for anyone without the password to decrypt the phone. This, in turn, becomes a problem for law enforcement, since it means that barring an exploitable boot-time vulnerability, no one can peek in on personal data stored on an iPhone. This leaves not only law enforcement with a compelling reason and a court order, but also criminal and espionage organizations out in the cold. Of course, an individual or rogue element in a law enforcement organization also cannot spy on most iPhone users' stored data with or without judicial oversight. This is itself a pretty strong guarantee of civil liberties, and helps protect Fourth Amendment guarantees in the U.S.


The fact that the U.S. Department of Justice is still asking for Apple's help, and Apple's statements that it's technically unfeasible to help the DoJ, is good news for end users who are concerned with personal privacy. I can appreciate the government's frustration with device encryption in cases where they suspect the evidence is there and the device's owner is being uncooperative. But, the fact is that if there is a backdoor to device encryption, or other means for law enforcement to subvert encryption with a court order, it would mean there is a technical capability for anyone to do the same as soon as the mechanism became known, and judicial oversight and good intentions become optional.


Unfortunately, Android phones do not enjoy this level of across-the-board privacy protection. According to the Android Compatibility Definition, there are many, many mid-range and lower-end devices that are exempt from encryption by default, even in Marshmallow, the latest named release. Section 9.9 exempts devices that don't meet a minimum performance threshold, and other devices may define a default (and therefore, discoverable) password to the encryption key in certain implementation circumstances.


The lack of encryption-by-default on Android is problematic from a civil liberties perspective. Android devices are less expensive than iPhones, and account for over 80% of all smartphones. So, while iPhone continues to provide the safer default configuration, the vast majority of people who use smartphones as their primary Internet device will not enjoy the privacy-enhancing benefits of on-board encryption.


It's a shame that there exists this haves and have-nots dichotomy when it comes to default privacy guarantees. I'm hopeful that people who value the security of their privacy are aware of the differences between Android devices, and how they compare to their Apple counterparts. While it's possible to enable local disk encryption on many Android devices, end users rarely poke into settings beyond the defaults. Put simply, people shouldn't have to be rich enough to afford, or expert enough to configure, a device for basic privacy and security in order to enjoy their benefits.