The Android Encryption Problem

It appears that if the San Bernardino shooters had used an Android phone instead of an iPhone, the headlines these days would have been very different.

The problem for Android is that, unlike Apple, Alphabet doesn’t make all its own handsets, and other makers have noticed and objected that encryption reduces function. So Google hasn’t forced the issue for the fear of device makers backing away from the Android model, where it makes the most money.

And so, while 95 percent of Apple’s iPhones globally are encrypted, only about 10 percent of Android phones are. Usually, apart from having to use Android branding and to offer standard Google map and search services, device makers have fairly open hand in how they configure their Android-based products.

“There is a push and pull with what Google wants to mandate and what the [manufacturers] are going to do,”said Andrew Blaich, lead security analyst at Bluebox Security Inc., which helps secure mobile apps. In some ways, Google is “at the mercy of the larger [manufacturers], like Samsung and LG, that are driving the ecosystem.”

Right now, only 2.3 percent of Android devices run Marshmallow, the latest instantiation of the OS (which requires makers to encrypt phones, meaning all high-end Android phones will come encrypted going forward), while almost 80 percent of iPhones run the most current iOS (9).