All the tech news and commentary seems to be centred around Apple right now (or nVidia if you are a gamer), whilst the big security story is Home Depot, so you may have missed Google’s announcement that the new iteration of its popular Android operating system will have an interesting new feature: default encryption.
KitKat’s successor, known simply as “L” for now, will fall in line with what could be broadly called an industry standard now as tech firms look to offer better data security in the wake of the goings-on within the NSA, GCHQ, et al.
The Android operating system has been capable of encryption for a while of course as Google spokeswoman Niki Christoff explained:
“For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement. As part of our next Android release, encryption will be enabled by default out of the box, so you won’t even have to think about turning it on.”
With encryption enabled on such a device, neither Google nor other service providers would be able to access the encrypted data, forcing law enforcement to deal with the user of the device directly (note: witholding passcodes/passwords is an offence in some countries).
Currently that encryption is off by default though, leaving users to figure out a) that their device even has that capability and b) how to turn it on. When Android L moves from developer preview mode to full release at some point before the end of the year, such potential issues will be removed and even the average smartphone and tablet user will be able to enjoy encryption. As a side effect, users who are unaware of Android’s encryption abilities will also find that their data is better protected should they lose their device or have it pilfered.
Tech companies and developers alike, possibly aware of the situation Lavabit found itself in, are keen to ensure that their systems and apps are created in a way that doesn’t leave them holding all the keys, a situation that could put them on a collision course with the security agencies or other legal entities who may require user data (subject to warrants being properly issued, of course).
For that reason, systems which allow encrypted data to pass through their networks, but leave the keys with users, are ideal as the service providers will have no way of knowing or handing the keys over themselves.
Apple, which offers Android’s main competitor iOS, announced on Wednesday that its new operating system had been baked in such a way that the company cannot access the data stored on any of its devices if protected by a passcode. And thats got to be good for users, whether they are the “I’ve got nothing to hide” type or not.