When Google first unveiled Android 5.0 Lollipop, one of the big security features that it highlighted was that your device would be automatically encrypted upon first boot. However, it looks like Google has now relaxed that requirement.
Ars Techinca has discovered that the current version of the Android Compatibility Definition document (PDF) now says that Lollipop devices must support full-disk encryption and that the feature should be enabled after a device’s first boot. Google goes on to say that while it says that full-disk encryption should be enabled, it’s “very strongly recommended” that OEMs turn it on because Google expects the recommendation to change to a requirement in the future. The entire Full-Disk Encryption section is as follows:
9.9 Full-Disk Encryption
If the device implementation has a lock screen, the device MUST support full-disk encryption of the application private data (/data patition) as well as the SD card partition if it is a permanent, non-removable part of the device. For devices supporting full-disk encryption, the full-disk encryption SHOULD be enabled all the time after the user has completed the out-of-box experience. While this requirement is stated as SHOULD for this version of the Android platform, it is very strongly RECOMMENDED as we expect this to change to MUST in the future versions of Android.
Google hasn’t yet said why it walked back its original full-disk encryption requirement. However, it’s suggested that the change was made to give device makers more time to make sure that their hardware will run properly with full-disk encryption on. Many people found that the Nexus 6 took a performance hit due to the feature, because the device was found to be slower than the older Nexus 5 at times.
Full-disk encryption that’s enabled upon first boot is a nice feature to have, but I’m betting that a lot of folks would prefer it be off if it’s going to have a negative impact on their device’s performance. Google will likely wait to bring its requirement back until its OEM partners are able to show that their devices can handle full-disk encryption without slowed performance, so hopefully the manufacturers can figure it out soon.