Google’s upcoming new mobile operating system, Android L, will for the first time include provisions to encrypt user data by default, rather than providing encryption only after it is turned on by users.
The move was unveiled in a Sept. 18 story by The Washington Post as part of Google’s latest push to better protect the data of its millions of users, especially in light of allegations made in 2013 of government snooping in Google and Yahoo data centers. Android L is expected to be released by Google in October.
In an email reply to an inquiry from eWEEK, a Google spokesperson confirmed the upcoming changes. “For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement,” the spokesperson told eWEEK. “As part of our next Android release, encryption will be enabled by default out of the box, so you won’t even have to think about turning it on.”
Apple also recently announced that the new iOS 8 operating system found in its just-released iPhone 6 smartphones and other new devices also includes default data encryption for users, according to an eWEEK report.
In a statement on Apple’s Website, CEO Tim Cook said the company is renewing its commitment to user privacy. “At Apple, your trust means everything to us,” Cook wrote in a letter posted on the new Apple privacy site. “That’s why we respect your privacy and protect it with strong encryption, plus strict policies that govern how all data is handled.”
Apple’s security and privacy policies have been under scrutiny in a number of different instances this year. Security researchers have questioned whether Apple works with governments to provide backdoor access, and earlier this month dozens of celebrities were victimized by an attack.
Cook wrote that he wants to “be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”
That means that since the data will now be encrypted, Apple will no longer be able to comply with legal government requests for access to a user’s iOS data, since Apple will not have the passcode to unlock it, according to Cook’s post.
With both Google Android and Apple providing such protections, it will likely ultimately affect a large number of mobile device and desktop users around the world, making their communications more secure by default.
Google certainly has been providing data encryption tools for users in the past, but they had to be activated by users themselves to be in operation. In June, Google announced an early alpha version of a new Chrome browser extension that will soon give users the ability to bolster the encryption of their emails while in transit to recipients.
The End-to-End extension for Chrome is available to Chrome developers who want to help add more protections to users’ emails while requiring fewer steps than existing stand-alone encryption applications. Because the project is in the early alpha development stage, it is not available yet in the Chrome Web Store as a finalized extension. The End-To-End extension will help users encrypt, decrypt, digitally sign and verify signed messages within the browser using OpenPGP, according to Google.
Encrypted emails are like sealed envelopes, and less vulnerable to snooping, according to Google.
The issue has become so important that Google now includes a new section in its Transparency Reports that shows how much email is being encrypted as it travels over the Internet.
Gmail has always supported encryption in transit by using Transport Layer Security (TLS), and automatically encrypts incoming and outgoing emails if possible, according to an earlier eWEEK report.
In March 2014, Google announced that all incoming and outgoing Gmail messages will also use encrypted HTTPS connections to better protect them from interception by attackers or spying, in response to allegations in the fall of 2013 that the U.S. National Security Agency (NSA) had allegedly spied on data in Google and Yahoo data centers.
Google’s launched Gmail on April 1, 2004.