I believe full device encryption is a great feature for all users, but there are issues with the way Google has implemented it, esp on the Nexus 6.
Lollipop has this turned on by default, and by all accounts it will be very hard or impossible to turn it off on factory devices (like Nexus 6). It will be possible to disable this on a phone like Nexus 5 which doesn't have it on by default, but will still need root + custom kernels.
iPhone 6 and iOS 8 also have data encryption by default, so lets compare the 2 approaches.
iPhone - there is a dedicated memory controller chip that is responsible for this. All data read/written from storage passes thru this chip, and is encrypted/decrypted using AES, which is also natively accelerated using ARM v8 hardware support. As a result, this is a very efficient and secure data path with almost no speed hit.
Nexus 6 - there is no hw support for this, so data has to read from flash by the cpu, enrcypted/decrypted, then written back to memory. This is inherently a slower approach as it requires 2x the read/writes, but is much slower too because there is no ARM v8 and its done in software. Plus I believe it is more susceptible to attack since it is running in software.
I want encryption to be turned on, I just wish Google had thought a bit more about this and included at least hardware support in the Nexus 6. The phones that will come out soon in a few months will use ARM v8 cpu's and will be able to take advantage of hardware AES, but still not the extra data path problem (unless they have a dedicated chip).
Lollipop has this turned on by default, and by all accounts it will be very hard or impossible to turn it off on factory devices (like Nexus 6). It will be possible to disable this on a phone like Nexus 5 which doesn't have it on by default, but will still need root + custom kernels.
iPhone 6 and iOS 8 also have data encryption by default, so lets compare the 2 approaches.
iPhone - there is a dedicated memory controller chip that is responsible for this. All data read/written from storage passes thru this chip, and is encrypted/decrypted using AES, which is also natively accelerated using ARM v8 hardware support. As a result, this is a very efficient and secure data path with almost no speed hit.
Nexus 6 - there is no hw support for this, so data has to read from flash by the cpu, enrcypted/decrypted, then written back to memory. This is inherently a slower approach as it requires 2x the read/writes, but is much slower too because there is no ARM v8 and its done in software. Plus I believe it is more susceptible to attack since it is running in software.
I want encryption to be turned on, I just wish Google had thought a bit more about this and included at least hardware support in the Nexus 6. The phones that will come out soon in a few months will use ARM v8 cpu's and will be able to take advantage of hardware AES, but still not the extra data path problem (unless they have a dedicated chip).
Facebook
Twitter
Instagram