When Android Lollipop was announced last year, Google said it would require full-disk encryption by default. However, new devices shipping with Android 5.0 don’t include it as a standard feature, Ars Technica discovered.
Last October, Google published a blog post that said: “Full device encryption occurs at first boot, using a unique key that never leaves the device.”
While its own Nexus 6 and Nexus 9 devices are encrypted by default, the same can’t be said for other devices, including ones that have received Lollipop updates, such as older Nexus phones and tablets and the 2014 Moto G.
The new second generation Moto E also runs Lollipop without default encryption, and Ars Technica found that Samsung Galaxy S6 demo units at Mobile World Congress were not encrypted either
Google’s latest guidelines for manufacturers building Lollipop-based devices (PDF) includes a subtle change in policy: new devices must support encryption, but it’s up to OEMs to enable it. That’s similar to the company’s policy for Android KitKat and other older versions of its OS.
One reason for relaxing the rules could be the effect full-disk encryption can have on performance. Without proper memory, chipset and file system optimization, it can cause devices to run much slower.
We’ve contacted Google for comment and will update this post when we hear more.