For those anxiously awaiting the rollout of Android "L," there's a new bit of information to add even more excitement to the wait. This news is a sort of double-edged sword (depending on how you view security as a whole). What I'm talking about is the fact that Android "L" will, out of the box, encrypt your data.
That's right. Instead of having to go through the lengthy (and, in some cases, "brick-inducing") process of encrypting the storage on your device, the "L" update will encrypt it by default. This will, effectively, help protect your data from prying eyes. All good, right? Not if you're on the side of the NSA and law enforcement. From that side of the security fence, things get a bit more complicated. Without you having to do a single thing, that data will be a bother to access... even for the powers that be — or so one would think. The thing is, encryption will protect the data while it resides on your phone. When that data resides on a cloud service or other type of server, you're not as safe as you think you are, regardless of the platform. You're at the mercy of your provider AND yourself. Let me explain.
You have your shiny new Android or iOS device and, for all intents and purposes, it's encrypted, protected, and otherwise safe from prying eyes. But what about that POP or IMAP account you depend on? What about your Facebook account with the password "password123"? What about the lock screen without a PIN, pattern, or password? What about your VPN connection?
You see where I'm going with this?
Google and Apple can do everything in their powers to bring newer and better levels of security to their devices. In the end, however, the security of mobile data is in the hands of the user.
- Subaru makes a safe car. If you don't drive it safely, your life is in your hands.
- Wüsthof makes some amazing kitchen knives. If you use them improperly, you can get hurt.
Google produces an outstanding mobile platform. If you use it without care or caution to security, your data is at risk. Period. End of story.
Or is it? So many questions... who's responsible for answering them?
We live in a world where culpability isn't taken as seriously as it should. The finger of blame has become as prevalent as the "finger of shame." As much as I hate to admit it, our world is in such a state where people want to do the least amount possible. People don't want to enter a password every time they open their device. They don't want to encrypt their storage because it takes time. Those in the field of IT battle this daily. When you enforce a strict password policy, end users complain. They don't want to change their passwords every 30 days or have to enter credentials just to use their smartphone — that same device they use for work every day (the one that stores sensitive data).
This attitude toward security must change. Honestly, security is breached every single day. With companies that spend millions on security getting hacked, do you think your unprotected smartphone is secure? Think Target. Think Home Depot. Your data is not safe — not without a bit of effort on your part. No matter what Google or Apple does, in the end, you must take steps to help secure your data. For example:
- Use two-step authentication on Google
- Add password protection to your lockscreen
- Encrypt your data
- Use solid passwords for ALL accounts
- Read the permissions listings before you tap Accept
- Don't connect to unsecured wireless networks
If you don't do that bare minimum, your data is at risk, regardless of what Google does with Android "L." Yes, defaulting to encrypted data will help the cause, but that does not let the end user off the hook for security.
There are apps out there to help you secure your data, including:
The list goes on.
I believe Android "L" will be the best iteration of the platform to date. I think defaulting to encrypted data is a smart move on Google's part, one that will help bring a layer of security to smartphones that most users have never experienced. However, that doesn't let the end user off the hook to do their part. You should never assume either Google or Apple will do everything for you. You must do your part to protect the data on your smartphone — otherwise, it's not safe.
Do you think Android "L" will be the most secure iteration of the platform? If not, what prevents Android from garnering your "thumbs up" for security? Share your thoughts in the discussion thread below.
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.