Forcing Encryption on Android: Should it be there?
I have noticed lately with Marshmallow and now with Nougat rolling out that Forced encryption is the new wave of the future. This topic comes to mind as I once again have had to break out my USB cable or OTG SD card reader and attach it my device, so that I can start to get all of my data back on my phone, that was lost when my Nexus device was forced into encryption while testing a new Rom. I had the forethought to have a back up ready at hand because I have been down this road before and it seems like lately, this road is becoming all too familiar.
I understand why we have it, encryption, and what it does for us and it is a very powerful tool, but for Google to force all users to be encrypted right out of the gate goes against everything that I once thought Android stood for.
Back when I was trying to decide whether to take the plunge into Android, and leave the IOS and BlackBerry platforms permanently, the deciding factor to me was the ease at which you could root your Android based device and have total control over it. This was a new territory to me but the prospect of being able to root my phone, by throwing on a custom recovery like TWRP or CWM and then flashing "Chainfire's" SuperSU, was too tempting to resist. I was now able to uninstall any bloatware that came pre-installed by the devices manufacturer or the carrier that I was through at that time.
This now opened more doors like flashing custom roms and kernels which now changed the whole look and feel of my device from the way that it came to me from the cellphone store's showroom. And if I didn't want to go the route of a custom rom, I could run my stock rom and install Xposed Framework and have my pick from a few hundred Xposed modules that would allow me to drastically customize my stock Android OS. This was all before Marshmallow though.
When Marshmallow hit the scene I found that my beloved Nexus device was encrypted by default, without my input. I had always known that I had the option to encrypt my device manually using the "encrypt phone" option under settings/security, but now the device came this way from Google. What if I didn't want to have my device encrypted? Well, there are ways to do it with either tools developed by very good developers, or just by the old fashion way of formatting my Data partition with my custom recovery. But again, why force the encryption? Why was this option taken away from me and the decision left to the owners of Google?
I do understand that unlocking my bootloader and rooting my device with a custom recovery greatly decreases the security on my device and makes it easier for a deviate to steal my information and to do something with it. But I know this.. I knew this before I decided to even alter my device and I made the decision, on my own, to do so. I purchased the device with my hard earned money and Google didn't give it to me. This should be my decision to make and not be forced on me by Google.
So now I have to be careful every time I flash a custom rom to be sure that the rom and/or the kernel is not force encrypting or I stand to loose all of my data. Yes I back up and yes, I can recover it, but it is a long and arduous process. There is a zip out in the Nexus community called "FED patch" which stands for "Forced Encryption Dis-abler" that if flashed, right after the rom is flashed, will dis-able the forced encryption flags in the kernel/rom for you "which is a life saver". So I use it a lot lately and I highly recommend that you add it to your folder of zips on your Nexus device, or which ever device you may own.
So where does this leave us? If I was a betting man I would say that there are changes in the air for device owners and custom rom developers. Bare in mind that this is purely speculation and my opinion only, but I do think that Android is heading to be a more secure OS, not unlike IOS and the ability to customize the Android OS is going to be harder if not downright impossible. Google is making it harder to root and we all know that without root we have no way to customize the OS at its core. We will still be able to install second party launchers, widgets and wallpapers but as for applying custom themes, we will have to wait and see what Google allows us to do.
We'er even seeing the forced encryption issue arise with the latest builds of TWRP, This is the custom recovery that most all of us use to flash custom roms and kernel to our devices plus make back-ups and restore those previously made backup. There are issues with the latest builds not being able to decrypt the different partitions on the device. Although, the crew over at Team Win Recovery Project are certainly busting their humps to get this all sorted and I am sure that they will have this issue fixed and then some. But is this what we can expect from Google from here on out? With each update that is pushed, will it get even harder to bypass the safety features in place? Is Google going to forget the custom side of android for the more secure side?
I hope that I am wrong about this whole rant and that Android stays open sourced for ever and we have even more talented developers step up to the plate to completely customize and optimize what Google has to offer us. I like being able to take complete control over my device and I love flashing new custom roms to my phones and tablets just to see how far developers are willing to push the envelope. As I said, I hope that my line of thinking is way off the mark and I am plain wrong. I guess time will tell and we will soon see.
Forcing Encryption on Android: Should it be there?
Reviewed by David Hayes
on
10/11/2016 01:41:00 AM
Subscribe To Us
Get All The Latest Updates Delivered Straight To Your Inbox For Free!