Encryption on Android is no longer a new thing although that does not mean every device that runs on Android comes with the safeguards that are afforded by encryption.
While it has been the goal of Google to ensure all Android devices are protected in this way, some devices are simply not built to be able to handle encryption. This is where Google’s new Adiantum comes in.
Google officially announced Adiantum earlier today in a security blog posting and took a moment to explain how it hopes this will become the missing piece in its encryption chain.
Encryption by default was introduced when Android 6.0 (Marshmallow) rolled around, and Google has now explained that entry-level phones just do not contain the processing power needed to run using the Advanced Encryption Standard (AES) – the standard Android uses for storage encryption.
This is not just an issue with phones either, as Google also points to smartwatches and TVs as also suffering in the same respect, and again due to their dependence on low-end processors. Google specifically name-drops the ARM Cortex-A7 as that is one of the more common options that can be found in these devices, explaining that it’s not so much the processor cannot use AES at all, but more so, using AES slows down the user experience so much that it is just not a viable option.
This had previously led Google and the Android team to excuse devices that were poor on AES performance — defined as “50 MiB/s and below” — from abiding by the same requirements that were put on the majority of Android devices by Android 6.0.
That excusing is set to change now with the availability of Adiantum. Google says that in spite of how new this solution is, it has “high confidence in its security,” and as it has been designed to play better than AES with entry-level and low-end processor-running devices, phone makers with products in this segment will be expected to include one or the other (Adiantum or AES) with all of their devices going forward.
Google does not want this to be necessarily a choice phone manufacturers make, but instead is one that will be dictated by the performance of the device in question. For example, phones with an AES performance score of 50 MiB/s and above will be expected to draw on the existing AES solution while those with a score 50 MiB/s and below will need to make use of the new Adiantum option.
The overall idea being that in the future encryption will be made available to all Android devices, regardless of tier, price or performance. This will begin with Android 9 Pie as that now supports Adiantum, although the more industry-wide change and the enforcement of the use of Adiantum will be more evident when Android Q is released later in 2019.
As is to be expected with a new security-focused solution, Google has published a wealth of detailed information that thoroughly explains how Adiantum works, and how it compares to existing solutions. That information can be found here.