On Monday, experts speaking to The Wall Street Journal about the ongoing smartphone encryption debate estimated that roughly “10 percent of the world’s 1.4 billion Android phones were encrypted,” compared to 95 percent of all iPhones. For iPhones, that estimate is based on data provided by the company’s OS distribution chart—this isn’t a perfect source since it also includes iPods and iPads. In any case, the vast majority of iDevices are running iOS 8 or 9 and thus all data on them is encrypted in a way that makes it impossible for Apple or others to directly access data on them without their passcodes.
The figure for Android phones is likely an estimate based on other sources, since it’s impossible to get similar data from the Android distribution chart. Google has historically had trouble getting its hardware partners to encrypt their phones and even had to backtrack on promises that Android 5.0 phones would be encrypted by default because of performance concerns. Ultimately, the company was able to make encrypted storage a requirement for Android 6.0 phones that meet the required specs (Nexus devices have been encrypted by default since the Nexus 6 and 9 came out in 2014), but currently only 2.3 percent of all Android phones run Marshmallow. Even worse, only new phones that ship with Android 6.0 need to be encrypted, and it’s still optional for those that upgrade.
iOS and Android’s OS distribution charts. If a device is running iOS 8 or 9, you can assume things about how encryption is working. Not so much in Android’s case.
iOS and Android’s OS distribution charts. If a device is running iOS 8 or 9, you can assume things about how encryption is working. Not so much in Android’s case. Credit: Wall Street Journal
Most people just stick with whatever default settings their stuff comes with, which is what makes default settings so important—almost all Android phones support encryption, but few actually use it. Assuming that people don’t begin encrypting their Android phones en masse or that Google doesn’t change its policies, it means that it could easily be another two or three years before even a plurality of Android devices are encrypted.
If you or someone you know has an older, unencrypted Android phone, when should it be encrypted? Obviously, if privacy and security trump all other concerns for you, you should encrypt regardless. But especially for more casual users with older or lower-end devices, encryption can noticeably impact performance in ways that can make these devices actively unpleasant to use. That’s because data read from and written to the device’s storage all needs to be decrypted and then re-encrypted, something that a lot of older ARM processors aren’t particularly good at.