How does Android Lollipop's encryption affect me?

Being secure is all about adding layers in between the thing you want to keep safe and everything else, even you (and in some cases, especially you). Personal information, like the stuff we all routinely load our smartphones with, doesn't actually want to be secure. You have to put some work into keeping your information safe, and every step you take adds some small layer of inconvenience. In Android 5.0, Google made Full Disk Encryption something you can either enable yourself or enjoy because your smartphone or tablet has shipped with it enabled by default. Before you flip that particular switch, however, lets take a look at what you gain —and lose — through the use of this feature.

Not sure what Full Disk Encryption is, or how it works differently in Android Lollipop? You should check out our primer first.

Encryption Password

The two big ways Full Disk Encryption affects users is performance and protection, and like most forms of security you're going to lose some of the former in order to gain the latter. Performance is a funny thing to talk about with Android devices, because most folks look at performance one of two ways. You're either all about the hard data provided by a technical benchmark, or you'd like to see how usage in the real world changes. While we typically shy away from benchmarks to demonstrate performance over real world use, it's important to see just how many different ways encrypting your device affects performance.

Storage Benchmark

There are a ton of different benchmark tools out there, but for this job we're relying on AndEBench Pro (opens in new tab) to demonstrate the differences in performance. We ran the storage benchmark before and after encryption on a Nexus 5 running Android 5.0.1, and in doing so found a huge difference in disk read performance between unencrypted and encrypted. Specifically, the encrypted Nexus 5 was reading information on the disk 40% slower than the unencrypted Nexus 5. This is an expected behavior, and will happen with every encrypted drive, but what this means for day to day use isn't nearly as bad as it sounds.

System Benchmark

If we take a look at the actual system performance under this same benchmarking tool, you see that the time required to perform most tasks has only slightly increased. This increase on the Nexus 5 is barely noticeable during most tasks. Eagle-eyed users will notices photos taking slightly longer to load from the gallery, big apps like games will take a little longer to load from a cold start, local playback of 2K or 4K content will take a little longer than usual to start. Naturally, this all adds up. When every single task is slowed down by a little bit, rapidly switching between apps is going to be slower as well. Once you're in an app, or are already playing a file, you're not going to notice any performance issues on the Nexus 5.

There is one outlier to this particular performance demonstration that's worth talking about, which is the Nexus 6. Google's reliance on a CPU-based encryption for the Nexus 6 causes a greater discrepancy in performance than we'd see with most other devices, thanks to Qualcomm's crypto engine. Since we can't predict what every manufacturer is going to do with encryption in a post-Lollipop world there are no guarantees, but it seems more than a little likely that most OEMs will try to avoid performance deficits like what we see on the Nexus 6.

Encryption Robot

This is the trade-off for the kind of security that keeps your phone more or less safe from intruders of any kind. From pickpockets to spy agencies, an encrypted disk is often a costly hurdle that in many cases is deemed not worth pursuing. It's the kind of thing that could cause a thief to just throw your phone away instead of trying to wipe it and sell it, but it's also worth keeping in mind encryption is only as secure as your password. Additionally, if your phone is already on and active there are ways to bypass most Android lock screens, leaving your data available even though it's encrypted. It's all about the balance between security and inconvenience, and choosing how many layers you want in between your data and the rest of the world.

Russell is a Contributing Editor at Android Central. He's a former server admin who has been using Android since the HTC G1, and quite literally wrote the book on Android tablets. You can usually find him chasing the next tech trend, much to the pain of his wallet. Find him on Facebook and Twitter

  • Last sentence of the first paragraph: Should be lose, not loose. #corrections
  • Don't be that guy.... Posted via Android Central App
  • Too late.
  • No - to late. Wait... I mean two late. Darn. YouR write and there wong.
  • Don't get so defensive.
  • Not quite sure how you can call a 40% reduction in read speeds on an encrypted N5 "isn't nearly as bad as it sounds" A N5 on lollipop with Encryption borders on unusable.
  • Have you tested this yourself? Most users won't notice a. 01ms difference Posted via the Android Central App
  • Yes. Extensively. And the performance difference made it unusable. Even after a factory reset, then encrypting it before doing installing any apos so it is as clean as it gets. Within a week of normal usage the phone bordered on unusable. And I'm not talking milliseconds here. I'm talking about 7-10 seconds from button press to response. I have had no similar issue on the same phone without encryption after another factory reset. Posted via the Android Central App
  • Encryption ruined my Moto G3 (8gb/1gb), very slow, major lags and frequent freezing/crashing/rebooting. On the other hand my Zenfone 2 ZE551ML handled encryption without any degradation in performance. I thought this was because it has so much RAM (4gb) but apparently the real reason it handles encryption so well is the Intel chip encrypts via hardware (fast) unlike most phones which do it via software (slow)
  • I totally agree with you. Indeed, before, when I was thinking that an encryption method would normally degrade performance. But, as you, fortunately I was wrong, since Zenfone 2 ZE551ML (32 GB version) runs absolutely without any sort of lag or reduction in performance! So I'm very satisfied with this Zenfone!
  • because 40% of a 0.1 second is .... likely nothing :D
  • I have it on my N5, barely any difference for day to day stuff.
  • Actually I want to know where I can get one of those android lollipop lollipops
  • I realize a nexus 6 without encryption is probably faster but my encrypted Nexus 6 is pretty snappy!
  • I agree that I haven't noticed any slowdowns that make me think I need to turn off encryption.
  • Numbers game. I really don't notice much of a performance hit on my encrypted lollipop device. Maybe to users who play games intensely, but not to users who just browse or messages. Posted via the Android Central App
  • Just like on computers encryption should be on an as needed basis (opt-in). Your average user does not need encryption. It is normally reserved for enterprise users where their work policies dictate it (ex. work devices that actually contain potentially sensitive data or laws that require it. Ex. HIPAA). That is unless you're the tinfoil hat type, but then encryption only protects if your device is lost or stolen. But again the average user doesn't have that type of sensitive data to justify encryption.
  • Thanks for providing this benchmark information. I wouldn't mind an extra little latency on my phone, but my real concern is how it will affect video/audio streaming on my HTC One (M8), especially on Netflix. That app seems to be especially vulnerable to timing issues that can cause audio & video skips and drops that can make watching unbearable. I'm also concerned about whether or not the device encryption can be reversed.
  • I have an HTC One M8 on Verizon. As you know, you can turn on device encryption right now whether you are on Lollipop or not. It is already built into Jellybean, but not activated by default. I have done full disk encryption on my M8 twice. It works great . . . for the first two days. After the first couple of days your M8, if it is anything like mine, will begin to slow drastically. Mine was getting so slow that I began having keyboard lag and my keyboard would actually start missing full words. Opening up apps came to a crawl and unlocking the device became a slog because the keyboard would take 5 or so seconds to start up so i could punch in my lengthy password. Scrolling on web pages became unbearable about three weeks into encryption and then my phone was darn close to unusable, even after doing a full shut down and reboot of the phone. To reverse disk encryption, you need to factory reset your phone. I factory reset my phone and used it for a month before getting the itch to see if encryption would work well after a full factory reset. I did a factory reset and then encrypted the phone again. Like clockwork, my M8 slowly but surely turned to molasses. My battery life would tank, my screen would take a while to turn on after a double tap or hitting the power button, and the phone would randomly heat up. I do not recommend disk encryption on the M8. I have done it twice and your phone will start to underperform quickly.
  • I really appreciate the detailed response you provided. It was funny that the Notification text or your response ended with the words "It works great", so initially, I thought you were happy with the results. Obviously that wasn't really the case. My HTC One (M8) is a GPe version on Lollipop 5.0.1, so there are some differences from yours. As it stands today, I'm very happy with the performance and battery drain on my One (M8). I assume you are still on Kit-Kat, and you have the HTC Sense UI on your device, so it's conceivable mine might perform a little differently with encryption enabled, but I really doubt it. While I'm open to improved security, it sounds to me that the risk of degrading the performance of my phone is too high. I don't want to have to go through what you did.
  • Yes, I am on 4.4.4 Kit Kat running Sense 6 and all standard updates applied. I have not rooted the phone. I should also note that I did encryption with both the ART runtime and Dalvik and I still had the major performance problems. Posted via the Android Central App
  • > There is one outlier to this particular performance demonstration that's worth talking about, which is the Nexus 6. Google's reliance on a CPU-based encryption for the Nexus 6 causes a greater discrepancy in performance than we'd see with most other devices, thanks to Qualcomm's crypto engine. Umm... What discrepancy? No, really, there's no elaboration on this point. If the photos are supposed to help, they don't; the photos are just the benchmarks for the Nexus 5, twice. Having a Nexus 5, 6, and 7 all on Lollipop, I don't see any major discrepancy in my phone's performance. It's perfectly snappy and quick, with no major slow-down just because of the encryption on my Nexus 6. Same for the Nexus 5 and Nexus 7.
  • If a Lollipop device is encrypted do you have to have the screen lock enabled as well? Can the screen lock be a pattern unlock or does it have to be a pin or passcode? Posted via Android Central App
  • Had to encrypt my Nexus 5 on Lollipop to use it with my corporate email. The performance decrease is extremely noticeable. I get noticeable lag opening apps, switching between recent apps, opening menus, bringing up or closing the keyboard, and pretty much everything in general. It's not a one off. I wiped my phone and started again unencrypted to be sure. It felt like the device it was born to be. Once I encrypted it again I have been faced with a frustrating daily experience. It's something I have to live with as it's my choice to use my phone for work, but I just hope Google will do something in a future update to lessen the impact of encryption.
  • My experience is just like yours, so any talk of "barely noticeable" just doesn't hold up in real life when using it as a primary device for a longer period of time. I ended up living without my work email on my phone until yesterday, when I tried out Cloud Magic. It'll sink with my exchange email without needing any elevated security settings, so no encryption required. Seems like a great solution so far.
  • stupid question: do i have to enter code every time i wake the phone or only at startup?
  • Only at startup. Posted via the Android Central App
  • How are SD cards handled for encrypted devices? Are they encrypted too?
  • There is an option in your settings to encrypt them as well. Posted via the Android Central App
  • Is encryption a moot point for those who unlock bootloaders and/or root? Is it even possible?
  • 40% is only but one of the tests, it can be al lot more than that as in this article: 40% is completely unacceptable anyway and I don't know how they managed to blunder this one out so much. Apple devices don't slow that much with encryption on, hell not even Windows devices with bitlocker or Truecrypt on! How could Android encryption slow the device so dramatically? And most importantly, why is this not a priority for Google? A company that has pride itself with technical finesse and performance! It baffles me, and it is embarrassing for them no being able to turn it on by default in all devices due to these issues because things like this are bound to happen:
  • You should decide whether to opt-in or opt-out of encryption, based on your risk profile and tolerances: Encryption SLOWS each and every device substantially
    Encryption makes many devices UNUSABLY SLOW.
    Encryption EATS BATTERY.
    Encryption EATS CPU
    Encryption makes phone HOT.
    Encryption PROTECTS business critical data of companies with valuable secrets. Encryption is like a drug or vaccine. It might make sense under certain circumstances, and it WILL have side-effects.
    Even if stolen, a lock-screen on phones protects phone data virtually always, except for rare cases of sophisticated data thieves. Almost all thieves want to re-sell the phone and have zero interest in data. What is your risk profile for losing or theft of phone?
    To what degree can you tolerate the sharing of local phone data if lost/stolen?
    To what degree can you tolerate side-effects of encrypiton? Now, YOU THE USER make the call if encryption fits your scenario.
  • "...make the call..." ISEEWHATYOUDIDTHERE.jpg :D
  • My performance improved with encryption.