Google made news earlier this year when it announced that Android 5.0 Lollipop devices would ship encrypted by default. And indeed, the first few Lollipop devices (all Nexus) were encrypted out of the box. However, OEM Lollipop phones are not shipping with encryption enabled. It looks like Google is backing off on this requirement, pushing it to a future version.


So, something changed at some point between the original announcement and Google's release of the updated Lollipop hardware requirements in January. According to the Android Compatibility Definition (PDF), encryption isn't required on Lollipop but it must be supported (no change there). Here's the relevant section.

9.9 Full-Disk Encryption 

If the device implementation has a lock screen, the device MUST support full-disk encryption of the application private data (/data partition) as well as the SD card partition if it is a permanent, non-removable part of the device. For devices supporting full-disk encryption, the full-disk encryption SHOULD be enabled all the time after the user has completed the out-of-box experience. While this requirement is stated as SHOULD for this version of the Android platform, it is very strongly RECOMMENDED as we expect this to change to MUST in the future versions of Android.

The above language opens the door for devices like the 2nd generation Moto E to ship without encryption. The Samsung Galaxy S6 and HTC One M9 could also be unencrypted by default when they come out (demo units at MWC aren't).

Why change the requirement? We know from the Nexus 6 and Nexus 9 that even with modern hardware there's a little performance degradation due to encryption. Pushing mandatory encryption to a future version of Android gives OEMs a chance to implement faster storage and better file systems to handle the increased system overhead. That's the most likely answer, but I'm sure some will blame this on the encryption haters at the NSA and FBI. Even if it was them, we'd probably never know.