As many of you doubtless know by now, Google's first Android 5.0 devices ship with full-disk encryption enabled out of the box - encryption that can't be disabled without flashing a new ROM to the device. We've heard from at least one source that this encryption shouldn't really affect on-device performance noticeably, but new benchmarks from Anandtech seem to suggest otherwise.
The heavily tech-focused review and news site didn't publish storage benchmarks for the Nexus 6 in their review, because the app used - Androbench - was deemed to be producing inaccurate results on Lollipop devices (and it definitely is). They tried another app that allegedly shouldn't run into these problems, called ANDEBench PRO (which I think is about to get a lot more downloads).
Anandtech also got something no one else yet has: a Nexus 6 running official software with encryption disabled. Anandtech was sent this device by Motorola, and it's the only test we've yet seen of a Nexus 6 without encryption. The results potentially indicate that what some of you had feared about Android's new encryption appears to be true: it's going to considerably affect eMMC (NAND storage) performance.
For posterity, I ran the same benchmark on a Nexus 7 (2013) running Lollipop, as well as a Nexus 9. Here are Anandtech's results next to my own.
My own results do add some confusion here - but they may have an explanation.
Both NVIDIA's Tegra K1 Denver and Qualcomm's Snapdragon 805 support some form of hardware AES and SHA encryption/decryption, though I believe the implementations are not identical. Denver uses the ARMv8 architecture, which has native AES and SHA support as part of its instruction set. The Snapdragon 805, meanwhile, achieves its own hardware-level AES support using a proprietary cryptographic module developed by Qualcomm.
My strong suspicion is that these two solutions were not created equally. Qualcomm's processor roadmap has struggled to make the leap to ARMv8-based chips at the high end of the market, with the company having shifted much of its current release schedule to push 64-bit mid-range and low-end chips in Asia and Europe. Though those chips are using the ARMv8 instruction set, their cores are based on standard ARM reference designs. Meanwhile, the top-tier Krait core still uses ARMv7, thus pushing Qualcomm into offering some form of hardware encrypt/decrypt while its next-gen 64-bit core is still in development.
Edit: So it turns out this may not be far from the truth. Apparently, Google has not merged the various drivers that optimize Qualcomm's QCE module for encryption and decryption into AOSP. The generally-assumed reason is that this code is proprietary. Without these optimizations, the Nexus 6's hardware decryption module on the Snapdragon 805 is essentially hamstrung.
This is just one possible explanation, though - there could be others. Still, it seems like the most reasonable one we have at the moment, given that the Nexus 9 hasn't otherwise gotten much of a reputation as a performer.
The real question we have to ask is whether or not any of these storage benchmarks really matter on a mobile device. After all, the number of intensive storage I/O operations being done on smartphones and tablets is still relatively low, and some of the situations where NAND slowdowns are really going to have an effect can be offset by holding things in memory. Still, it does appear that, at least for the Nexus 6, encryption isn't doing it any favors in the performance department.