Why Google couldn’t live up to its mobile security promise

Google isn't living up to its promise and is actually requiring Android makers and distributors to turn on the encryption feature by default. The instructions given to device makers for using Lollipop say "full-disk" encryption is "optional for Android device implementations without a lock screen." Devices with lock screens must support encryption, but it's only very strongly recommended that the feature be enabled out of the box, not required -- although the document notes that Google expects it to be required in some future version of the software.

Why is it hard for Google to keep its mobile encryption promises? The answer comes down to how the company approaches the mobile device market. Android is a free-wheeling beast. There are many different manufacturers making devices that rely on the operating system sold by many different carriers around the world. And at it's core, Android is an Open Source project, so there are various forks and offshoots with different security features and update schedules. That results in what experts call fragmentation -- a market where users around the world are using a bunch of different flavors of Android, rather than just the handful of iterations Apple devices might be using. And fragmentation means Google can have a harder time living up to some technical promises.