If you may remember earlier this year in March, we mentioned to you that Google no longer required full-disk encryption on Lollipop by default. We said that Google backed away from its decision before to require encryption. Reason was that Android 5.0 encryption was bringing devices some storage performance issues.
Google was kind enough to change that policy so new phones are no longer encrypted by default. In Lollipop, encryption became optional. We noted then that future Android version might finally have full-disk encryption. True enough, the newest version of the mobile platform is enabling full-disk encryption. According to the latest Android Compatibility Definition document for Marshmallow, Full-Disk Encryption under the section ‘Security Model Compatibility’ is a requirement for new devices but is “Optional for Android device implementations without a lock screen”.
“Full-disk encryption must be enabled by default” for devices with a lock screen feature and is memory is not restricted.
9.9 Full-Disk Encryption
For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience. If a device implementation is already launched on an earlier Android version with full-disk encryption disabled by default, such a device cannot meet the requirement through a system software update and thus MAY be exempted.
The latest Android Compatibility Definition requires devices with a secure lockscreen should have a fingerprint sensor and corresponding API for other developers/
Section 7.3.10. Fingerprint Sensor reads:
Device implementations with a secure lock screen SHOULD include a fingerprint sensor. If a device implementation includes a fingerprint sensor and has a corresponding API for third-party developers.
Device MUST do a number of things including: declare support for the android.hardware.fingerprint feature, fully implement the corresponding API as described in the Android SDK documentation, and rate limit attempts for at least 30 seconds after 5 false trials for fingerprint verification among others. (View full list)
Android 6.0 Marshmallow also boats of several Power-Saving Modes under 8.3 of the document but app developers must follow the requirements set by Google first:
All apps exempted from App Standby and/or Doze mode MUST be made visible to the end user. Further, the triggering, maintenance, wakeup algorithms and the use of Global system settings of these power-saving modes MUST not deviate from the Android Open Source Project.
This ‘Android Compatibility Definition’ is an important document that Android Developers must be checking regularly because it is where the set requirements for devices to work with Android 6.0 Marshmallow are listed.