IssueTracker

This should have been implemented in froyo

Issue 36910061  without Issue 36917804 will resolve only 10% of problem as more and more
companies are also going for device/card encryption in their exchange security policies.

Please vote and get this at high priority.

This issue and Issue 36909034 should probably be merged (this one is a lot clearer, but
that one has more votes).

Come on Google not that hard for you guys to make this work.  Think of the install
base you will have access to.

I'm pretty sure you have to pay Microsoft to support Exchange ActiveSync policies.  Google is giving Android away for free so I'm not sure they can support those policies.  It is up to the OEMs like Motorola or HTC to license EAS and impliment policies.  This is why HTC devices have PIN password and wipe support and Moto does not.

@ccneuendorf : Google is now licensing ActiveSync from Microsoft as can be noted by the range of new EAS policies added in Froyo.

"To add enterprise features, Google licensed Microsoft's ActiveSync technology."

Source:
http://www.informationweek.com/news/infrastructure/reviews/showArticle.jhtml?articleID=225200315&subSection=News

Why isn't this done yet? I really wanted the HTC Evo 4G

[Comment deleted]

While it doesn't solve the problem, I understand that a workaround is to use TouchDown:
http://www.nitrodesk.com/security.aspx

I work for a large health care company.  We have to follow federal privacy laws with regard to health care, so Droid is out until it supports Exchange encryption.  I'm sad.

Our IT department will not allow touchdown. They require a native solution.

Shouldn't this issue be converted to a defect instead of an enhancement now? 2.2 has launched with "full" EAS policy support but does not work...

What is disappointing is that Android with HTC Sense at 2.1 will work as it supports all the needed security layers including encryption.  I really prefer the vanilla Android feel, but leaning towards rooting my phone simply to put the Desire ROM on it so it will work with corporate email.

OK -- just got my Droid Incredible.  Should have checked company policy ealier as they don't support this phone.  OK Got that - my bad.  However -- who actaully has this action to get done?  How can we move from "enhancement" to "bug fix and "medium" to "high"?  Nice to enter comments but who actually can fix this for all of us?

@ vwyankee

I was told by our IT department that sense on 2.1 does not support device encryption. I've searched online and can find very little on the subject. Do you have any documentation or references that support your claim?

@ signde

I don't have any documentation to go by but simply that vanilla Android phones (even with 2.2 will not connect to our Exchange server yet Android phones with HTC Sense 2.1 or above can and from what I've seen discussed just for our company it seems it's the encryption that's the missing element from vanilla Android.

It would be good to have more concrete evidence or data of what exactly Sense has that vanilla Android doesn't.  This was just an assumption from deduction.

@ vwyankee

I got a Evo to play with and hooked it up to my Exchange account with no issues. The Exchange policy requires encryption of the device AND the storage card. (In my experience devices that do not adhere to these policies fail to synch mail.) Also when I look at my IIS logs for Activesync the statuses indicate that the all of the policies were successfuly applied.

Yes, I'm fairly confident that any 2.1 HTC Sense UI will have the encryption layer that the rest of us are longing for.  I also verified that the Samsung Moment will work using "Workmail & Sync" from the settings which is different from the "Accounts & Sync" on other vanilla Android devices.  Given that, I've been searching to see if anyone has pulled that element from the Moment's source code to make a "Workmail & Sync" APK available for the rest of us to install without needing to have ROOT access.  However, so far that search has not resulted in anything valuable. :-(

As previously noted I did hook my Evo to my Exchange server, no issues, mail synch'ed with no issues. Exchange shows my phone as an Android device and the phone will accept the remote wipe command. Testing the encryption policy I placed a couple of attachments on the storage card, removed the card, and attempted to read them on another device. The card WAS NOT encrypted even though the policies require encryption.  

Bottom line.. even though the phone was able to connect to Exchange, and my IIS logs show that ALL of the policies were accepted the phone lied to Exchange. The phone told Exchange that it accepted all of the policies when in reality it did not perform the encryption as required.

With the addition of Touchdown I was able to verify that the data WAS encrypted. (Interestingly there was a second Android device on my Exchange account, one with Touchdown and one without) But Touchdown is not the complete answer to the encryption problem, there are some other issues that I have with it that I contacted NitroDesk about.

The National Health Service in the UK is tightening its security policy in December this year and encryption will be required. The document I have seen is very clear- Android is not supported. The NHS has approximately 1.5 million employees - a very large potential user base for Google to lose if it doesn't sort out this issue.

I contacted HTC support and they provided me with with a list of supported active sync policies. Require Device Encryption is listed as not supported.

@signde - That's quite the interesting find since that's the only element we have been able to figure out that's needed here with our Exchange server with all HTC Sense devices working and vanilla Android not.  Was it HTC support in general or for the Nexus One?

@vwyankee - The list was for devices running HTC sense for android 2.1.

Per @jboehm68007's findings it looks like the phone reports that it does support encryption however it does not actually encrypt the information. Apple did something similar with the iphone 3g which for a while reported it supported device encryption but it actually does not.

Ah, right.  The essential "lying" to the Exchange server.  Well, lying or not it still should be added to the security features within Android (all flavors).

I would like to repost the comment from gavinphilipson below. I too work for the NHS and switched from BlackBerry to the Samsung Galaxy S. Great phone, currently works fine with NHS Mail; but from December it won't because of the encryption issue. This needs to be fixed otherwise (with reluctance), my next phone will be BlackBerry or iPhone.

"The National Health Service in the UK is tightening its security policy in December this year and encryption will be required. The document I have seen is very clear- Android is not supported. The NHS has approximately 1.5 million employees - a very large potential user base for Google to lose if it doesn't sort out this issue."Comment 20 by gavinphilipson, Jul 12

I am the lead email admin at Kings College Hospital London and we have moved 7,000 of our user to NHS Email up to now have been supplying WM6.5 but we hoped to introduce Google Android but it will now not be possible unless this change is made      

[Comment deleted]

Hello, another NHS email user here. Please can we get ActiveSync-compatible device encryption.

I realise that Android is getting better at supporting activesync but this particular facet is very important to a lot of your users. I don't want to have to replace my HTC Desire in December!

For those new commenters, please ensure you click on the yellow star at the top of this page. The number of stars are a marker of importance for google.

I had been in 2 minds about buying the HTC Desire or BlackBerry 9700 and opted for the HTC Desire from everything I read about it. I am gutted that from December I will not be able to receive NHS email which is my primary email account. I will have to change phones at this point despite the personal cost as accessing email is the reason I got a Smartphone.

I too was looking forward to getting an android phone but as I use nhsmail I currently would have to stay with WM unless this issue is resolved.

Research into the Android OS shows that the OS already has some encryption API's built into it. In fact Android 2.2 (Froyo) seems to be using some of these API's to encrypt each applications own private space on the storage card if apps are moved there. THey just need to implement something similiar across the entire user accessible part of the storage card so any files saved would be encrypted. With the new 1GHz processors and all of the performance improvements from Froyo it seems like they should now have the extra performance to do this.

Come on Google!!!

And another NHS mail user who won't be able to use his Desire running Android come December.

As other posters have said, the guidance is crystal clear: device encryption is the only stumbling block here, but if it is not enabled, then you are shutting out a lot of potential corporate users. Including me, and that's a shame, because I just chose Android over iOS, and I don't want to feel I made the wrong decision...

Most recent (8/9) comments from our tech security group--->
---------------------------------------------
We are already testing the Android 2.2 Operating System and again, it does not meet our security requirements for ActiveSync (All required ActiveSync IT policies and authentication with our PKI certificates).
 
As soon as it meets the requirements for security, it will be approved.
---------------------------------------------
Time to give my Droid (brick) to my son and look for another solution.  

this needs to be BOTH native SD card encryption AND device encryption capable and ActiveSync compatible. No "lying" to Exchange server, either.

Just thought I'd mention this for anyone considering purchasing an Android phone or still within their 30 day return period.  The HTC Incredible comes with many proprietary apps (Sense UI), one of which is their version of the Mail app.  The Sense Mail app has full ActiveSync support!  I can finally get my work email, contacts, and calendar gracefully integrated into my phone the way it should have been with vanilla Android.  I'd bet anything that Google will have this straightened out by the 3.0 release (Gingerbread) expected around Q4 this year, but if you're looking for full ActiveSync support now, check out the Incredible.

@robchristie1 - according to htc support the customized mail client included with htc sense does not support device encryption. i contacted them and after several rounds of communication they provided me with a spreadsheet of supported policies. device encryption was not in the list.

be careful going by what the phone reports to active sync, it is not uncommon for the phone to report it supports a policy when in reality it does not.

I personaly did some security testing with the HTC Droid Incredible. The HTC SenseUI add-in does give you built in support for password policies and remote wipes but it still does nothing with encryption. Our company has an ActiveSync policy that requires storage card encryption and the Incredible just ignores this policy (I proved this by saving an email attachment to the storage card and reading it on a PC-the file was unencrypted)

Android 2.2 (aka Froyo) is supposed to bring native enforcement of passwords and remote wipes to the Android OS (and thus other Android devices without SenseUI) but again based on my research it falls short on the encryption side. I should have a Droid 2 with Android 2.2 in hand tomorrow to re-validate this.

I do sincerely hope that Google gets this fixed for Android 3.0 (aka Gingerbread)

For NHS email users Cable&Wireless and CfH today approved TouchDown for Android as secure downside it will cost $20 but bridged the gap.
Contact you LOA for more info  

I'm sorry, but having to pay for and kludge some add-on 3rd party product (no offense, Touchdown) to achieve real security for one of the most expensive phones on the market with the most expensive plans is crazy. Google, you're either serious about being an enterprise solution or you're not. More and more compliance requirements, e.g. HIPAA, Red Flag, etc. require best practices security including device and transmission security.

mbl...@google.com,
So what's the deal? I am not sure what is taking google android so long. It's as simple as add data encryption equals bust the market wide open for Android to compete with Blackberry and Apple for enterprise users.

No, sorry, it's not simple at all; it requires a significant framework change, has any number of potential gotcha's, and has to be backward compatible and heavily tested before it could be released.

Marc - thanks for taking this issue. Do you have any idea whether it might be done in or before Gingerbread?

Also show stopper for us living up to ISO413

ISO 413:1974 - Aircraft -- Heads of lubricating nipples ??

MBL...@google.com, I understand it's not that simple. Professional/Enterprise cell phone users are probably not as big a market as the teeny bopper crowd. I am sure fixes to allow teenages to be able to update their facebook profiles and tweet during school are probably a much higher priority than data encryption...

This has nothing to do with professionals vs enterprise users; there are simply a lot of priorities and a limited number of people do deal with them.  Add in manufacturers and carriers, and there are just lots of hoops that need to be jumped through.

U better put this a top priority then, you don't imagine how big is the enterprise market share, i can tell u that half of my team wanted to get an android phone n just went to another OS just cuz they support this feature. Please if u care about ur OS raise the priority of this issue.

Believe me, we understand the issue.

Device-level encryption has become a standard feature on most other devices. Please catch up, Google!
Thanks, I love you.

While I too am hoping that this gets implemented asap, I am a bit perturbed by the tone of some of the comments that have been posted recently.

Personally I was happy that this issue had been picked up as I take this to mean that it is being worked and will be implemented soon.

As an NHS mail user, I will soon not be able to access my email unless this gets done, so thank you mbl for working on this.

[Comment deleted]

bump :)

bump :)

I'm removing my ownership of this issue, since the addition of encryption isn't an Exchange issue (which would be on my plate), but rather one for the framework folks.

How much longer are some of you planning on waiting before investing in a Blackberry or iPhone? This article I just read didn't sound very promising that Android was going to have Data Encryption anytime soon, http://phandroid.com/2010/09/16/android-enterprise-is-it-good-enough/

I am fine with waiting until around Christmas. But there is no point in waiting if data encryption is never going to be a reality on an android based phone.

I gave up waiting.  Easy Root and then applied this zip update that makes it work.  Not all will go for it since it's like the Sense UI currently and "fake's it," but it works and I'm very happy with it.  Easy root makes it hard to come up with a reason NOT to root.  Download and install the app then click the button to root your device (if it's supported) and in a matter of moments you're rooted and can add elements such as the below to work with Exchange even with encryption.
http://forum.cyanogenmod.com/topic/2770-full-exchange-support/

Well the NHS (which has around 1.5m employees!) is upgrading the security requirements around their mail service to require mobile devices to support encryption.  So unless this get fixed then as of December only people who are willing to pay for Nitrodesk TouchDown will be able to get access on their Android device (whereas iPhone 3GS/4/iPad users will all still be able to use it).  Come on Google, please sort it!

Anybody see the Droid Pro announcement? Looks like things are moving
forward.

I looked up the Droid Pro after you posted that. That is consistent with some other information I had seen with regard to Android and Activesync. I had read somewhere that Android was leaving it up to the handset providers to choose what security features they want to include on their phones. It seems Motorola is the first to take initiative to include the full suite of activesync security features on their phone in order to go toe to toe with blackberry. Hopefully more phones will follow because I really want something on the Sprint network.

It's a shame that Google just leave Nexus One not "professional".

[Comment deleted]

Thanks Google for nothing. By the time you catch up to Blackberry / Iphone, your enterprise market share will be a big fat "0"....

I'm architect for a global company and we will not be allowing Android phones to use native email client until they support Exchange ActiveSync encryption policy.

I'm also quite disturbed that existing devices "lie" to EAS and claim they support the policy, when in fact they do not encrypt the device. I question whether this is a valid implementation of EAS protocol per MS licensing requirements.

@#65 - I may be wrong, but my understanding was that FroYo (2.2) stopped this?  I know it certainly blocked the LockPicker app from working.

Very disappointing that no official response from Google yet on this MAJOR defect.

Well, I can't contribute much, other than to say, that for the company in which I am working as a security officer - we to are choosing Windows Mobiles over Androids, simply because of this issue. This even though my users are screaming for the Androids. Google - and others - indeed work in mysterious ways!

@66 - agree, it appears in testing we've done since that first post that Androids will not successfully connect via EAS if EAS policy requiring encryption is in place. I retract my disturbance. :-)

Same issue, also working for a 100k person company and requiring encryption.

As dan.becker says, the devices "lie" to EAS and claim they support the policy, when in fact they do not encrypt the device. I tried this with a HTC desire with android version 2.2 and Device Encryption policy enabled and yet the HTC desire can sync with exchange. Maybe its a HTC issue and not a android Issue.

I think it depends on the Exchange server setup - I know that the NHS currently allows the devices that 'lie' to connect, but this will be stopped in the next few weeks.  I also thought that 2.2 stopped a lot of this lieing - hence why LockPicker now doesn't work.  Google just need to get a move on an implement properr on-device encryption like the iPhone.  If 3rd party software such as TouchDown by Nitrodesk is able to do it then there's certainly no hardware restriction.

I haven't heard of it making it into 2.3, so any chance of it in 3.0 I wonder???

This is badly needed as we have a growing number of Androids that are going to be bricked, or have to suffer with Touchdown.

80k company - today's announcement: android is excluded from Active sync because of missing encryption support. Nitrodesk's Touchdown is required - but too expensive.

90,000 employees - WinMobile, Blackberry, iPhone all permitted... Android excluded because of this - without touchdown.

Can we get some indication from a Google employee whether this is being looked at and if so, is a high priority, or is this bug considered irrelevant or low priority?  As noted by several others, there are strong consequences due to this bug.  

Yes, this would be good see from a corporate perspective. We are currently looking at the Bring Your Own Device (BYOD) for our organisation >10,000 users and Android is providing us with a headache due to lack of encryption.

This feature was conspicuously absent from the 2.3 release:
http://developer.android.com/sdk/android-2.3-highlights.html
Sorry folks.

Given I'm bothering everyone with an update anyway: we are another major firm with the device/SD card encryption requirement and I genuinely thought it would be included in Gingerbread. Support for this would have made me spend a grand on a Nexus S, but if I have to use some third-party app anyway, I may as well stick to a cheap 2.2 phone until I at least know it is on the roadmap.

Ditto, lunatick.nz - really disappointing that it wasn't included.  Does anyone from Google even read the posts on here?

A.

32,000 employees - WinMobile, Blackberry, iPhone all permitted... Android not allowed because e-mail and attachments are stored encrypted.  At least sandbox the application data.  You do not have to encrypt the whole phone, how about the option to encrypt e-mail folder and restrict access to downloaded attachments?

Is there anyway this will be in the next update? I am in field sales and the company only allows blackberry/windows mobile and iphone as options. I really do love my mytouch 4g but not having access to my emails and calender while in the field is becoming very frustrating......

my conclusion is Google thinks Android has all the market share they want--they're growing leaps and bounds, so why listen to us? <shrug> Of course, the consumer market is a fickle bunch; live by the consumer/die by the consumer following the latest fad. Just so very frustrating for any company that has any modicum of concern about security. bye, bye, nice knowing you, Android.

This is mis-filed as "Enhancement", and should be "Defect", or "Product NOT cleared for shipping -- return to Requirements Review Phase."  (Search this thread for "lies" and "lying".)

Gleavelle, Please refer to my comment 47 above regarding that Google's top priority are fixes facebook and tweet applications so kids can update there profile during school. Data encryption, not such a high priority.

Also, I have a question for all you IT directors following this thread. Is this something google can easily just add? I don't know enough about IT but I was under the impression that Google is purposesly leaving Android "open" like this and it is at the handset makers descretion whether to include enterprise technology such as data encryption. Hence, the Droid Pro phone on Verizon which I am hoping a similar version will be coming to sprint soon....

Dear Dumb___

Put full encryption on the device. Until you do, I will have only 2 phone options. Windows Mobile and iPhone. It must be a hardware solution. Touchdown will not work for my business according to their interperration of HIPAA.

Count our 40,000+ user company as another one that cannot consider Android without any type of support for encryption. Even worse, the Motorola Droid 2 and Droid X ignore the encryption requirement.

And Brian - that's true that Google left Android open so OEMs can customize it. But companies like Motorola and HTC do not have the manpower or know-how to create an Exchange client that is robust. Just look at Motorola's implementation - they can't even get emails to push properly.

The whole point is that Google has the engineering talent to create support for encryption, and the power to standardize an exchange client across all phones (just look at their Google apps implementation). However, like you said, why should they support Exchange ActiveSync when it is a direct competitor against Google Apps? Just doesn't make any sense. Until this becomes a PR nightmare, such as was the case with Apple's implementation of EAS, Google has no incentive to support this.

makes you wonder why the governments are heavily pushing for a certain 'enterprise' product...

should be pushing for PGP encrypted emails. but whatever.

have any of you actually looked at how fast android devices are spreading? You government, or government-contracted companies are really just a drop in the bucket =P

I mean, damn. Linux is open source. Android is Linux. Some of you big companies should be paying developers to help push this feature through. Its easier than you think. Just look at the development pace of the the vanilla Linux kernel.

@phil.gardnerjr: GPG is already supported on Android using K-9 Mail and APG.

@hypatiadotca

nice thanks for the heads up. Just got my Epic yesterday. rooted within an hour of pulling it out of the box :)

I really just meant that the companies should be pushing for PGP too as well as device encryption, not just us ;)

This is absolutely required.

Large international consulting company -- only way I can get a smartphone device is use iPhone or Blackberry because device encryption missing.  Blah.  Come on - you're letting apple get too far ahead!

"Experts have differing opinions on whether to expect Google to improve features that might appeal to enterprises. The release of Google Apps Device Policy, which allows for management of many phones including Android, indicates that Google is interested in and serious about serving enterprise customers, Weingarten said.

"Android is behind but it's going to catch up," he predicts.

Kueh didn't sound so sure. "I would hope future versions will beef it up, there is demand for it," he said. "The question is how committed Google is in terms of addressing the enterprise market."
"

From: http://www.pcworld.com/article/213787/smartphones_in_the_enterprise_a_changing_landscape.html

Please update android to include device level encryption.  I have to change out my current phone soon and would really like to invest in a droid not a Windows Mobile.  To be honest, if Sprint get the iPhone contract before the Droid gets their device level encryption fixed... could be game over.  I would think you would want to get more entrenched into the enterprise marketplace before Apple completely shuts droid out.  

Windows Mobile 7 does not support device level encryption.

Yet another plea from a UK NHS user on behalf of the several thousand users in Kent alone.  Please, please, please provide encryption so that we can fully utilise the excellent Android OS as intended with our national MS Exchange system.  Currently our only options are iPhone or Android with Touchdown (which quite frankly is overpriced, has a number of very disappointing integration flaws and bugs).

Encryption is a serious issue for me. I'm shopping for my first smart phone now.  I don't understand the lack of encryption for droid.  I'll go with iPhone if they don't get this huge problem resolved soon.

Just got the email today that All droids will be locked out of Partners Healthcare Email (Largest non-government employer in Massachusetts) due to no support for encryption policies.  Only devices being allowed are the blackberry and the Iphone 3gs and above.

Nearly three weeks ago, I asked if anyone from Google was watching this, and if so, was it a high or low priority.  I am assuming that three months could pass without a response (if I'm wrong, please surprise me).  So I ask this group who is reporting the fallout of this - since it is obvious we are talking amongst ourselves, does anyone know any way to escalate this bug through some sort of channel and to get some leverage on this?  I am growing wary, weary even, of where I see this going in 2011.

#56 was the last comment from the powers that be. This is a venting
site...seems we are gonna shout till we are hoarse. **** google!

45K organization that does not support Android due to no device encryption

I thought it might be worth a shot so have emailed this thread to Android Central & Android And Me (the two top Android blogs that I read!) - hopefully they might run a story on it and contact Google for a comment.

100k+ employee organization not providing support due to lack of proper security and encryption. Never expected this kind of lapse in much anticipated android!

Our company has issued about 250 cell phones to our employees, Blackbery's and iPhones. All the BB users want to replace their cell phones with Droid phones, and about 20% of the iPhone users want Droid phone. All our cell phones must be encrypted so for now I have to keep telling them "not yet". The same issue is starting with the pads too. We have 5 iPads being used but were not even alowed to get a Galaxy Pad for evaluation until then have system level encription.

how can i protect my personal information on my phone without it being encrypted? There are lots of great device level encryption systems. Android needs one!

need this level security

And encryption that uses open source a la True Crypt...

Well after 9 months of requests and and the possibility of losing over an estimated 10 million phones if you include gov/mil/edu/org institutions and other healthcare systems that weren't mentioned here, i guess everyone has their answer. The infamous words that stood for Duke Nukem Forever. It will be done "When It's Done".

Add Consolidated Edison of New York Inc. to the list of companies that require device level encryption for mobile devices.

I would like to see a pre-boot encryption authentication option similar to truecrypt. Or at least a running real time encryption on choice data (example contact data).
DH group 7?

need it for nexus-s too

Works as consultant at a quit large company (50.000 Employees) they dont run android and telecom dept dont add mobile phone only for the lack of encryption.

They are using Nokia and starting to att IPhones because the have device encryption, but they should add Android devices if device encryption was available.

They Run Lotus Notes / Notus Notes Traveler for mail.

As a solutions architect, if encryption were added to Android then I could incorporate it into Enterprise Designs.
Encryption is a major factor behind the success of Blackberry.
Spend a few shillings on Encryption and then getting CESG accreditation and the Corporate World is your oyster.
Thanks Google.

My company is removing all android phones from active sync because of the lack of encryption as well.  I have an HTC EVO from sprint and this is going to have a major impact to my ability to be productive on the go.  I would very much like to see this addressed post haste.

c'mon guys... get it done. Need it for my Droid 2 Gloval

This is an important feature to me and if MeeGo or other open type handsets start shipping with this I may jump ship. Sure I'm not the only one either!

With the recent laws allowing police to take employee smart phones on fishing expeditions, without warrants, it is critical that employees have their phones encrypted. Too much is at risk. I am getting ready to jump ship.

It will soon be critical company-wide for myself and my employer. I would hate to jump ship but if Google can't get it done in the near future we may have no choice.

I am a consultant and work to support the US government, so I cannot use my Droid to read e-mails. Having just learned that the iPhone does support encryption, and now works on Verizon, I will likely need to abandon my Droid.

"He realizes something: The Americans must have done the impossible: broken all of their codes. That explains Midway, it explains the Bismarck Sea, Hollandia, everything. It especially explains why Yamamoto - who ought to be sipping green tea and practicing calligraphy in a misty garden - is, in point of fact, on fire and hurtling through the jungle at a hundred miles per hour in a chair closely pursued by tons of flaming junk."
-Cryptonomicon

To be honest, having come from an HTC Touch Diamond2 (nice phone, crap WMP OS) to HTC Desire, I was surprised that it doesn't offer encryption. Can it be *that* hard?

Please add this as we are implementing this policy and I want to keep my android hone

As can be seen from the article in the following link, this is quickly becoming something that NEEDS to be implemented ASAP!

http://arstechnica.com/gadgets/guides/2011/01/why-you-should-always-encrypt-your-smartphone.ars

I saw the same article as posted in the comment above.

I believe that the title of this issue will hinder its effectiveness.  The title is geared toward Exchange policy, whereas the content is related to device encryption.  While device encryption is a requirement that may be instated by an Exchange policy, it is not something that will be handled by Exchange programmers, as noted by mbl...@google.com, above, when he disowned the issue.

Is there another issue out in the logs to support device encryption? This is a major issue for corporate users that want to use android and their exchange policy requires device encryption.  

It's from back in July, but good coverage of the problem here - http://www.infoworld.com/d/mobilize/android-in-business-dont-be-fooled-549

It looks as though this may be in 3.0:
http://developer.android.com/sdk/android-3.0-highlights.html
"Enhancements for enterprise
In Android 3.0, developers of device administration applications can support new types of policies, including policies for encrypted storage, password expiration, password history, and password complex characters required."

Absolutely vital. Unacceptable that a valid platform wide solution is not yet available with all of the other features that have come forward, to not have something so essential.

LOVE my new EVO. HATE that I can't use it to access my business email through EAS. PLEASE FIX!

At my job they are thinking about enforcing device level encryption for users who get corporate mail on their phones. Please add this feature as soon as possible. Thank you.

Re. #126 - yep, I saw that too - fingers crossed!  Of course 3.0 seems to be tablet-only for now, which is disappointing.

Required by my company 18,000 worldwide by April 2011, or email disconnected.

More strict local and EU privacy regulation will make this feature mandatory for a lot of EU companies. Please add as soon as possible.

What a shame, Google get on this or Android will never surpass the iPhone.

Important for Enterprise use - please address.

Please address this soon ..Shame that i couldnt access my work mail through EAS

I am going to buy a Nokia very soon unless this gets fixed on android. Having enterprise documents un-encrypted on a mobile device is a complete disaster...

This will probably be the deciding factor for my boss who is very anti-Apple and is looking at Honeycomb or a Playbook.  The sad thing is we are Google Apps customers at an enterprise level and it would be a step back to have to roll out Blackberry Tablets, but not having a remote wipe feature and device level encryption is just absurd.

[Comment deleted]

well 3.0 might be adding the features, but 3.x looks to be tablet only so when will this actually make it self onto a phone? 2.4? 2.5? 2.6? 2.9?

my company is chomping at the bit to go down the android path and this would be A LOT of phones.. but not possible unless there is full phone encryption...

i am holding off buying the Nexus S until this issue is sorted.

Is TouchDown the only option for EAS encryption on Android devices? Is there anyone out there following this issue that uses an alternative method to ensure corporate data is encrypted? Thanks for any input you can provide!

By not having native encryption in Android yet, the Motorola Atrix falls short of being a great opportunity to be an all-in-one device for enterprise users. My business, which employs tens of thousands of employees was interested in doing a pilot of this phone as a replacement for laptops for remote and heavy-travel users, but once I found out there is no native encryption, it's a no-go. Please get this into Android as soon as possible!

I just set-up an Atrix with Exchange/Active Sync with SSL without any additional apps so I am confused by the last comment. However, this is through motoblur's pluming I believe.

Regardless, this is an issue for corporate email and should be remedied ASAP.

This feature was added in Android 3.0 (Honeycomb).

we all knew it was in android 3.0, but when will that make it onto phones? 3.0 is for tablets only, please elaborate, as its the phones that are really important.

First of all, it is good news that it was finally implemented regardless of version; however, it is essential that this feature is merged to one or more of the 2.x branches so carriers can release it.  As noted above, the consequences of not doing this integration will mean organizations not allowing their employees to use Android phones.  Essentially, we would have to wait for the Ice Cream version and then for manufacturers to release phones for that - so at least half a year.  There were already several decisions made (see above) where companies have had to go with iPhone over Android because of this - I expect further casualties if this merge is not done, and by that time, after investing all of that money in Apple devices, it is highly unlikely a company would suddenly reverse course just because Ice Cream devices were released.

This ticket should be reopened until encryption is delivered in a version of Android for mobile handsets.

I agree,
this is not solution of the issue for mobile phones, it is new functionality for the coming tablets. So there is no reason for closing this ticket as no solution is provided.

Even a version of 3.0 is for handsets, it is still atleast an year away from becoming available for public use. Phones are still on 2.1/2.2.

Ticket should be kept open till a viable solution is proposed for handsets.

Agree, solution for Android phones is required. Another request to keep issue open.

Since this has been marked as "Released" i guess nobody will look at it anymore... do we have to create a new issue? who do we contact to re-open this issue..

Agreed! It is frustrating that this is considered closed when Honeycomb is currently only available on one device-the XOOM-and that still does not address the issue of all the other tablets that don't run Honeycomb yet alone the reality of all of the Android 2.x phones out there (like my Droid 2) which can't run Honeycomb

Come on Google.......

here here I totally agree, pull your finger out google :P

Would love to role out Droid mobile devices (non-tablets) on an enterprise level at our company.  Lack of the feature is preventing us from doing so.  Please re-open.

This would be game changing.

This is an issue - 50k+ user company is staying with Blackberry because of the encryption...

We need this basic enterprise feature ASAP.

agreed, we definitely need this if Android would like to be taken seriously for Enterprise use.  Encryption is quickly become a standard requirement for mobile devices.

@gepp...@gmail.com 
This is NOT working in 3.0 on the Motorola Xoom as stated (http://code.google.com/p/android/issues/detail?id=8686#c144), at least for our Exchange servers.  Just testing out a Xoom and tried with the result the dreaded "This server requires security features that your Android device does not support."

I've just set up mobile email via Exchange 2007 for a customer, but they (correctly) insist on having the device encryption set.  Only problem is the CEO and and 3/5 of the other directors are all using Android devices, plus 33% of the workers who were hoping to get mobile email.

They are now investigating moving all handsets over to BlackBerry.

Totally frustrating to see this issue blown off with a one liner about it being supported in 3.0.  More so to google and find that it isn't truly supported in 3.0.

I am responsible for the information security department for a large company and just made a recommendation on ActiveSync and bring your own phone policies.  Due to the lack of encryption on Android devices, I was unable to allow them to connect with ActiveSync.  I am only going to approve iPhones which is very disappointing because many people already own Androids (myself included) and I would love to be able to support them.  PLEASE RECTIFY THIS ISSUE, ANDROID WILL NEVER BE ABLE TO BE AN ENTERPRISE ACCEPTED SMARTPHONE OS UNTIL YOU SUPPORT ENCRYPTION.

I'm also looking forward for this feature. Honeycomb isn't enough it should be available on smartphones too!

I found the new open issue thread for this, http://code.google.com/p/android/issues/detail?id=8964&q=ActiveSync&colspec=ID Type Status Owner Summary Stars

Looking forward to this update. I'm essentially locked out of my corporate system because my Android phone is *TOO NEW*.

This is crazy.

like EVERYONE else my corp. is locking out Androids and pushing iPhones... Google, how can you let this go on?!?!?!

Device encryption is needed for all users and uses. Not only corporate connected devices. My corporate Blackberry has device encryption. Feels scary having personal device that doesn't offer me the same protection available to my company. Especially when there are already ways to provide it, hardware and OS based.

I manage the network and telecom for a company with over 300 smartphones.  We support iPhone and Blackberry today.  We want to add Android to our supported list, however need encryption on the devices.  Users are asking to connect, we have tested the Android phones and are all ready to say yes ... but for now we have to say no.

The post in my blog relates to offline security (device encryption) http://grey-olli.livejournal.com/525443.html, the offline security for entire storage including the OS itself is a mandatory thing (for me & others) that already works w/ Linux on ordinary PCs, netbooks & so on.

the topic on url above is: "why I am not willing to buy an android or iphone device currently" . Russian speaking users may also proceed to http://grey-olli.livejournal.com/524766.html?thread=837854#t837854 (also noted on url above).

Your comments are very welcome (please consider posting a link to your comment in my blog, since I'm not monitoring this feature request).

I don't understand why this hasn't been addressed yet!  Come on Google, do you not understand how many businesses out there WANT your product???

I can't believe I just spent the money on the new HTC Incredible 2 today only to discover that it cannot support device encryption for my .gov email account.   And what's even more disturbing is my original Incredible was allowing me to connect to that account, but, it wasn't actually encrypting anything.  

Somehow, the new Thunderbolt is allowing connections to the same security policy that is requiring encryption.  I guess I get to go back to using TouchDown until I either a.) get a device that supports this or b.) Android supports it and it's pushed to my phone.  I don't think the latter is going to happen any time soon.

How about at least a confirmation that Ice Cream will support device level encryption?

Agreed, I would like to be able to encrypt for both work and personal reasons.

What's happening with this?  I'm shocked that Android does not support this by default??!!!  Our company will not allow Android to connect to our Exchange servers for this reason, so Google is more than likely falling behind business adoption all over the planet due to this. Our company is now awash with iPhones and iPads.

device encryption is a must for an enterprise.

hey google guys, please enable device encryption for the 2.3.x branch.. this is REALLY needed in a corporate environment.. can't believe Touchdown is the only current solution!

Please sort this out. I do not wish to go back to Apple but if you guys cant provide corporate email functionality then you pretty small time

This should be a higher priortiy. Iphone is dominating our IT department and we are recommending that people do NOT buy droids because they do not meet our security standards. The time of the early adopter is over, main stream wants corporate email on their devices.

Please help us to use android devices in a corporate environment.