Encryption and Storage Performance in Android 5.0 Lollipop
by Brandon Chester & Joshua Ho on November 20, 2014 8:00 AM ESTAs alluded to in our Nexus 6 review, our normal storage performance benchmark was no longer giving valid results as of Android 5.0. While Androbench was not a perfect benchmark by any stretch of the imagination, it was a reasonably accurate test of basic storage performance. However, with the Nexus 5 on Android’s developer preview, we saw anywhere between 2-10x improvement to Androbench’s storage performance results with no real basis in reality. It seems that this is because the way that the benchmark was written relied upon another function for timing, which has changed with Android 5.0.
While we haven’t talked too much about AndEBench, it has a fully functional storage test that we can compare to our Androbench results. While we’re unsure of the 256K sequential and random read results, it seems that the results are equivalent to Androbench on Android 4.4 when a 1.7x scaling factor is applied. However, AndEBench results should be trustworthy as we saw no difference in results when updating devices from 4.4 to 5.0. In addition, the benchmark itself uses low level operations that shouldn’t be affected by updates to Android.
Androbench Results - Valid vs. Faulty | ||
Nexus 5 Androbench Results on 4.4 KitKat | Nexus 5 Androbench Results on 5.0 Lollipop | |
Random Read | 10.06 MB/s | 27.70 MB/s |
Random Write | 0.75 MB/s | 13.09 MB/s |
Sequential Read | 76.29 MB/s | 182.78 MB/s |
Sequential Write | 15.00 MB/s | 47.10 MB/s |
As you can see, the results show a degree of improvement that is well beyond what could realistically be accomplished with any sort of software optimizations. The results for the random write test are the most notable, with a result that suggests the performance is over 17x faster on Android Lollipop, which could not be the case. This required further investigation, and it's one of the reasons why we were hesitant to post any storage benchmarks in the Nexus 6 review.
The other factor affecting the results of the benchmarks on the Nexus 6 specifically is Android Lollipop's Full Disk Encryption (FDE). Android has actually had this ability since Android 3.0 Honeycomb, but Lollipop is the first time it's being enabled by default on new devices. When FDE is enabled, all writes to disk have the information encrypted before it's committed, and all reads have the information decrypted before they're returned to the process. The key to decrypt is protected by the lockscreen password, which means that the data should be safe from anyone who takes possession of your device. However, unlike SSDs, which often have native encryption, eMMC has no such standard. In addition, most SoCs don't have the type of fixed-function blocks necessary to enable FDE with little to no performance penalty.
As a result, we've observed significant performance penalties caused by the use of FDE on the Nexus 6. Motorola was kind enough to reach out and provide a build with FDE disabled so we could compare performance, and we've put the results in the graphs below. For reference, the Nexus 5 (Lollipop) numbers are run using Andebench, while the original values are read out from Androbench on Android 4.4. The Nexus 5 is also running without FDE enabled, as it will not enable itself by default when updating to Lollipop via an OTA update.
As you can see, there's a very significant performance penalty that comes with enabling FDE, with a 62.9% drop in random read performance, a 50.5% drop in random write performance, and a staggering 80.7% drop in sequential read performance. This has serious negative implications for device performance in any situation where applications are reading or writing to disk. Google's move to enable FDE by default also may not be very helpful with real world security without a change in user behaviour, as much of the security comes from the use of a passcode. This poses a problem, because the users that don't use a passcode doesn't really benefit from FDE, but they're still subject to the penalties.
When the Nexus 6 review was published, I commented that there were performance issues that weren't present on the Nexus 5 running Android Lollipop. Many users commented that the FDE may have been to blame. Like I mentioned earlier, Motorola provided us with a build of Android with FDE disabled. Unfortunately, I haven't noticed any improvements to many of the areas where there are significant frame rate issues such as Messenger and Calendar. I speculated in the Nexus 6 review that the performance issues may simply be the result of insufficient GPU performance or memory bandwidth to drive the QHD display.
To me, the move to enable FDE by default in Lollipop seems like a reactionary move to combat the perception that Android is insecure or more prone to attack than iOS, even if that perception may not actually be accurate. While it's always good to improve the security of your platform, the current solution results in an unacceptable hit to performance. I hope Google will either reconsider their decision to enable FDE by default, or implement it in a way that doesn't have as significant of an impact on performance.
91 Comments
View All Comments
tralalalalalala40 - Saturday, November 22, 2014 - link
This is a disaster for google. In order for their iphone killer to eek even barely close to the iphone in performance you have to remove security features. ouch. they should just disable it across the board to make the fbi happy and to make it easier for thieves to root the phone and resell it. let android deal with device theft.konradsa - Sunday, November 23, 2014 - link
Great article. Can you guys do the same test on ios 8 with an iPhone and iPad? Wondering if Apple suffers from same degradation. Should be easy enough, since seeing our clearing the passcode enables our disables encryption on ios 8.Brandon Chester - Sunday, November 23, 2014 - link
No they don't, you can see that in the NAND performance from the iPhone 6 review. Every iOS device has an AES 256 crypto engine built into the direct memory access path between the system memory and flash.konradsa - Monday, November 24, 2014 - link
Thanks for the explanation, I have done some more research, and the statement above seems to be true, at least for every phone since iphone 5s, and every tablet since the Air 1. While Apple is not perfect, this demonstrates why the ios platform remains the superior mobile platform.Shark321 - Sunday, November 23, 2014 - link
This is not Nexus 9 or Android 5.0 specific. On my Nexus 5 with Android 4.4.4 Wallpaper reloads often, even with >1GB of free RAM. This is just crappy Java garbage collection.Shark321 - Sunday, November 23, 2014 - link
Using Action Launcher which has the "stay in memory" option on 4.4.4 Nexus 5, the wallpaper (non animated) is reloading every 2-3 hours, causing 1-2 sec lag.Kumouri - Monday, November 24, 2014 - link
Hopefully Google won't back down from having this enabled and sites like AnandTech and others can continue to remind people that the state of storage in mobile (phones and tablets) is truly abysmal.Maybe Google got fed up with trying to get manufacturer's to use decent storage and decided to force FDE to force their hands. I can hope, at least...
But then they didn't make Motorola use a decent storage solution for the N6, so probably not.
koltregaskes - Thursday, December 18, 2014 - link
Has this test been re-run on Android 5.01?cb474 - Monday, December 22, 2014 - link
I don't get why this causes such a huge performance hit. I've been using FDE (in Linux) on spinning disks and SSDs for years with parely any noticeable preformance issues. And this is entirely software driven encryption (meaning the CPU has to do the work of encrypting/decrypting). It's not built into the hard drives. Lots of tests have shown on desktops, this kind of FDE causes barely a blip in read/write performance.