Google's Encryption Progress Report

E-commerce is a big part of Google’s revenues. It could suffer if the internet is perceived "unsafe" for trade. As part of its efforts to encrypt the web, Google recently launched a section of its transparency report which tracks progress made by the company and third-party sites toward implementing HTTPS by default across its services.

Google Drive, Google Search, and Gmail have been secured by https since long whereas Google Ads and blogger were recently added under HTTPS protection. Google plans to cover as many products as possible under encryption over time.

According to Google, there are many roadblocks that hinder implementation of HTTPS like older hardware and software, which don't support modern encryption technologies; governments and organizations that may block or degrade HTTPS traffic; and some organizations' unwillingness or lack of resources to implement HTTPS.

The report which will be updated weekly says that as of January, just over 75 percent of requests to Google's servers used encrypted connections, excluding YouTube traffic.

Maps were found to be the most encrypted Google product, with 83 percent of Maps traffic being encrypted. Advertising came next with 75 percent, and News and Finance tied at 59 percent.

Country wise, Mexico led with 86 percent encrypted traffic, Brazil was second with 84 percent, and the United States was ninth with 72 percent of the request encrypted.

Mobile devices account for one-third of all Web pages served worldwide and as per Google reports mobile traffic accounted for 95.5 percent of unencrypted traffic to Google's servers.

"Only 10 percent of Android phones are encrypted because Google does not control this," said David Jevans, Vice President of mobile security at Proofpoint. "It's controlled by the handset maker cannot be fixed because the phone carriers won't take on the burden of validating new Android releases on old phones."

To fix this Google is now forcing handset manufacturers to turn on encryption by default in the next version of Android, known as "Marshmallow," he added.

For Frank Dickson, a research director at Frost & Sullivan, Mobile device insecurity "is a transient condition the replacement cycle for mobile devices is 24 to 36 months." According to him, this issue gets solved simply with the passage of time.