As mentioned, most new Android smartphones have device encryption automatically. A big change that was introduced a couple of years ago with Android 7.0 Nougat was Direct Boot. Before Direct Boot, your entire encrypted phone would be locked down until you enter the password. Since Nougat, the system allows a small selection of software to run as soon as you turn on your phone. This means that phone calls, alarms, and the like can right away from boot, while apps that you download and more personal data won’t work until you enter the password.
This was a part of Google’s revised approach to encryption, which saw the old entire partition encryption method replaced by file-level encryption. File-level encryption is faster on older devices because the system doesn’t have to decrypt huge chunks of data all at once. This method has the added benefit of granting apps much finer control over the data that is and isn’t decrypted, which can significantly improve security in the event that a system is compromised.
Google continued to further improve its security features with Android 8.0 Oreo with more granular control over app permissions, additions to the Verified Boot feature, native two-factor authentication support, and more. More importantly, Oreo also introduced enhanced encryption for the enterprise. All devices are able to utilize separate encryption keys for personal and work profiles. Device administrators are also given the ability to activate work profile keys remotely to ensure complete data protection. Oreo also brought Project Treble with it, which was another big step to ensure faster delivery of software and security updates.
The recently released Android 9.0 Pie introduced some key privacy and encryption features as well. Now, apps running in the background will no longer have access to the mic and camera and other sensors (other than GPS). Also huge is the addition of client-side encryption.