Does Android encryption really prevent law enforcement access?
Disk encryption only protects your phone when it is turned off (i.e., it protects data at rest). Once the device is turned on, data is decrytped transparently, and (at least with the current implementation) the decryption key is available on memory.
While Android uses the device unlock PIN/password to derive the disk encryption key, the two are completely separate. The only way someone can change your disk encryption password is if there is a device administrator application installed that allows remote administration (or they have a hidden backdoor you don't know about, but in that case you are already owned). UPDATE: the Google account fallback has been removed in 5.0+.
The article you link seems to be rather old and out of date. In current Android versions, login with Google account is only supported as a fallback to the pattern unlock (not the PIN/password) one, so if you are using PIN/password you are generally OK. Again, this only works if the device is already on, if it is off, they will need the disk encryption password to turn it on (technically to mount the userdata partition).
That said, because the disk encryption password is the same as the unlock password, most people tend to use a simple PIN which is trivial to bruteforce with the current implementation (slightly harder on 4.4 which uses scrypt to derive keys). Android L seems to have improved on this by not deriving the disk encryption password directly from the lockscreen one, but no details are currently available (no source). It does seems that, at least on Nexus devices, the key is hardware-protected (likely TrustZone-based TEE), so bruteforcing should no longer be trivial. (Unless, of course, the TEE is compromised, which has been demonstrated a few times.)
BTW, turning encryption on also helps with factory reset, because even if some data is left on the flash, it will be encrypted and thus mostly useless.
Android encryption uses dm-crypt
which, used the right way, can protect the device from law enforcement. However, there are several issues:
- The password needs to be distinct from any password you use. Any party you give your password in a login has usually full text access at least the time you log in, and it is possible they store it in a retrievable way. Law enforcement can ask them to hand it over.
- The password needs to be distinct from your google login password. I made 1 and 2 separate as I don't know the particular implementation google plans to use. It is possible that they unify both passwords for "convenience".
- The password needs to be strong. Weak passwords can be brute-forced. Its particularly easy for attackers as they can do offline brute-force. This however is nothing that google or anyone can fix, this is your responsibility.
- If you use your device while law enforcement is aware of you, they (or google) can install a backdoor onto your phone. Its pretty easy for agencies with sufficient funds to find a way onto your device. With "everyone is a suspect"-dragnet surveillance, "aware of you" can mean always, and the protection is meaningless. This is one of the reasons the agencies like dragnet surveillance: they can travel back in time.
- Law enforcement may not get the device from you while its still on. If its on, the key (and perhaps also the data you want to protect) resides in RAM, and can be extracted via a cold boot attack, or backdoors.
Firstly I admit I have not tested it myself, but according to http://nelenkov.blogspot.de/2012/08/changing-androids-disk-encryption.html the disc encryption password is also changed, when the device password/pin is changed.
As the device password can be reset in a variety of ways, firstly you can access the already unlocked data (assuming the device is still powered on).
Secondly I understand from the linked article that the password change in the GUI triggers a change in the encryption password. That will also only be possible if the device is still powered on, but leads to the conclusion that for example a thief could install a new password for later use.
Of course all attack scenarios, user10008 pointed out are valid as well.
If a google/Web triggered password change would also change the on - disk password, I can not say. That's a very interesting question.