Google has launched a new security feature exclusively for Pixel smartphones known as Pixel Binary Transparency. It serves as a certificate of authenticity for Pixel devices, ensuring that their software has not been tampered with, writes повідомляє Wired. The new feature complements the existing Android Verified Boot (AVB) system, which also verifies that the smartphone software is genuine and not counterfeit.
The journey of a smartphone from the factory to the consumer includes several stages, each of which provides an opportunity for attackers to compromise the device. Contrary to popular belief, even a factory-sealed device is not immune to security risks. Malware can be inserted into the Android program code at any time before the device is packaged.
This risk is exacerbated by the fact that modern smartphones run on software that contains contributions from operators, manufacturers, and third-party libraries. A single error in the supply chain can put devices at risk. Moreover, once you start using your smartphone, seemingly safe apps can be replaced with malicious code, and software updates can be intercepted over the air.
Pixel Binary Transparency перевіряє операційну систему Android на смартфонах Pixel, щоб підтвердити, що код є саме таким, яким він має бути. It uses publicly available cryptographic logs to store records of what a real Pixel software installation should look like. These logs use a cryptographic structure known as the Merkle tree, which makes it easy to quickly check large amounts of data for signs of tampering. Any unauthorized changes to the software will be easily visible.
Although Google recognizes that most users will not need this feature due to the existing Android security features, tech-savvy users can try it out using the Android Debug Bridge (ADB) software. This feature is intended to complement existing security measures and will be developed in the future.
Pixel Binary Transparency works together with Android Verified Boot, another security feature that verifies the integrity of the software during the download process. AVB uses a special software “signature” to confirm that the software is genuine and allows the boot process to continue. It also prevents the device from reverting to older, less secure versions of Android.
This new feature is part of Google’s broader strategy to make Pixel devices more attractive by offering top-tier security features along with other benefits such as fast software updates and exclusive apps.