New security feature in Android protects users’ backups

by Olivia Morelli - -

Google has announced a new security measure for Android Backup Service – from now on, Google and Android protect its’ customers’ backups.[1]

Android new security feature

Google combines Android Backup Service and Google Cloud’s Titan Technology

The new security feature was developed to encrypt all backup data stored on Android cloud servers. What is more, even Google and Android cannot read the encrypted user data.

Android users are able to automatically backup their app information and settings with their lock screen passwords. In addition, all the data can be simply restored when required without re-configuration of the apps after changing to a new phone.

Until now the user data was not encrypted and Google and Android were able to see the user information.[2]

Starting in Android Pie, the device can use the new capability by generating a random secret key. Then, the secret key, which is also not known by Google will be encrypted using users’ lock screen PIN/pattern/passcode. Finally, the passcode will be securely transferred to a Titan security chip on the company’s servers.

The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user's passcode.

In addition, Titan chip will block access to the backup data if incorrect passcode will be inputted several times, in order to prevent unauthorized access and brute force attacks.

The limited number of incorrect attempts is strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip. By design, this means that no one (including Google) can access a user's backed-up application data without specifically knowing their passcode.

It is worth mentioning that the Android Security & Privacy team hired global security and risk mitigation firm NCC Group which will be completing a security audit, which will increase the security and confidence that this new method prevents anyone from accessing users backup data.

The NNC Group[3] revealed a few security issues that were quickly patched and fixed by Google.

The new security feature will be available for Android 9 Pie operating system

The company has not yet confirmed the list of Android devices that will be capable of using this new security feature, but it is clear that the Android smartphones or tablets that want to use this technology, must support the latest Android 9 Pie operating system.

About the author

Olivia Morelli
Olivia Morelli - Senior Media writer

Olivia Morelli is a senior media writer on Reviewedbypro.com. Her favorite topic to write about is ransomware attacks and how to deal with them, but she also enjoys covering the topics of other types of malware and VPNs.

Contact Olivia Morelli
About the company Esolutions

References



Ask
now online
news
Subscribe
Privacy
Security
Recovery
Utilities
Like us on Facebook