Google has announced a new security measure for Android Backup Service – from now on, Google and Android protect its’ customers’ backups.
Google combines Android Backup Service and Google Cloud’s Titan Technology
The new security feature was developed to encrypt all backup data stored on Android cloud servers. What is more, even Google and Android cannot read the encrypted user data.
Android users are able to automatically backup their app information and settings with their lock screen passwords. In addition, all the data can be simply restored when required without re-configuration of the apps after changing to a new phone.
Until now the user data was not encrypted and Google and Android were able to see the user information.
Starting in Android Pie, the device can use the new capability by generating a random secret key. Then, the secret key, which is also not known by Google will be encrypted using users’ lock screen PIN/pattern/passcode. Finally, the passcode will be securely transferred to a Titan security chip on the company’s servers.
The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user's passcode.
In addition, Titan chip will block access to the backup data if incorrect passcode will be inputted several times, in order to prevent unauthorized access and brute force attacks.
The limited number of incorrect attempts is strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip. By design, this means that no one (including Google) can access a user's backed-up application data without specifically knowing their passcode.
It is worth mentioning that the Android Security & Privacy team hired global security and risk mitigation firm NCC Group which will be completing a security audit, which will increase the security and confidence that this new method prevents anyone from accessing users backup data.
The NNC Group revealed a few security issues that were quickly patched and fixed by Google.
The new security feature will be available for Android 9 Pie operating system
The company has not yet confirmed the list of Android devices that will be capable of using this new security feature, but it is clear that the Android smartphones or tablets that want to use this technology, must support the latest Android 9 Pie operating system.