Security is important and Google knows it, but do you know what’s more important? The perception of security. Now I don’t mean that’s actually more important but if people don’t perceive a device as secure it doesn’t matter how secure it is?
In an effort to emphasise the security aspects of their latest high-end, high cost, smartphones – the Pixel and Pixel XL – Google have pushed out a security post to let people know just what security features the Pixels are packing.
So what security features can Pixel owners expect? These:
- File-based encryption: This basically means the different files are decrypted with different keys, so even if the encryption of a specific file is cracked it will only be for that one file.
- Direct Boot: Direct boot allows the device to decrypt services you need immediately like Clock alarms, phone and accessibility settings on boot meaning you don’t need to unlock/ decrypt your device to access them straight away.
- Trust Zone: Using the ARM architecture the Pixels can store and execute security keys on the processor meaning that even if the Android kernel is compromised your keys remain safe.
- Verified Boot: As part of the Trust Zone the Pixels now contain Verified Boot, which checks if the operating system has been changed and if it has will not decrypt the device.
- Timed lockout: As a component of the Trust Zone the processor will also increase the time between unlocking attempts, increasing with each subsequent fail.
Many of these features are also included in the AOSP code base so other OEMs and the modding community will also be able to take advantage of these security measures on their devices and software.
Security is important and it’s great to see Google making investments in security for both the Pixels and Android in general. It should go without saying, which normally means you need to say it, many of these protections only work if you are using a fingerprint, PIN or password on your device. And of course, it would be best if you use a longer more random PIN or password if you’re going to rely on those alone.
The other important thing to realise is all of these systems are only as secure as their implementation. If any of the systems have a zero-day exploit that becomes weaponised then it won’t work. This is why Google – and others – run bug bounty programs and host hacking competitions.
In the end security is an arms race, hoping the good guys find and fix issues before the bad guys find and exploit them. One thing is for sure: I know I feel safer with a Google-managed device & software combination. This was one of the primary reasons I ended up buying a Pixel with my own dollars.