3 min read

Barring the Google+ security incident, Google has had an excellent track record for providing exceptional security services to protect different levels of users’ data with ease. Android 9, now aims to provide users with more options to protect user data. To enhance user data security, Android will now be combining Android’s Backup Service and Google Could’s Titan technology to protect data backups while also maintaining the required privacy.

Complete backed-up users’ data is essential for rich user experience

A lot of time and efforts may be required to create an identity, adding new data, and customizing the users’ settings based on their preferences for an individual app. Whenever the user upgrades to a new device or re-installs the applications, preserving the user data is a must for smooth user experience. A huge chunk of data is generated when using mobile apps, thus adopting proper techniques is necessary to backup the required data. Backing up a small amount of data can be frustrating for users especially when they open the app on a new device.

Android Backup service + Titan technology = Secured data backups

With Android Pie, devices can now take advantage of a new technique where backed-up application data can only be decrypted using a key. This key is randomly generated at the client. You can encrypt the key using the user’s lock screen PIN/Pattern/passcode, which isn’t known to Google.

The password-protected key is encrypted to a Titan security chip on Google Cloud’s datacenter floor. The titan chip is configured in such a way that it will release the backup encryption key only when it is presented with a correct claim derived from the user’s passcode. The titan chip must authorize every access to the decryption key, thus it can permanently block access after too many incorrect attempts at guessing the user’s password. This will mitigate brute force attacks.

The number of legal attempts is strictly set by a custom Titan firmware. The number cannot be updated or changed without erasing the contents of the chip. This implies that no one can access the user’s backed-up data without knowing the passcode.

Android team hired an external agency for security audit

The Android Security & Privacy team hired global cybersecurity and risk mitigation expert NCC Group to complete a security audit, in order to ensure this new technique prevents anyone (including Google) from accessing users application data.

The result received positive outcomes around Google’s security design processes, code quality validations, and easing known attack vectors. All these aspects were taken into account prior to launching the service. The engineers corrected some issues quickly which were discovered during the audit. In order to get complete details on how the service fared, you can check the detailed report of NCC Group findings.

These external reviews allow Google and Android to maintain transparency and openness which allows users to feel safe about their data, says the Android team.

For a complete list of details, you can refer the official Google blog.

Read more

Data Science fanatic. Cricket fan. Series Binge watcher. You can find me hooked to my PC updating myself constantly if I am not cracking lame jokes with my team.