It’s not in Google’s best interests for its smartphones to be easily compromised, and the tech giant has just rolled out a new security feature that for now is exclusive to Pixel devices: Pixel Binary Transparency.
You can think of it like a certificate of authenticity for your phone. It proves that the Pixel handset you have in your hands is the genuine article and not one that’s been modified at the software level—potentially with security consequences.
While this is Pixel-only at the moment, it joins the existing Android Verified Boot feature in making sure that the phone that’s in your hand hasn’t been tampered with in any way—perhaps even before it reached you.
Along with speedy software updates, exclusive apps, and top-level camera performance, Google wants this new security feature to be another reason you’ll buy a Pixel over anything else—and here’s how it works.
The Security Problem
There are a lot of steps along the way before your new smartphone reaches you in its tidily cellophaned box, and all of those steps can be exploited by bad actors looking to take control of your device. If you think that opening a factory-fresh device means you don’t have any security concerns to worry about, you’d be wrong.
Malware can be inserted into software code—Android software code, in this case—before a new handset gets put in the box. Remember that, as well as the basic Android operating system, you have additions by carriers and manufacturers (including Google and Samsung), not to mention a host of third-party libraries and open source code that all today’s software is built on.
It only takes one part of the supply chain process to get exploited—one check that isn’t carried out, or one assumption that is wrong—for devices to be put at risk. These attacks can also be launched once you start using your phone, with ostensibly safe apps unknowingly taken over by harmful code. Over-the-air software updates can also be hijacked before reaching users.
If you think about all the businesses involved in maintaining the software on your phone, from individual app developers to corporations such as Google, that’s a lot of attack surfaces for hackers to consider. These kinds of attacks are on the rise too. All of this doesn’t even consider the secondhand market as well, where used and refurbished Android devices (and especially Pixel phones, in this case) sold by prior owners come with no such guarantees that they’re fresh installations of Android that are safe and clear of malware.
Google’s Android Fixes
In simple terms, the new Pixel Binary Transparency checks the Android operating system on a Pixel phone to make sure the code is exactly as it should be. It’s a bit like checking the authenticity of a painting, looking for signs of tampering, or checking that all the office doors and windows are locked at the end of the day. Google has written about the new feature in a blog post, and it says the feature will be built upon in the future.
More specifically, the new Android safety measure uses public cryptographic logs—digital bookkeeping systems—to show what a Pixel installation should look like. Entries can be appended to these logs when new software is released, but they can’t be changed or deleted. In other words, any unauthorized edits are going to stand out.
The logs use what’s known as a Merkle tree to maintain the integrity of the records within them, a cryptographic structure that speeds up the process of checking large amounts of data for any tampering. The approach means that much smaller portions of data can be analyzed to identify whether or not any changes have been made.
While Google itself admits that most users won’t need the Pixel Binary Transparency feature because of the other safeguards already in place on Android, you can in fact try it out on your own Pixel phone or tablet. You’re going to need to be familiar with compiling code and using the Android Debug Bridge (ADB) software that lets you analyze Android devices from a computer.
Pixel Binary Transparency complements the existing Android Verified Boot (AVB) safeguard, which works in a similar way. The instant that an Android device boots up, it looks for a special software “signature” (a little like a password) verifying that all is well, the software is untampered with, and the boot process can continue. As with Pixel Binary Transparency, any tampering is virtually impossible to conceal. At the same time, AVB also protects the device from being rolled back to older, less secure versions of Android.