In an effort to secure users’ data while maintaining privacy, Google has announced a new security measure for Android Backup Service that now encrypts all your backup data stored on its cloud servers in a way that even the company can’t read it.
Google allows Android users to automatically backup their essential app data and settings to their Google account, allowing them to simply restore it when required, instead of re-configuring all the apps after formatting or switching to a new phone.
However, until now your backup data was not encrypted and visible to Google, and now the company is going to change its storage procedure.
Starting with Android Pie, Google is going to encrypt your Android device backup data in the following way:
Step 1: Your Android device will generate a random secret key (not known to Google),
Step 2: The secret key will then get encrypted using your lockscreen PIN/pattern/passcode (not known to Google),
Step 3: This passcode-protected secret key will then securely sent to a Titan security chip on Google’s servers,
So, your Android back data will get encrypted or decrypted only if the lockscreen passcode get authorized through the Titan security chip.
“The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user’s passcode,” Google writes.
In other words, the Titan security key will not decrypt any of your backup data unless it detects the lockscreen passcode you have used to request for decryption.
To prevent brute force attacks, Google’s Titan chip will permanently block access to the backup data if someone inputs incorrect passcode combinations several times in an attempt to guess it.
“The limited number of incorrect attempts is strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip,” Google says.
“By design, this means that no one (including Google) can access a user’s backed-up application data without specifically knowing their passcode.”
Google also hired cybersecurity and risk mitigation firm NCC Group to perform a full security audit of the new Android Cloud Backup/Restore feature. NCC discovered a few issues, which were quickly fixed by the company.
Google has not yet confirmed that which Android smartphones will be able to use this additional layer of security, but it is clear that the device must be running the latest Android 9 Pie operating system. found to have pre-installed malware on them. The malware has been called RottenSys and is disguising itself as a system app.
images from Hacker News