Google’s got your back when it comes to your backups, it says – and it’s even promising to keep its own peepers off the goods.
On Friday, Google announced that it’s brokered a marriage between Android’s Backup Service and Google Cloud’s Titan Technology to keep your backups encrypted so that even the Googlemeister itself can’t decrypt your stuff.
It’s using its newish Titan security to do that. Rolled out in July, Titan technology includes a tiny USB device – a Yubico-esque security key that offers hardware-based two-factor authentication (2FA) for online accounts to keep them from getting hijacked.
In the case of Android backups, starting with its ninth operating system – that would be Android Pie, released in August – Android devices can take advantage of the new encryption by way of a decryption key that will be randomly generated on the device. The decryption key is encrypted using the user’s lock screen PIN/pattern/passcode, which Google doesn’t know.
That passcode-protected key will then be encrypted to a Titan security chip on a Google server. Google says its Titan chip is configured to only release the decryption key when presented with a “correct claim” coming from a user’s passcode. The Titan chip will keep track of how many attempts are made while inputting a passcode, thus blocking brute-force account attacks.
Google says custom Titan firmware will “strictly enforce” the limit on incorrect attempts. That firmware can’t be updated without erasing the chip’s contents. This will keep anyone – including Google – from getting at your backed-up app data without knowing your passcode, Google says.
Google wants us to trust that this new technology is going to keep snoopers, data thieves and hijackers from getting at your backed-up app data. To earn our faith, the company hired NCC Group to run a security audit on it.
Some issues did crop up, but Google says its engineers fixed them quickly. Here’s a detailed report on NCC’s findings, as well as details on how the new service works end to end, if you’d like to judge for yourself.
Google’s not kidding when it says end to end: the NCC report touches on physically crushing the tiny Titan chip with a grommet press when ready for the scrap yard. These chips are super small, so they actually do have to be given special care to ensure your data goes ten-toes-up if a chip fails.
Google hasn’t listed which Android smartphones are going to get this special Titan encryption/decryption treatment beyond mentioning that they’ve got to be running the latest version of Android 9 Pie.
In other words, if you’re using a Google Pixel, you could well have this already: Google’s hardware chief Rick Osterloh said on Friday that over 75% of Pixel users have already updated to Android Pie.
Pixel users upgrade to new Android releases very quickly; >75% of Pixel users are on the terrific Android Pie release, and more are updating every day. #madebygoogle https://t.co/LPej2BUtHX
— Rick Osterloh (@rosterloh) October 12, 2018
For the rest of us Androiders, it’s going to be the same hurry-up-and-wait Android situation as phone manufacturers gradually incorporate the operating system update.
Da Jestre
Question.
If the recovery is limited to x times of incorrect attempts and the key is obliterated after that how do you stop a 3rd party from intentionally corrupting the system with too many attempts and borking your key & data backup?
Nobody
This sounds like good news, but what about all of the users who use passcodes like “1234” for their lockscreens? I use a 9 digit passcode that I generated by rolling physical d10s but I think most people don’t.
Paul Ducklin
Wouldn’t 10 D10 rolls have a more elegant feel?
Anonymous
The image shows a lock screen pattern and the article mentions using a pattern to derive an encryption key. Is that correct? IIRC, to use Android encryption at all you have to set a passcode or passphrase first – if you have a pattern then the encryption options aren’t available. Or do I misremember?
Jai
Can you decrypt the backup file on google drive if the old device password is not available?
Mithun
If we forgot old device passcode then how we can restore the backup on new mobile device