From the end of Joseph Menn’s report for Reuters today, claiming Apple dropped plans for encrypted iOS backups after the FBI objected:
In October 2018, Alphabet Inc’s Google announced a
similar system to Apple’s dropped plan for secure backups. The
maker of Android software, which runs on about three-quarters of
the world’s mobile devices, said users could back up their data to
its own cloud without trusting the company with the key.
Two people familiar with the project said Google gave no advance
notice to governments, and picked a time to announce it when
encryption was not in the news.
First, while Android runs on 75 percent of mobile devices worldwide, not all of those devices use Google services like backup. None of the Android phones in China, for example — which is a lot of phones. It’s lazy to conflate Android phones with Google Android phones.
Second, I wasn’t aware of this until today. And it makes iCloud’s lack of backup encryption look bad. From Google’s official announcement of the feature a little over a year ago:
Starting in Android Pie, devices can take advantage of a new
capability where backed-up application data can only be decrypted
by a key that is randomly generated at the client. This decryption
key is encrypted using the user’s lockscreen PIN/pattern/passcode,
which isn’t known by Google. Then, this passcode-protected key
material is encrypted to a Titan security chip on our
datacenter floor. The Titan chip is configured to only release the
backup decryption key when presented with a correct claim derived
from the user’s passcode. Because the Titan chip must authorize
every access to the decryption key, it can permanently block
access after too many incorrect attempts at guessing the user’s
passcode, thus mitigating brute force attacks. The limited number
of incorrect attempts is strictly enforced by a custom Titan
firmware that cannot be updated without erasing the contents of
the chip. By design, this means that no one (including Google) can
access a user’s backed-up application data without specifically
knowing their passcode.
I can’t find much additional information about this. For example, how many failed attempts trigger the permanent lockout to the backup? That would be useful to know, but I can’t find it.
It also doesn’t seem to be optional on (some?) devices that support it. My Pixel 4 running Android 10 (Android Pie was version 9) doesn’t say anything about backups being encrypted by my device passcode — I believe they just are.
Not sure why the Department of Justice isn’t publicly complaining about this.
(Keep in mind that anything with a web interface, like Google Photos and Google Docs and Google Drive, cannot be end-to-end encrypted. Same goes for iCloud Photos.)
★ Tuesday, 21 January 2020