Android 9 and Later Offers Encrypted Backups to Google Android Users

From the end of Joseph Menn’s report for Reuters today, claiming Apple dropped plans for encrypted iOS backups after the FBI objected:

In October 2018, Alphabet Inc’s Google announced a similar system to Apple’s dropped plan for secure backups. The maker of Android software, which runs on about three-quarters of the world’s mobile devices, said users could back up their data to its own cloud without trusting the company with the key.

Two people familiar with the project said Google gave no advance notice to governments, and picked a time to announce it when encryption was not in the news.

First, while Android runs on 75 percent of mobile devices worldwide, not all of those devices use Google services like backup. None of the Android phones in China, for example — which is a lot of phones. It’s lazy to conflate Android phones with Google Android phones.

Second, I wasn’t aware of this until today. And it makes iCloud’s lack of backup encryption look bad. From Google’s official announcement of the feature a little over a year ago:

Starting in Android Pie, devices can take advantage of a new capability where backed-up application data can only be decrypted by a key that is randomly generated at the client. This decryption key is encrypted using the user’s lockscreen PIN/pattern/passcode, which isn’t known by Google. Then, this passcode-protected key material is encrypted to a Titan security chip on our datacenter floor. The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user’s passcode. Because the Titan chip must authorize every access to the decryption key, it can permanently block access after too many incorrect attempts at guessing the user’s passcode, thus mitigating brute force attacks. The limited number of incorrect attempts is strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip. By design, this means that no one (including Google) can access a user’s backed-up application data without specifically knowing their passcode.

I can’t find much additional information about this. For example, how many failed attempts trigger the permanent lockout to the backup? That would be useful to know, but I can’t find it.

It also doesn’t seem to be optional on (some?) devices that support it. My Pixel 4 running Android 10 (Android Pie was version 9) doesn’t say anything about backups being encrypted by my device passcode — I believe they just are.

Not sure why the Department of Justice isn’t publicly complaining about this.

(Keep in mind that anything with a web interface, like Google Photos and Google Docs and Google Drive, cannot be end-to-end encrypted. Same goes for iCloud Photos.)

Tuesday, 21 January 2020