Ryan Haines / Android Authority
TL;DR
- Google has announced a Pixel Binary Transparency feature.
- This will let users manually verify their Pixel firmware to ensure it isn’t hacked.
- The feature joins Android Verified Boot in fighting against supply chain attacks.
Google already offers an under-the-hood Android Verified Boot feature to check that your firmware comes from a trusted source. Now, the company has announced a way for users themselves to check that they’re running a trusted version of Android on their Pixels.
Google says the so-called Pixel Binary Transparency feature is a response to software supply chain attacks. These attacks see software being compromised before the device gets to users.
Pixel Binary Transparency sees Google generating a public cryptographic log of metadata for factory firmware images. From here, Pixel owners can use this log to “mathematically prove” that their firmware is indeed the real deal supplied by Google and not hacked.
“There’s no way to change the information in the log to match the tampered version of the software without detection,” the Pixel maker adds.
Has your smartphone ever been hacked?
328 votes
The company reiterates that most users won’t need to use the Pixel Binary Transparency feature as Android Verified Boot ensures the authenticity of the firmware, to begin with. You can nevertheless check out this page for instructions to try the new feature, which requires connecting to the device via ADB.
It stands to reason that this feature won’t come to top smartphones from other brands just yet given the Pixel-focused nature of it. But we wouldn’t mind seeing other manufacturers offering their own take on this capability.
