What is the strategy to protect personal information within the device that Google Pixel 2 practices?

A device such as a smartphone or tablet stores many personal information. So, Google seems to be continuing efforts to protect these information on Android devices. About the data protection efforts that Google actually carries out, what we are practicing with Google Pixel 2 is clarified on the developer blog.

Android Developers Blog: Insider Attack Resistance
https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html

According to Google, all user data stored on the Google Pixel device is encrypted by firmware. This firmware decrypts saved data so that it can be read from the outside by triggering that the correct password is input from the user. Since there is a restriction on password input, it is also called brute force attackBrute force attackIt is also possible to mitigate the threat of.

Also, in order to prevent the attacker from rewriting the firmware into a malicious version,Digital signatureWe have adopted the upgrade method using. For this reason, in order for an attacker to rewrite the firmware to a malicious version, it is necessary to either exploit the vulnerability of the digital signature check processing or to intentionally access the encryption key used for the digital signature to legitimate the malicious firmware There is no way other than letting me sign it. In addition, Android says that software that checks digital signatures is quarantined in places that can not easily be accessed, and it is not practical to investigate vulnerabilities in software.

However, if the encryption key is similarly isolated, the digital signature itself can not be performed, so the encryption key must be accessible from the outside without fail. Many device manufacturers adopt a method of strictly limiting the number of people who can access the encryption key to cope with this problem. Google notes that there is no error in this method itself, but points out that there are problems. This is because the user who operates the terminal is included in the user who can access the encryption key, and the encryption key is always accessible through the user. As a result, there is a threat that the firmware will be upgraded to a malicious version due to incorrect tap operation by the user.


Therefore, Google Pixel 2 implements a security module for tamper prevention to protect the encryption key. With this module, users will not be able to upgrade their firmware unless they enter the correct password. In addition, although it is possible to upgrade the firmware of the terminal exceptionally without user's authentication for reasons such as returned goods etc., if you upgrade without password input, the user data is automatically deleted, Google explains that it is possible to protect the user's personal information.