Pixel Binary Transparency is hopefully a Pixel feature you’ll never have to worry about. That is, you’ll never have to worry about it as long as your Android phone is never hacked. Hackers have ways to install an Android version on a target phone that has built-in features to spy on everything you do on a smartphone. But Google’s new Pixel Binary Transparency security feature can be a lifesaver if you ever are a target.
This is a great feature to have in this environment, where hacks can happen all the time. Even during the production and assembly of a device, when the final software is flashed onto it. Ensuring the operating system is genuine is also something you should consider doing when buying used Android handsets. The new Pixel feature in question could help with that.
Other device makers have their own ways to ensure the safety of their operating systems. But they should probably copy Google’s approach. At least when it comes to allowing the customer to verify their smartphone hasn’t been hacked at any point since production.
The security worries
Google detailed the Pixel Binary Transparency feature in a blog post earlier this month that went largely unnoticed until Wired found it.
The feature isn’t entirely new, as Google announced it initially in 2021. But Pixel Binary Transparency appears to be exclusive to Pixel phones for the time being. It complements the existing Android Verified Boot feature, which ensures that software running on a phone or tablet comes from a genuine source.
Pixel Binary Transparency comes in response to an increasing wave of attacks on the software supply chain. The point of this type of hack is to add backdoors to smartphone software. Malicious individuals can then exploit them to spy on their targets.
Google already prevents this with Android Verified Boot. The feature checks whether the Android OS your device is running matches the audited Pixel phone firmware (factory images). With Pixel Binary Transparency on top, you’ll be able to also confirm your Pixel phone is running genuine software.
How Pixel Binary Transparency works
The Pixel Binary Transparency tool is a public cryptographic log that will record all metadata about Pixel factor images, Google explains. Pixel users can then use this to mathematically prove that their software is genuine.
The log is built in such a way that you can only add to it. You can’t modify what was written before. You can’t delete previous additions, either. That means a hacker’s Android OS would not pass the test. Or that it’d be incredibly difficult to insert malicious code and not get caught:
Being append-only provides resilience against attacks on Pixel images as attackers know that it’s more difficult to insert malicious code without being caught, since an image that’s been altered will no longer match the metadata Google added to the log. There’s no way to change the information in the log to match the tampered version of the software without detection (Ideally the metadata represents the entirety of the software, but it cannot attest to integrity of the build and release processes.)
To try it out, you can go to this link and go through all the Pixel Binary Transparency technical details.
The process involves extracting metadata from your phone and running the program that will let you compare it against the log.
We need similar tools on other devices
As cool as the Pixel Binary Transparency tool might be, it’s not something you can do with the press of a button. It’s not available directly on the phone. Maybe that’s what Google should do with a future version of the software. This security feature should be easy to use by any Pixel owner, without having to go through a complex process or learning curve.
While other smartphone vendors have their own software audit and security practices in place, all Android devices could benefit from a similar feature. It’s an effortless way to check that the phone is running genuine Android software, as Google and the manufacturer intended.
On the same note, maybe similar security checks could extend to other operating systems and devices. Apple could always provide similar tools for iPhones, iPads, and Macs, while Microsoft could cover Windows PCs.