MobileNews

Google’s Pixel phones are the first Android 11 devices to get stringent MDF security certification

From getting major Android releases that improve privacy first to monthly patches and the Titan M chip, security is often an under-discussed selling point of Pixel phones. The latest security advantage sees Pixel devices on Android 11 get Common Criteria’s Mobile Device Fundamentals Protection Profile certification.

Companies turn to independent certifications to verify their product’s security claims. Common Criteria (CC) is behind the Mobile Device Fundamentals (MDF) Protection Profile that many regulated industries require devices have to ensure corporate data is “backed by the strongest possible protections.”

The certification, performed by an authorized lab, looks at “real-world threats facing both consumers and businesses.” This includes network eavesdropping and attack, physical access, malicious or flawed applications, and persistent presence. Google’s Pixel devices counter these threats with:

  • Protected Communications (encryption of data-in-transit) – Cryptographic algorithms and transport protocols used to encrypt the Wi-Fi traffic and all other network operations and communications. 
  • Protected Storage (encryption of data-at-rest) – Cryptography provided by the system on chip, trusted execution environment, and any other discrete tamper resistant hardware such as the Titan M and the Android OS. Specifically looking at things like implementation of file-based encryption, hardware root of trust, keystore operations (such as, key generation), key storage, key destruction, and key hierarchy.
  • Authorization and Authentication – Mechanisms for unlocking the user’s devices, such as password, PIN or Biometric. Mitigation techniques like rate limiting and for biometrics, False Acceptance and Spoof Acceptance Rates.
  • Mobile Device Integrity – Android’s implementation of Verified Boot, Google Play System Updates, and Seamless OS Updates.
  • Auditability – Features that allow a user or IT admin to log events such as device start-up and shutdown, data encryption, data decryption, and key management.  
  • Mobile Device Configuration – Capabilities that allow the user or enterprise admin to apply security policies to the device using Android Enterprise

Last month, all currently supported Pixel devices (3 and later) running Android 11 completed the MDF security certification. Google says it’s the first manufacturer to be certified on the latest OS, while only two others in recent years have continually been certified on every OS version: Samsung, and Apple. Meanwhile, Google is working to make it easier for other OEM partners to meet these security requirements by making them a part of AOSP.

Besides the business advantages, Google explains how regular customers benefit and commits to continually achieving this certification:

We believe in making security & privacy accessible to all of our users. This is why we take care to ensure that Pixel devices meet or exceed these certification standards. We’re committed to meeting these standards moving forward, so you can rest assured that your Pixel phone comes with top-of-the-line security built in, from the moment you turn it on.


Check out the latest Samsung phones at great prices from Gizmofashion – our recommended retail partner.


Author: Abner Li
Source: 9TO5Google

Related posts
AI & RoboticsNews

Nvidia and DataStax just made generative AI smarter and leaner — here’s how

AI & RoboticsNews

OpenAI opens up its most powerful model, o1, to third-party developers

AI & RoboticsNews

UAE’s Falcon 3 challenges open-source leaders amid surging demand for small AI models

DefenseNews

Army, Navy conduct key hypersonic missile test

Sign up for our Newsletter and
stay informed!