From getting major Android releases that improve privacy first to monthly patches and the Titan M chip, security is often an under-discussed selling point of Pixel phones. The latest security advantage sees Pixel devices on Android 11 get Common Criteria’s Mobile Device Fundamentals Protection Profile certification.
Companies turn to independent certifications to verify their product’s security claims. Common Criteria (CC) is behind the Mobile Device Fundamentals (MDF) Protection Profile that many regulated industries require devices have to ensure corporate data is “backed by the strongest possible protections.”
The certification, performed by an authorized lab, looks at “real-world threats facing both consumers and businesses.” This includes network eavesdropping and attack, physical access, malicious or flawed applications, and persistent presence. Google’s Pixel devices counter these threats with:
- Protected Communications (encryption of data-in-transit) – Cryptographic algorithms and transport protocols used to encrypt the Wi-Fi traffic and all other network operations and communications.
- Protected Storage (encryption of data-at-rest) – Cryptography provided by the system on chip, trusted execution environment, and any other discrete tamper resistant hardware such as the Titan M and the Android OS. Specifically looking at things like implementation of file-based encryption, hardware root of trust, keystore operations (such as, key generation), key storage, key destruction, and key hierarchy.
- Authorization and Authentication – Mechanisms for unlocking the user’s devices, such as password, PIN or Biometric. Mitigation techniques like rate limiting and for biometrics, False Acceptance and Spoof Acceptance Rates.
- Mobile Device Integrity – Android’s implementation of Verified Boot, Google Play System Updates, and Seamless OS Updates.
- Auditability – Features that allow a user or IT admin to log events such as device start-up and shutdown, data encryption, data decryption, and key management.
- Mobile Device Configuration – Capabilities that allow the user or enterprise admin to apply security policies to the device using Android Enterprise.
Last month, all currently supported Pixel devices (3 and later) running Android 11 completed the MDF security certification. Google says it’s the first manufacturer to be certified on the latest OS, while only two others in recent years have continually been certified on every OS version: Samsung, and Apple. Meanwhile, Google is working to make it easier for other OEM partners to meet these security requirements by making them a part of AOSP.
Besides the business advantages, Google explains how regular customers benefit and commits to continually achieving this certification:
We believe in making security & privacy accessible to all of our users. This is why we take care to ensure that Pixel devices meet or exceed these certification standards. We’re committed to meeting these standards moving forward, so you can rest assured that your Pixel phone comes with top-of-the-line security built in, from the moment you turn it on.
Author: Abner Li
Source: 9TO5Google
