Google is taking additional steps to bolster user privacy and better secure the data of the company’s legions of Android device owners. The company recently announced a change to the Android Backup Service that will encrypt all user backup data stored on its cloud servers, such that even Google itself can’t read it.
Google has long allowed Android users to back up their app data and phone settings to their Google account so when they upgrade their phones, the process of getting the new device set up is quick and painless. However, until this recent change, none of the backup data stored was encrypted.
Beginning with Android Pie, the new encryption paradigm will work as follows:
- Your Android device will generate a random security key that is unknown and invisible to Google
- The key will be encrypted using your passcode, pattern, or lock screen PIN
- Once encrypted, the key will be sent (securely) to a Titan security chip on Google’s servers
As Google explained in a recent blog post: “The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user’s passcode.”
All that sounds good in theory, but what about brute force hacking attempts? The company has an answer for that as well.
Here’s what they had to say about that topic:
“The limited number of incorrect attempts is strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip…by design, this means that no one (including Google) can access a user’s backed-up application data without specifically knowing their passcode.”
The company has not specified which Android smartphones will be able to take advantage of the additional layer of security. All we know at this point is that the device must be running the latest OS (Android 9 – Pie). We expect to get a comprehensive device list from Google in the near future.