Google has outlined the security features of its latest smartphone, the Pixel, via the Google Security Blog. In a post titled ‘Google Pixel: better, faster, stronger’, two of Google’s senior software engineers describe how the Pixels’ encryption implementation improves the “user experience, performance, and security” of the smartphones.
Unlike the more common smartphone encryption method known as full disk encryption, or FDE, the Pixels make use of a type of encryption known as file-based encryption, or FBE. FBE means that different files are encrypted with different keys that can be unlocked independently.
Using this method, Google says it has combined a smartphone’s unlock and decrypt screen, meaning that users can access applications such as “alarm clocks, accessibility settings, and phone calls” immediately after booting.
Google also discussed its use of ARM’s TrustZone software, which provides two benefits. Firstly, TrustZone enforces the Verified Boot process, which means that it won’t decrypt disk encryption keys if it detects that the OS has been modified/compromised. Secondly, TrustZone enforces “a waiting period between guesses at the user credential, which gets longer after a sequence of wrong guesses.” With this in place, Google says that trying all of a smartphone’s four-point lock screen patterns would take more than four years.
Finally, Google talked about how it dropped industry-standard eCryptFS encryption – which Google said didn’t meet its performance requirements – for an encryption method created directly inside Android’s ext4 filesystem. Google said that the ext4 encryption performance is “similar to full-disk encryption, which is as performant as a software-only solution can be.”
Find out everything Google had to say about its Pixels security in the blog post here.