In its ongoing strategy of ever improving security, Google has announced a new measure for Android Backup Service. This measure means it now encrypts all your backup data stored on its cloud servers in a way that even Google itself cannot read.
Google allows Android users to automatically backup their vital app data and settings to their Google account. This allows users to restore it when required instead of the pain of reconfiguring all the apps after formatting or when switching to a new phone.
Up until now though your backup data was not encrypted, which meant that anyone could read it including Google. Now, starting with Android Pie, Google will encrypt your device backup data.
It does this with your Android device generating a random secret key that is not available to Google. The secret key will then get encrypted using your lockscreen PIN, pattern and passcode.
The password protected secret key will then by sent to a Titan Security chip on Google’s servers.
This means that your backup data will get encrypted or decrypted if the lockscreen password is authorised through Titan’s security chip. To prevent brute force attacks, the Titan chip will permanently block access if someone inputs an incorrect password multiple times. The limited number of incorrect attempts is, according to Google, strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip.
Google introduced the Titan security chip last year in an effort to improve its anti-hacking strategies. Titan scans hardware to ensure it has not been tampered with. The size of a tiny stud earring Google has had it installed to protect the servers running its own services like search, Gmail and YouTube.
It was then installed last year in each of the many thousands of computers servers and network cards that populate its massive data centres that power Google’s cloud services.
Google employed risk mitigation firm NCC Group who performed a security audit of the new feature and found a number of issues that Google resolved.
So far, Google has yet to confirm which Android smartphones will be able to run the new security feature. But at a minimum, any device would be running the latest Android 9 Pie operating system.