Pixel Binary Transparency lets users check for themselves that the Android factory image is genuine and hasn’t been tampered with somewhere along the supply chain prior to them actually acquiring the phone.
It expands on Android Verified Boot, which ensures that the stock code actually comes from the hardware vendor. For Google phones, it verifies that the code on the phone is the same that has been audited by Google to make sure that there are no backdoors present in the software.
Google says that Binary Transparency will let users check that the official factory image from Google is really on their phone, which ensures that, “attackers haven’t inserted themselves somewhere in the source code, build process, or release aspects of the software supply chain.”
It uses a public cryptographic log to mathematically prove that their devices are free from code that has been interfered with. Google has provided instructions to users on how to run the check that their image is the same as listed in the log, which involves “extracting the relevant metadata, then comparing their recomputed root hash with the root hash contained in the published checkpoint.”
“If they match, then the Pixel owner can be assured of some protections exemplified in the Threat Model,” it added.
The log makes use of a Merkle tree which makes it impossible for the log to be changed or deleted; it is append-only. If an image does manage to be tampered with by hackers, then it will be obvious as it will no longer match up with metadata in the log.
Android Verified Boot is a more user-friendly to make sure that your device is running legitimate Android software, with Binary Transparency designed for the more for the power user.
Google also said that it will build on the new feature even further in future, “to make even more security data transparent for users, allowing proactive assurance for a device’s other executed code beyond its factory image.”