Google Pixel 3 supports secure transactions via Android Protected Confirmation API
Android Pie has been focusing on the privacy and security improvements since the first developer preview. “P stands for Privacy” is something we bloggers wanted to hear on the Google I/O announcement of the latest version of Android. Somehow, Google never said those exact words, but they made it very clear that Android P will take a step further in protecting the users’ privacy. We can see that the search engine giant lived up to the claim. Just a couple of days ago, Google introduced an offline application authentication protocol, which will make sure that both developers and users will benefit from peer-to-peer sharing an app.
Today, Google talked about yet another security measure: Android Protected Confirmation API, which works on a hardware level. This interface will allow both users and transaction receivers, like a bank, to be confident about the transactions. The API works like this: during the critical transaction, an application invokes the mentioned API, which then passes the control to Trusted UI – the hardware interface which the Android Protected Confirmation API is leveraged on. The UI then prompts the user to confirm the details of the transaction.
After confirming the transaction, the intention is cryptographically authenticated when received by the bank, for example. This will give you and the bank an added confidence that the transaction is really valid. But, Android Protected Confirmation API is not just for confirming that you made the right purchase. It will also help you secure One Time Password and transaction confirmation texts. In reality, it is not that hard to perform a MITM attack and sniff the confirmation text out of the user. For example, every time I make a transaction, I get a 4 digit PIN from my bank. If someone gets a hold of this, my security will be severely compromised. Android Protected Confirmation API will make sure that never happens. But how does it work?
Starting with Android Pie, the security interface will automatically sign the confirmation message like the example I gave above. The signing key lives inside the hardware interface – Trusted UI. It is both encrypted and sandboxed, so there is virtually nothing that can sniff that key out of the separated environment. The signing keys are created by the AndroidKeyStore API. So, before the transaction runs through the end-to-end encrypted protocol, it has to issue a KeyStore key and pass the KeyStore attestation. The certificate then certificates that the key can be used for Protected Confirmations. That’s a lot of layers of security, which will be really hard to get into.
Like many things in the Android ecosystem, the developers have to take advantage of Android Protected Confirmation API. During Google I/O 2018, we heard several partners including Royal Bank of Canada, ProxToMe, Nok Nok Labs, and Duo Security are planning to take advantage of the hardware-level Trusted UI and software interface API.
Yet another partner, Insulet, which produces a tubeless patch insulin pumps, showcased how they can use Confirmation API for good. The improved security measures will help the company confirm the amount of insulin to be injected. Users will also be able to feel more confident when using their smartphone for such a life-saving reason. They won’t have to buy other dedicated gadgets and third-party hardware. Here is the video of the verification process in action.
Traditionally, smartphones have never been approved by the US Food and Drug Administration. Google has worked very hard with FDA during he DTMoSt initiative to define a standard for phones to safely control the medical devices, just like the insulin pumps mentioned above. This eliminates the need for purchasing yet another piece of technology for keeping control of your medical needs.
The developers can already implement Android Protected Confirmation API into their applications. Here is the training article which explains how you can use the interface. Keep in mind that you have to first target your application to API level 28, which is Android 9. The feature is absolutely optional in Android Pie, but I don’t see a reason why anyone would not want to implement it into their transaction controlling applications. Because of the dedicated hardware that takes part in encrypting and signing the keys while verifying the authenticity of the transaction, not all devices are supported. Pixel 3 and Pixel 3 XL are the first ones to include both the hardware and software support, but Google said they’re working with other device manufacturers to make sure that market-leading security innovation is used correctly on more devices.
Source: Android Developers Blog