Google Pixel 4a and Pixel 4 are the first to receive ioXt’s security certification
Security has become a cornerstone topic in the last year, especially when it comes to keeping information private from third-party companies. Not every Android device gets frequent and timely security updates, but if you decide to purchase the recently-announced Pixel 4a, you’ll be happy to learn that Google’s new phone is as secure as they come. Now, the company has announced that it, along with the Pixel 4 and Pixel 4 XL, have received ioXt certification against the Android Profile.
Google revealed the news on its security blog, discussing the importance of ioXt certification.
The Internet of Secure Things Alliance (ioXt) manages a security compliance assessment program for connected devices. ioXt has over 200 members across various industries, including Google, Amazon, Facebook, T-Mobile, Comcast, Zigbee Alliance, Z-Wave Alliance, Legrand, Resideo, Schneider Electric, and many others. With so many companies involved, ioXt covers a wide range of device types, including smart lighting, smart speakers, webcams, and Android smartphones.
One of the main criteria used in the ioXt Android Profile is known as Security by Default, which rates devices by cumulatively scoring the risk for all preloaded apps on a particular device. Google said it worked with the security researchers behind the Android Device Security Database to create an open-source tool called Uraniborg that calculates a score based on the security risks of preloaded apps.
For this particular measurement, we worked with a team of university experts from the University of Cambridge, University of Strathclyde, and Johannes Kepler University in Linz, who created a formula that considers the risk of platform signed apps, pregranted permissions on preloaded apps, and apps communicating using cleartext traffic.
In addition to considering the safety of preloaded apps, the ioXt Android Profile certification also considers the biometric authentication strength, security update frequency, length of security support lifetime commitment, and vulnerability disclosure program quality.
In addition to the Pixel 4, Pixel 4 XL, and Pixel 4a, all future Pixel phones will be submitted to get ioXt certification, Google said. Of note, ioXt certification will be required for any device that runs Android 11 and is part of Google’s Android Enterprise Recommended program.
Source: Google Security Blog