Google’s Pixel phones are the first to meet the Common Criteria’s MDF protection profile on Android 11
Google Pixel smartphones may lack in terms of the overall hardware besides their cameras, but the fastest software updates make them immensely desirable. Pixel devices not only get the best Android features before others, but they also get top-notch security with monthly security updates. In addition to these updates, the dedicated Titan M security chip is claimed to offer enterprise-grade privacy protection. Now, the Pixel devices running Android 11 are also the first to meet Common Criteria’s MDF security standards.
Mobile Device Fundamentals (MDF) Protection Profile by Common Criteria outlines guidelines that IT companies across 31 countries around the world must follow. These guidelines ensure the enterprise user data is safeguarded by “strongest possible protections,” Google notes in a blog post. This certification allows Google to endorse its Pixel devices running Android 11 — i.e., Pixel 3 and above — which are the best-suited devices for corporate users with a lot of sensitive data to protect.
What makes Common Criteria’s MDF guidelines even more convincing is that the evaluation is performed in a lab where experts test a device’s resilience against various “real-world threats facing both consumers and businesses.” The tests are performed to warrant “every mitigation works as advertised.” To verify the mitigations in case of different threats on Pixel devices, the lab evaluates the function of:
- Protected Communications – to ensure traffic across all communications and networks, including Wi-Fi, are encrypted.
- Protected Storage – to ensure storage encryption and tamper-proof mechanisms such as the Titan M chip.
- Authorization and Authentication – to check against spoofing and false acceptance
- Mobile Device Integrity – to verify Android’s implementation of Verified Boot, Google Play System Updates, and Seamless OS Updates.
- Auditability – for users to reports or IT admins to check for events such as device start-up and shutdown, data encryption, data decryption, and key management.
- Mobile Device Configuration – for enterprise admins to enforce Android Enterprise’s security policies for the camera, location, or app installation.
Other than for enterprises, these security features also ensure that a user is protected against snooping and/or general or targetted attacks. For instances in which your Pixel phone gets lost or stolen, the chances of your personal data getting accessed are lowered due to these safeguards.
Google adds, “the features required to satisfy the necessary security requirements are baked directly into the Android Open Source Project.” These tools have been published on GitHub for OEMs to use them for similar certifications. In addition to the MDF Protection Profile, Google will also aid OEMs in getting certified for the National Institute of Technology’s Cryptographic Algorithm and Module Validation Programs as well as the US Department of Defense’s Security Technical Implementation Guide.