Earlier today, Qualcomm revealed the full specifications and features of their latest premium Snapdragon 800 series SoC: the Qualcomm Snapdragon 865 mobile platform. We covered all of the major details you need to know in that article, but as always, there are smaller tidbits of information that were revealed during the keynote. During the keynote, Jesse Seed, a senior director of product management at Qualcomm, talked about some of the new security features in the Snapdragon 865. Notably, the Secure Processing Unit (SPU), the on-die secure element responsible for protecting biometric credentials, payment information, and SIM data, now fully supports dual SIM, dual standby and Android 11's upcoming IdentityCredential API.

Integrated Dual SIM, Dual Standby

Android smartphones with eSIMs are still scarce, though there are a few on the market, including the Pixel 2, Pixel 3, Pixel 3a, Pixel 4, Galaxy Fold, and the Motorola Razr. Storing SIM card data requires secure hardware, which for most devices means needing a dedicated chip. For the Pixel 2, that's the ST Microelectronics ST33G1M2 32 bit MCU with ARM SecurCore SC300, according to iFixit's teardown. The Secure Processing Unit on the Snapdragon 855, however, has smartcard equivalent EAL4+ certification, meaning it's been deemed secure enough to handle SIM data. Qualcomm partnered with a company called Gemalto to enable eSIM support in the Snapdragon's Secure Processing Unit.

Qualcomm Snapdragon 865 Dual SIM, Dual Standby support in the Secure Processing Unit

Expanding on this work is the announcement that the SPU in the Snapdragon 865 now fully supports dual SIM, dual standby (DSDS). This means that not only can the SPU store eSIMs provisioned from more than one carrier, but the secondary, inactive eSIM can still receive calls and texts.

Support for Android 11's IdentityCredential API

Back in March, Google started working on a new IdentityCredential API. This API allows for storing credentials, such as a driver's license or passport, electronically on the device. Google announced at I/O 2019 that they're working with ISO to standardize the implementation of mobile driver's licenses, and that they'll develop a Jetpack support library so applications can support asking for identity credentials. Now, Qualcomm has confirmed that the SPU in the Snapdragon 865 supports Google's IdentityCredential API.

Qualcomm Snapdragon 865 supports Android 11's IdentityCredential API

To be more precise, this announcement likely means that the Snapdragon 865 will support the "direct access" mode mentioned by Google in the IdentityCredential HAL implementation. This mode allows the credential to be pulled up even when there isn't enough power to boot the main Android OS.

Update: Shawn Willden from Google shared some technical information on how direct access mode may be supported. According to him, it's unlikely the SPU will support direct access mode since it's integrated into the SoC. If the secure element were integrated into a discrete chip like the NFC controller, it would be easier to support. However, there's a possibility that Qualcomm may have found or is working on a way to make this work.

The API is still a work-in-progress but we're tracking its progress in AOSP. Google plans on releasing this API along with the Jetpack library in the next Android release, which is Android 11.