Description of
Google is preparing the Android ecosystem for the activation of a new key and identification functionality built on applets that run insecure elements.
Google created the Android Ready SE alliance to drive the adoption of smartphones and Android connected devices used as digital keys, identity documents, and wallets for digital currency.
To mark the launch of the alliance, Google launched the General Availability (GA) version of the StrongBox for SE applet. SE is the abbreviation for Secure Element, a discreet and tamper-proof piece of hardware, such as Google's Titan M chip.
While most modern phones come with an OS, the alliance aims to standardize several Android OEMs around how Pixel devices use the Titan M chip as a tamper-proof hardware enclave. The StrongBox Android, which operates in this material enclave on phones Pixel, is used to store the encryption keys in an isolated environment of the processor.
Create validated and open source OS applets
Google notes that StrongBox and Titan M-like hardware will be important for emerging user functionality, including digital keys for your car, home, and office, identification documents such as mobile driver's license, card, etc. national identity and electronic passports, as well as the wallet for digital currency.
The SE Alliance is working with Google to create validated, open-source SE applets, such as StrongBox for SE. This applet is available from alliance members, including chipmakers Giesecke + Devrient, Kigen, NXP, STMicroelectronics, and Thales.
Google has confidence in the security of its Titan M chip and considers it important enough to warrant a million-dollar reward for anyone who finds a way to achieve a full-chain remote code execution exploits with persistence that will compromise data protected by the chip.
Additionally, StrongBox can be applied on WearOS, Android Auto Embedded, and Android TV devices.
Interoperable and secure applets in the ecosystem
Android phone brands or OEMs will need to choose hardware validated with an SE alliance vendor and work with Google to provide attestation keys/certificates in the SE factory. Android original equipment manufacturers will also need to use the general availability version of the StrongBox for SE applet, appropriate for the specific OS being used.
Google says it's prioritizing the development of applets for driver's licenses and mobile IDs, as well as digital car keys for future versions of Android. "One of the main objectives of this alliance is to enable the implementation of consistent, interoperable and clearly secure applets throughout the Android ecosystem," says Google on its page dedicated to the Android Ready SE alliance.
“Validated implementations of Android Ready SE applets build confidence in the Android platform. OEMs adopting Android Ready SE can produce devices that are more secure and allow remote updates to enable compelling new use cases as they are introduced into the Android platform.