Pixel Binary Transparency responds to a new wave of attacks targeting the software supply chain—that is, attacks on software while in transit to users. These attacks are on the rise in recent years, likely in part because of the enormous impact they can have. In recent years, tens of thousands of software users from Fortune 500 companies to branches of the US government have been affected by supply chain attacks that targeted the systems that create software to install a backdoor into the code, allowing attackers to access and steal customer data.
One way Google protects against these types of attacks is by auditing Pixel phone firmware (also called “factory images”) before release, during which the software is thoroughly checked for backdoors. Upon boot, Android Verified Boot runs a check on your device to be sure that it’s still running the audited code that was officially released by Google. Pixel Binary Transparency now expands on that function, allowing you to personally confirm that the image running on your device is the official factory image—meaning that attackers haven’t inserted themselves somewhere in the source code, build process, or release aspects of the software supply chain. Additionally, this means that even if a signing key were compromised, binary transparency would flag the unofficially signed images, deterring attackers by making their compromises more detectable.
I’m sure thus greatly benefits the six people who have a Pixel phone.
Wow, I didn’t know my family accounted for 50% of the global pixel market.
Yes,
That is why Google is dropping the Pixel line, like all other low sales projects, and moving the entire hardware teams to other positions:
https://www.androidpolice.com/alphabet-google-q4-2022-earnings/
(Sorry for the sarcasm, but given many entire teams were affected, but Pixel was not, should have been a strong signal).
I guess I am the other 50% then.
It will be sad if pixel goes away, Anyone know of a different company doing a good software job? And by gfood I mean no requiredment to sign up for a second account with the manufacturer. No installing of their own versions of the apps which can only be hid, not removed so I lose storage when I install the proper google ones (where possible). Samsung being the worst of software by far (work phone so I do know), which is a pitty as they were good at the start of android before they decided they needed theiur own app store. (and to answer the question, No, there is not).
Carrot007,
I think we miscommunicated.
Pixel is one of the safest products in Google. Their marketshare is increasing, and as far as I know, they were not hit strongly by layoffs.
(Though Google being Google, anything can happen)
I’ll note that they’re doing things like $2/mo for 36 month Pixel 7as through AT&T in the US (I myself took advantage of that when my 5a broke, because I really do not want to go Samsung, and I don’t get along with iOS otherwise I’d have an iPhone), which likely helps boost US marketshare at the expense of profits.
This would be great if there was a way to add custom signatures to the system, but there doesn’t appear to be – instead this is just one more cog in the same family of DRM stuff that WEI belongs to.
Yep, this will be used to further sideline custom builds.