A recent blog post from Google breaks down how the new Android features & # 39; Keystore & # 39; Keep your pie slice safer.
Some of these connections into the Titan M security chips are installed on Pixel 3 devices, but other parts of Keystore are on the operating system level. In other words, some of the new Keystore features help any Android 9.0 Pie user.
Keystore gives application developers a set of cryptographic tools designed to secure user data. One of the benefits of Keystore is that it transfers tools available on Android OS to secure hardware on your device. It adds additional security, as applications can only use these encryption keys within secure hardware, protecting them from various attacks.
One of the new capabilities KeyStore introduced with Android Pie is Keyguard Billed Keys.
Mobile applications typically receive data but do not need immediate access to it. The data must remain secure until the user has to access it. This is where Keyguard buttons enter keys.
Applications can not use these keys for decryption or signing when the screen is locked. However, when a user opens the device, the keys connected to the Keyguard will be available for use.
While this keyuggard binding works in a similar way to additional security tools, binding authentication, there is an important distinction. Typing the keys is directly related to the lock status of the screen, while verification verification has a fixed timeout.
It is also worth noting that a keyguard binding happens at the operating system level as secure hardware chips do not know when the screen is locked. However, using a Keyguard binding with binding and hardware-based authentication validation creates a more secure environment for storing important cryptographic data. Moreover, every Android Pie device has access to Keyguard binding as a feature at its operating system level.
Import secure key
The new feature allows devices to import the keys securely. First and foremost, a central point of departure, such as a remote server, data center, or other cloud-based storage system, can use a public browsing key to encrypt security keys. This public browsing key comes from the user's device, and that device is the only one that can decrypt it.
Moreover, the key to wrapping keeps its contents hidden during the transition and from the operating system, meaning that only the secure hardware can see the key contained in the wrapper.
An example of an application that uses it is Google Pay, which gives several keys in pixels 3 to prevent them from intercepting.
In general, these security features add several additional layers of protection to important information sent to and received from your phone. Google has done a lot with the 3 pixel and Titan M chip to improve security as well.