Pixel Binary Transparency to Better Protect Pixel Owners Against Supply Chain Attacks

Google has introduced a new feature named Pixel Binary Transparency that will enhance the security of Pixel devices by making sure you’re running a trusted Android installation.

Among the most significant cybersecurity risks are supply chain attacks in which hackers actually compromise a piece of code that eventually makes its way into a finished product. There are numerous examples of such intrusion and the trend is likely to pick up steam. The best way to fight it is to ensure that the software ending up on a device, in this case a Pixel phone or tablet, is correct.

“Pixel Binary Transparency is a public, cryptographic log that records metadata about official factory images,” explained Google in a post. “With this log, Pixel users can mathematically prove that their Pixels are running factory images that match what Google released and haven’t been tampered with.”

“The Pixel Binary Transparency log is cryptographically guaranteed to be append-only, which means entries can be added to the log, but never changed or deleted,” Google added. “Being append-only provides resilience against attacks on Pixel images as attackers know that it’s more difficult to insert malicious code without being caught, since an image that’s been altered will no longer match the metadata Google added to the log.”

The idea behind Pixel Binary Transparency was first announced in 2021. Only now is it finally making its way onto devices, more precisely, Google Pixel.

This is not the only security measure in place. Android Verified Boot is already implemented in most devices, which already includes verification of the hash of the code and data contents and checks of the validity of the cryptographic signature.

In fact, Google plans to add more security checks to increase resilience against software supply chain attacks.