| ▲ | lxgr a day ago | |||||||
Android actually supports secure transaction confirmation on Pixel devices using a secure second OS that can temporarily take control of the screen and volume button as secure input and output! https://android-developers.googleblog.com/2018/10/android-pr... This is really cool and goes beyond the usual steps of securing the key, but handling "what you see is what you sign" and key usage user confirmation at the OS level, which can be compromised much more easily (both input and output). | ||||||||
| ▲ | tadfisher 18 hours ago | parent [-] | |||||||
Protected Confirmation was deprecated a while back, unfortunately: https://android.googlesource.com/platform//system/security/+... Quote: "Android Protected Confirmation is deprecated due to the high support/maintenance cost for Android device makers and low adoption rate among app developers. APC requires Android device makers to have a substantial amount of device-specific UI code running in the trusted execution environment. That has proven to be expensive to maintain and non-scalable, as there cannot be a single implementations device makers can share or use as a reference. Additionally, app developers have not adopted this feature, as the Android platform offers other mechanisms for authentication a user's intent. These mechanisms, such as authentication-bound Keystore keys, are less secure than Trusted UI, but are more wide-spread. While we explore alternatives to APC that are viable to the device makers ecosystem, we sunset the APC API." | ||||||||
| ||||||||