Hacker News new | ask | show | jobs
by thanatos_dem 3081 days ago
No real benefits that I’m aware of, and until Google starts to care about privacy more I wouldn’t expect them to invest in developing a secure coprocessor like the Secure Enclave, so you’ll probably be limited to 3rd party alternatives such as yubikey for the foreseeable future.
3 comments
lrvick 3081 days ago
The Android team has actually made a lot of progress on this front, and unlike solutions by Apple, Google lets their solution be audited by anyone as they release all the source code.

Android has the hardware backed Keystore API for interacting with secure elements. Integration for this started in android 6.0 and is mandatory in 8.0.

https://source.android.com/security/keystore

https://android-developers.googleblog.com/2017/09/keystore-k...

link
616c 3081 days ago
I will check this out but as the guy in the 34C3 talk said, and he makes his living in building NFC payment solutions for bank and payment integration, heterogenous vendors with little reward is why they, meaning Google Android and others, moved to host card emulation with ephemeral tokens; structurally and technically only Apple has the supply chain and volume for their ecosystem to make it happen for secure elements, aka secure enclave as it is known in these payment processing workflows.
link
dweekly 3080 days ago
Here is some information about the secure coprocessor that Google has invested in developing - and shipped with Pixel 2. https://www.blog.google/products/android-enterprise/how-pixe...

Disclaimer: I work for Google but not on this.

link
kakarot 3081 days ago
Google doesn't design android hardware outside of their own models. It's not within Google's power (realistically speaking) to force all hardware vendors to start manufacturing secure enclave.

This evolution in hardware design will start at the top companies and young startup companies (far and few between in the cellphone market) and trickle down to the rest as the price becomes commoditized.

link
paulie_a 3081 days ago
It is within their power: "play store now requires secure enclave for new devices"
link
thomashabets2 3080 days ago
And that's how Amazon's Android play store wins. Or Samsung's, or one of the other ones.

Google by design isn't the dictator of the entire ecosystem. Not like Apple. Nowhere near.

link
veeti 3080 days ago
Every modern SoC has TrustZone.
link