One of the frustrating things experienced by law enforcement officials and agencies is trying to get into the phone of a suspect. This is because companies such as Apple and Google have made it so that only the users themselves know the passwords to their phones (assuming they use one), so even if they wanted to, they couldn’t unlock devices remotely.
Now it looks like Google has decided to extend that same level of security of Android backups, where they are now encrypting all of your phone’s backup and using your phone’s lockscreen password as the encryption key. This means that should law enforcement officials request data from your backup, Google will not be able to unlock it as the password will only be known by you, and in countries such as the US, there are laws that prevent people from incriminating themselves.
According to Google, “This decryption key is encrypted using the user’s lockscreen PIN/pattern/passcode, which isn’t known by Google. Then, this passcode-protected key material is encrypted to a Titan security chip on our datacenter floor. The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user’s passcode. Because the Titan chip must authorize every access to the decryption key, it can permanently block access after too many incorrect attempts at guessing the user’s passcode, thus mitigating brute force attacks.”
This seems to be an Android Pie feature which means that if your device has already been updated to Android Pie, then your Android backups should be protected by this new feature.
Filed in. Read more about Android, Android 9.0 Pie, Google and Security.