Google gave a big boost to secure Android with a new API in the latest operating system release.
Protected Confirmation, the API would take advantage of a hardware-protected user interface (Trusted UI) to perform critical transactions. When an application uses the API, the user is presented with a prompt, asking them to confirm the transaction.
After user confirmation is received, the information is cryptographically authenticated, meaning that Protected Confirmation can better secure the transaction. The Trusted UI, which is in control, keeps the data safe from fraudulent apps or a compromised operating system.
The API can also be used to boost the security of other forms of secondary authentication, such as a one-time password or a transaction authentication number (TAN), mechanisms that fail to provide protection if the device has been compromised, said Janis Danisevskis, information security engineer for Android Security in a post.
“This Trusted UI protects the choices you make from fraudulent apps or a compromised operating system,” Danisevskis said. “When an app invokes Protected Confirmation, control is passed to the Trusted UI, where transaction data is displayed and user confirmation of that data’s correctness is obtained.”
With Protected Confirmation, the confirmation message is digitally signed but, because the signing key only resides in the Trusted UI’s hardware sandbox, it is not possible for malicious apps or compromised operating systems to trick the user into authorizing anything. The signing keys are created using the AndroidKeyStore API.
“Before it can start using Android Protected Confirmation for end-to-end secure transactions, the app must enroll the public KeyStore key and its Keystore Attestation certificate with the remote relying party. The attestation certificate certifies that the key can only be used to sign Protected Confirmations,” Danisevskis said.
Android Protected Confirmation makes other use cases possible as well, such as person-to-person money transfers, authentication, and medical device control.