Google has announced a new feature called Pixel Binary Transparency, allowing users to manually verify the authenticity of their Pixel firmware. This feature aims to combat software supply chain attacks, where software is compromised before reaching users.
In addition to the existing Android Verified Boot feature, which checks the source of firmware, Pixel Binary Transparency enables users to confirm if they are running a trusted version of Android on their Pixels. Google achieves this by generating a public cryptographic log containing metadata for factory firmware images. Pixel owners can then use this log to verify that their firmware comes directly from Google and has not been tampered with.
The Pixel maker states that the information in the log cannot be altered to match a tampered version of the software without detection. However, it is worth noting that most users will not need to utilize this feature, as Android Verified Boot already ensures the authenticity of the firmware.
Instructions for using the Pixel Binary Transparency feature can be found on this page, which requires connecting to the device via ADB (Android Debug Bridge). It is important to mention that this feature may not be available on smartphones from other brands at this time, as it is currently Pixel-exclusive. However, it would be interesting to see other manufacturers implement similar capabilities.
By introducing Pixel Binary Transparency, Google is taking another step to enhance the security of its devices and protect users against potential supply chain attacks.