Pixel Security

Just FYI in case anyone is considering buying a Pixel: I strongly urge you not to. <a href="http:&#x2F;&#x2F;kasrarahjerdi.com&#x2F;2016&#x2F;11&#x2F;dont-buy-anything-made-by-google&#x2F;" rel="nofollow">http:&#x2F;&#x2F;kasrarahjerdi.com&#x2F;2016&#x2F;11&#x2F;dont-buy-anything-made-by-g...</a><p>They have no Google provided support, if you drop the phone and break it your only option (if you didn&#x27;t buy the third-party warranty upsell) is to take it to a repair shop. I called the ones near me, none had seen or touched the device before.<p>Don&#x27;t spend $800 on a phone that you can&#x27;t send back to the manufacturer to repair.<p>Edit: I originally said &quot;they have no warranty&quot; and people seem to have understood that as &quot;they don&#x27;t provide free repairs&quot; -- what I&#x27;m trying to say is that this phone is supposedly a competitor to Apple, but if you break it you can&#x27;t walk to the Apple Store and ask them how much it&#x27;d be for a repair. You can&#x27;t send it in the mail to them either. You have to go to an authorized third-party repair shop. That does not sound like first-class flagship $800 product support to me.

Google security is so strong, they&#x27;ll even lock you out of your own account when changing cities, with no chance to get it reinstated :<p><a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;Android&#x2F;comments&#x2F;5dif8j&#x2F;psa_google_can_lock_your_account_forcing_you_to&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;Android&#x2F;comments&#x2F;5dif8j&#x2F;psa_google_...</a>

I would really love to see Google tackle fixing the security problems presented by the radio chip. A closed source esoteric firmware full of vulnerabilities that has DMA on your primary CPU and is remotely exploitable by state and private actors? Not to mention that it&#x27;s an entry point into a device that&#x27;s always on your person, has all of your contacts, emails, text messages, and phone calls, and has a GPS module in it. The radio is a <i>huge</i> problem and dramatically outweighs any other security concerns on a phone imo.

&quot;We then modified the inline encryption block driver to pass this to the hardware. As with ext4 encryption, keys are managed by the Linux keyring. To see our implementation, take a look at the source code for the Pixel kernel.&quot;<p>It doesn&#x27;t sound like they got these changes into mainline. They link here to their source: <a href="https:&#x2F;&#x2F;android.googlesource.com&#x2F;kernel&#x2F;msm&#x2F;+&#x2F;android-msm-marlin-3.18-nougat-dr1&#x2F;fs&#x2F;ext4&#x2F;crypto_key.c" rel="nofollow">https:&#x2F;&#x2F;android.googlesource.com&#x2F;kernel&#x2F;msm&#x2F;+&#x2F;android-msm-ma...</a><p>From that file:<p><pre><code> &#x2F;* TODO(mhalcrow): Just for proof-of-concept *&#x2F; </code></pre> WHOOPS!

Isn&#x27;t the pixel the phone that was just pwned inside 60 seconds by security researchers?<p>And doesn&#x27;t google have a terrible track record of releasing data to federal agencies?<p>So, aside from purchasing a phone that is built by data-mining, internet advertising giant, google can&#x27;t even begin to make the claim that they value user security.

Kinda neat they link directly to some source code in a blog post.

I trust this as far as I can throw it. Trustzone is at best as secure as the Trustzone secure world kernel, Qualcomm supplies that code (even in the Pixel AFAIK), and the Qualcomm secure world kernel is notoriously poorly written.

Countries with stronger consumer protection laws should have much less of an issue with warranties. My father dropped his Nexus 5 about 11 months after he bought it and Google provided a replacement really promptly.

While all devices have security issues, not too comforted by this:<p><a href="http:&#x2F;&#x2F;thehackernews.com&#x2F;2016&#x2F;11&#x2F;google-pixel-phone-hacked.html" rel="nofollow">http:&#x2F;&#x2F;thehackernews.com&#x2F;2016&#x2F;11&#x2F;google-pixel-phone-hacked.h...</a>

I have not seen so many gotos in many many years. I guess it&#x27;s the programming model in this case. I am sure this bit of code is going to be audited quite closely.

Is this meant to be a sort of <i>generic</i> response to this issue? (which they still don&#x27;t seem to be addressing here)<p><a href="https:&#x2F;&#x2F;plus.google.com&#x2F;u&#x2F;0&#x2F;+DeesTroy&#x2F;posts&#x2F;R7V3knn3f1s" rel="nofollow">https:&#x2F;&#x2F;plus.google.com&#x2F;u&#x2F;0&#x2F;+DeesTroy&#x2F;posts&#x2F;R7V3knn3f1s</a><p>Or perhaps to this?<p><a href="http:&#x2F;&#x2F;www.theregister.co.uk&#x2F;2016&#x2F;11&#x2F;11&#x2F;google_pixel_pwned_in_60_seconds&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.theregister.co.uk&#x2F;2016&#x2F;11&#x2F;11&#x2F;google_pixel_pwned_i...</a><p>Still waiting on Google to at least match, if not surpass, Apple&#x27;s long-term support in regards to updates (which is about twice as much what Google offers right now, even though the Pixel has identical prices to the iPhones, at every level).

Pixel&#x2F;Google does not motivate a threat model under which to evaluate or understand their design and marketing promises, but we can take a hint from &quot;protects your data if your phone falls into someone else&#x27;s hands.&quot; - Namely thefts of opportunity.<p>Unlike other phone manufacturers, Google does not promise potential customers that your data will be protected from Google, it&#x27;s partners and from law enforcement and mass surveillance programmes.<p>Therein this product doesn&#x27;t provide a stronger security posture that competitors - and furthermore it&#x27;s threat model and security properties do not meet what are in my opinion minimal reasonable requirements.

meanwhile we still have to deal with a SIM and the baseband is a whole other clusterfuck entirely...<p>Can the users actually get the keys to their own stuff?

And as a bonus, if you onsell it, we&#x27;ll wipe your Google account without warning.

Sorry - not post related:<p>#2 spot on HN, 2 comments, submitted 28 minutes ago.<p>Is this normal? Never seen that happen on HN before. Just curious

Does android still backup WiFi passwords in plaintext?

Encryption is all well and good but I feel like Google&#x27;s handling of root causes a lot of issues.<p>There are a lot of pretty basic things (like ad blocking or monitoring battery usage) that require root, which severely impacts the security of the device.<p>EDIT: Okay, I stand corrected on ad blocking. Access to detailed battery stats however is locked behind the BATTERY_STATS permission which isn&#x27;t accessible to anything except for system apps. That aside, there are other basic things like backup that also require root.

Given recent news about mass surveillance, it&#x27;s important to note that Pixel&#x27;s security model does not and can not seek to protect your data for use for private messaging, conversation with attorneys, for journalists, or to organize for political reasons.<p>If you are interested in a communications device that can be used for any of these things, Pixel&#x27;s security model will not cover you and you will need to look for an alternative product.