Google sets up Android group for future car keys, national ID, e-wallets

Google readies the Android ecosystem for enabling new key and ID functionality built on applets that run inside secure elements.

Google has set up the Android Ready SE Alliance to support the adoption of Android smartphones and wearables as digital keys, identity documents, and wallets for digital cash.

As part of the alliance's inauguration, Google has launched the general availability (GA) version of the StrongBox for SE applet. SE stands for Secure Element, a discrete tamper-resistant piece of hardware, such as Google's Titan M chip. 

While most modern phones have an SE, the alliance is about standardising multiple Android OEMs around the way Pixel devices use the Titan M chip as a tamper-resistant hardware enclave. Android's StrongBox, which runs on this hardware enclave on Pixel phones, is used for storing cryptographic keys in an environment that's isolated from the CPU.  

SEE: IoT: Major threats and security tips for devices (free PDF) (TechRepublic)

Google notes that StrongBox and Titan M-like hardware will be important for emerging user features, including digital keys for your car, home and office, identification documents such as mobile driver's licence (mDL), National ID, and ePassports, and Wallet for digital money.

The SE alliance is working with Google to create open-source and validated SE applets, such as StrongBox for SE. This applet is available from alliance members, including chip makers Giesecke+Devrient, Kigen, NXP, STMicroelectronics, and Thales.

Google is confident in the security of its Titan M chip and sees it as important enough to warrant a $1 million reward for anyone who finds a way to achieve a full chain remote code execution exploit with persistence that compromises data protected by the chip.      

Additionally, StrongBox is applicable to WearOS, Android Auto Embedded, and Android TV devices.

Android phone brands or OEMs will need to pick validated hardware from an SE alliance vendor and to work with Google to provision Attestation Keys/Certificates in the SE factory. Android OEMs will also need use the GA version of the StrongBox for SE applet, adapted to the specific SE in use.

SEE: Google: Here's how we're toughening up Android security

Google notes that it is prioritising the development of applets for mobile driver's licence and identity credentials, as well as digital car keys for future Android releases.

"A major goal of this alliance is to enable a consistent, interoperable, and demonstrably secure applets across the Android ecosystem," Google says on its page for the Android Ready SE Alliance.

"Validated implementations of Android Ready SE applets build even stronger trust in the Android Platform. OEMs that adopt Android Ready SE can produce devices that are more secure and allow for remote updates to enable compelling new use cases as they are introduced into the Android platform."