← Back to context

Comment by marcprux

2 days ago

> you think Google didn't already sign up to this?

My understanding is that Android's Google Drive backup has had an E2E encryption option for many years (they blogged about it at https://security.googleblog.com/2018/10/google-and-android-h...), and that the key is only stored locally in the Titan Security Module.

If they are complying with the IPA, wouldn't that mean that they must build a mechanism into Android to exfiltrate the key? And wouldn't this breach be discoverable by security research, which tends to be much simpler on Android than it is on iOS?

86 comments

marcprux

Reply
nomel  1 day ago

My assumption is that Google has keys to everything in its kingdom [1].

[1] https://qz.com/1145669/googles-true-origin-partly-lies-in-ci...

  • marcprux  1 day ago

    > My assumption is that Google has keys to everything in its kingdom

    If that were true, then their claims to support E2E encrypted backups are simply false, and they would have been subject to warrants to unlock backups, just like Apple had been until they implemented their "Advanced Data Protection" in 2022.

    Wouldn't there have been be some evidence of that in the past 7 years, either through security research, or through convictions that hinged on information that was gotten from a supposedly E2E-protected backup?

    • scripturial  1 day ago

      It is possible to set up end to end encryption where two different keys unlock your data. Your key, and a government key. I assume google does this.

      1. encrypt data with special key 2. encrypt special key with users key, and 3. encrypt special key with government key

      Anyone with the special key can read the data.the user key or the government key can be used to get special key.

      This two step process can be done for good or bad purposes. A user can have their key on their device, and a second backup key could be in a usb stick locked in a safe, so if you loose your phone you can get your data back using the second key.

      56 replies →

    • reshlo  1 day ago

      Is the source code for every binary blob present on an Android device available for inspection, and is the code running on every Android device verifiable as having been built from that source?

      > or through convictions

      If they wanted to use this evidence for a normal criminal case, they would just do parallel construction.

    • ajb  20 hours ago

      It's worth noting that what the security services don't have access to is as secret as what they do have access to. According to the late Ross Anderson, for many years the police were unable to trace calls (or was it internet access?) on one of the major UK mobile networks, because it had been designed without that and in such a way that it was hard to retrofit. This was considered highly confidential, lest all the drug dealers etc switch to that network.

    • dylan604  1 day ago

      Would it be possible that they feel that the revelation of this backdoor would be too big of a loss so that any of these theoretical cases of the past 7 years have used parallel construction to avoid revealing the encrypted data was viewed?

      1 reply →

    • autoexec  1 day ago

      > Wouldn't there have been be some evidence of that in the past 7 years, either through security research, or through convictions that hinged on information that was gotten from a supposedly E2E-protected backup?

      I wouldn't count on it. The main way we'd know about it would be a whistleblower at Google, and whistleblowers are extremely rare. Evidence and court records that might expose a secret backdoor or that the government was getting data from Google that was supposed to be private could easily be kept hidden from the public by sealing it all away for "national security reasons" or by obscuring it though parallel construction.

      5 replies →

    • menacingly  1 day ago

      I don't know the particulars, but in general, silence around a massive tech company on warrants does not mean "they said no and the feds decided to leave them alone"

    • jiggawatts  1 day ago

      A trivial method for circumventing code review is to simply push a targeted update of the firmware to devices subject to a government search order.

      There are no practical end-user protections against this vector.

      PS: I strongly suspect that at least a few public package distribution services are run by security agencies to enable this kind of attack. They can distribute clean packages 99.999% of the time, except for a handful of targeted servers in countries being spied upon. A good example is Chocolatey, which popped up out of nowhere, had no visible source of funding, no mention of their ownership structure anywhere, and was incorporated along with hundreds of other companies in a small building in the middle of nowhere. It just screams of being a CIA front, but obviously that's hard to prove.

      3 replies →

  • tim333  20 hours ago

    I doubt it. Much to my annoyance they moved Google Maps Timeline from their database to an encrypted copy on my phone specifically so if law enforcement asks for the records of where you were at a given time and place they can say dunno, can't tell. If they had the keys it would wreck their legal strategy not to get hassled every time law enforcement are trying to track someone.

  • skybrian  1 day ago

    The linked article makes a lot of assumptions about the "Massive Digital Data Systems Program". It seems this program existed. For example, here is a 1996 paper [1] about research funded by the "Massive Digital Data Systems (MDDS) Program, through the Department of Defense."

    But it's not clear that funding for early research into data warehousing (back when a terabyte was a lot of data) has anything to do with whether or not Google uses end-to-end encryption? Lots of research got funded through the Department of Defense.

    Without having relevant evidence, this is just "let's assume X is true, therefore X is true."

    [1] https://papers.rgrossman.com/proc-047.htm

  • GeekyBear  1 day ago

    Google didn't announce that they could no longer process geofence warrants because they no longer stored a copy of user location data on their servers until last October.

    How much good does an encrypted device backup do when harvesting user data and storing it on your servers (to make ad sales more profitable) is your entire business model?

  • yellow_lead  1 day ago

    This would mean no independent security researcher has ever taken a look at Google Drive's E2EE on Android. Or those that did missed the part where the key is uploaded.

    It's possible to decrypt this network traffic and see if the key is sent. It may be obfuscated though.

EduardoBautista  1 day ago

Apple's ADP is not E2E for only its backups, it's E2E for _everything_ in iCloud Drive and a few other iCloud services.