""This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute," Google's product and security teams said."
""It is becoming insufficient to rely on the binary's signature alone, as a signature cannot guarantee that this particular binary was the intended one to be released to the public by its author," Google said."
""Digital signatures are a certificate of origin, but binary transparency is a certificate of intent.""
Google has expanded Binary Transparency for Android to enhance security against supply chain attacks. This initiative builds on Pixel Binary Transparency, introduced in 2021, which maintains a public cryptographic log of verified operating system software. The new public ledger ensures that Google apps on devices are as intended. The move addresses risks from binary supply chain attacks, which can deliver malicious code while preserving digital signatures. Google emphasizes that binary transparency provides a certificate of intent, unlike digital signatures that only confirm origin.
#binary-transparency #android-security #supply-chain-attacks #software-integrity #cryptographic-logs
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]