In short: Google is introducing Titan security chip-based protection directly into its Android smartphone backups at the server level beginning in Android 9 Pie, the company said. What's more, backed-up applications and associated data won't be accessible, even by Google, the company says. That's because the encrypted data can only be decrypted by a randomly generated key that's encrypted using the user's own lock screen security – whether that's a PIN, pattern, or passcode. Once that's done, the passcode-protected material is encrypted in the company's servers via a Titan security chip and can only be released using a key derived from that passcode or other lock screen security method. The Titan chip also has to authorize access every time and will permanently block access if it senses that the inflowing attempts to access the data are guesses. The number of guesses allowed is managed by Titan firmware and that can't be updated without completely erasing the stored data.
Background: Android backups have been in place since at least Android 2.2 Froyo and automatic backups have been featured at the OS level since Android 6.0 Marshmallow. However, this marks the first time that the company's latest Titan security technologies have been a part of that process, starting at the user-end and basing that on key-generation processes that even Google would have some difficulty getting around. For clarity, these Titan security standards are presumably the same as those found in the company's latest flagship smartphones and Chromebooks, the Pixel 3, Pixel 3 XL, and Pixel Slate. However, whereas those devices use a dedicated chipset built into the hardware itself, the new Android Backup Service would implement it through a software process at the server side, protecting data that's in the cloud. Google also says that the efforts to get the feature ready were not only undertaken by its own in-house development teams. Instead, the team brought in outside help from third-party risk mitigation and security experts at NCC Group. The security audit revealed that there were a few unspecified errors which were fixed before this service launched, with at least a few devices already running the newest iteration of Android OS. In the end, the third-party evaluation showed that the security design process, code quality, and mitigations for known attack vectors are ready for real-world service.
Impact: Since the service is effectively on the server side of things, users shouldn't need to update their handset's firmware to take advantage of the new feature either. Instead, the integration has occurred directly on Google's Android Backup Service. So backups should automatically be encrypted to the Titan security technology wherever available and the decryption and encryption process should occur when a backup is generated. In effect, the announcement is Google's way of letting users know that they've made this change to how backups are stored on their end.