Skip to main content

Google launches ‘Android Ready SE Alliance’ to drive adoption of digital keys, mobile IDs

Smartphones have already obviated single-purpose gadgets like point-and-shoot cameras and MP3 players. Google today announced the Android Ready SE Alliance to make sure new phones have the underlying hardware to eventually replace car/home keys and wallets. 

“Emerging user features” — digital keys, mobile driver’s license (mDL), national ID, ePassports, and eMoney solutions (wallets) — require two things. The first is tamper-resistant hardware, like the Pixel’s Titan M chip, which makes possible tamper-resistant key storage for Android apps (to store data) called StrongBox.

All these features need to run on tamper-resistant hardware to protect the integrity of the application executables and a user’s data, keys, wallet, and more. Most modern phones now include discrete tamper-resistant hardware called a Secure Element (SE).

Google has determined that “SE offers the best path for introducing these new consumer use cases in Android.” To “accelerate adoption,” the company and partners (Giesecke+Devrient, Kigen, NXP, STMicroelectronics, and Thales) today announced the Android Ready SE Alliance.

Site default logo image

SE vendors are joining hands with Google to create a set of open-source, validated, and ready-to-use SE Applets. Today, we are launching the General Availability (GA) version of StrongBox for SE. This applet is qualified and ready for use by our OEM partners.

Besides phones, StrongBox is also available for Wear OS, Android Auto Embedded, and Android TV. Google says it’s currently focusing on digital car keys, mobile driver’s license, and other identity credentials, with unnamed “Android OEMs adopting Android Ready SE for their devices.” The Android Ready SE Alliance process involves:

  1. Pick the appropriate, validated hardware part from their SE vendor
  2. Enable SE to be initialized from the bootloader and provision the root-of-trust (RoT) parameters through the SPI interface or cryptographic binding
  3. Work with Google to provision Attestation Keys/Certificates in the SE factory
  4. Use the GA version of the StrongBox for the SE applet, adapted to your SE
  5. Integrate HAL code
  6. Enable an SE upgrade mechanism
  7. Run CTS/VTS tests for StrongBox to verify that the integration is done correctly

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com