Joe Maring/Android Authority
TL;DR
- Google has announced a new OS verification tool for Android 17.
- In addition to looking for on-device red flags, the tool includes a verification mode that requires a second device.
- While it’s not functional yet, we’re starting to get a look at how this two-device workflow will work.
Knowing that the software running on your phone is coming from a trusted source is probably the most important thing you can do to keep your device secure. Google already gives us plenty of tools to stay on top of it, from Android Verified Boot to Pixel Binary Transparency. Earlier this month, the company shared that it was preparing a new way for users to verify the integrity of its OS, which was supposed to arrive with Android 17. And thanks to yesterday’s release of QPR1 Beta 3, we now have an early look at how it’s shaping up.
whether Tools to Verify Firmware Actually taking advantage of those that already exist… has been complicated, to put it mildly. Unless you were a developer or a user with particularly acute security concerns, the manual authentication process probably wasn’t worth your time. But with Android 17’s OS verification screen, Google has started streamlining that process.
Don’t want to miss the best of Android Authority?
Here’s the new OS verification screen that Google is adding in Android 17:
assembledebug/androidauthority
By clicking the “About” button below, we can view Google’s documentation for the tool:
We also see a large number of text strings that appear to describe the workflow for using the verification system:
code
Use a computer, tablet, or phone you trust.
Another device with a browser
You can double-check if your Android version is authentic by using a trusted second device.
Verify with another device
On your other device, go to the URL shown on the next screen.
Using this device, scan the QR code that appears on your other device.
Check that the information on both screens is identical.
I'm ready
Using your other device, scan this QR code or enter the web address below. Follow the instructions, then return here to continue.
Visit this web address with your other device
Check that you're on the right web address
This sends over your device's unique information known as identifiers for the other device to verify.
Scan the QR code on your other device
This may take a few moments
Sending your device information…
Compare the device information below with those on your other device to make sure they match.
Verification complete
If the information on both devices do not match, this device may be using an unsafe version of Android with security risks.
What you'll need Basically, you’ll need two devices: one you already trust, and one you want to verify. Once you start the process, the device to be verified will generate a unique identifier based on the software running on it, and then share it with your trusted device via QR code. You will then need to compare the information shown on the screen on both devices – if it matches, everything is fine. If it doesn’t, you may be dealing with a compromised OS install.
At present, we do not see this process becoming more active.
assembledebug/androidauthority
Attempting to scan a QR code appears to be stuck due to no app being assigned yet to handle that transparency:// protocol. Whether that’s eventually going to become its own standalone app, or be built into something else, we can’t say yet.
Hopefully, with future Android beta releases we’ll start to get an even more complete picture of this feature – including the opportunity to see it successfully in action.
⚠️ One tearing apk Helps to predict future features of a service based on work-in-progress code. However, it is possible that such predicted features may not make it to the public release.
Thank you for being a part of our community. Please read our comment policy before posting.
