The Pixel 4a was announced last Monday and has another week to go before it becomes available. On the security front, it has a Titan M chip and three year updates. Google also announced today that the phone, along with the Pixel 4, is the first Android device to launch ioXt certification.
The Internet of Secure Things Alliance (ioXt) is behind a security assessment program for connected devices, such as smartphones, smart speakers, and lighting. It has more than 200 members and is intended to “enable users, businesses, regulators and other stakeholders to understand the security of related products in order to raise awareness of how these products protect the security and privacy of users.”
The core focus of ioXt is “setting security standards that bring security, upgradeability and transparency to the market and directly into the hands of consumers.” This is achieved by assessing devices based on a set of requirements and relying on publicly available evidence.
An ioXt Android profile includes a number of factors with multiple rating levels (1-4): biometric authentication strength, security update frequency, length of security-supported lifecycle, vulnerability detection quality program, and minimal app risk risks.
One ‘criteria’ for the program is ‘Security by default’, which values ’devices’ by cumulatively scoring the risk for all preloads on a given device. ‘This has been an area of concern for some security researchers. Google and partners created an open source “Uraniborg” tool to analyze devices and generate a raw score.
For this particular measurement, we worked with a team of university experts from the University of Cambridge, University of Strathclyde, and Johannes Kepler University in Linz, who created a formula that considers the risk of platform-signed apps, pregrate access rights on preloaded apps, and apps communicate with clear text traffic.
For Google, obtaining this rating “provides greater confidence in the security requirements we place on our users.” All future Pixel phones will be submitted to get ioXt certification.
FTC: We use revenue earned by auto-affiliate links. More.
Check out 9to5Google on YouTube for more news:
