Android Binary Transparency enables users to trust and gain higher confidence in the binaries (e.g. apps, OS, firmware) that are executing on their devices. This is made possible when users can trace a specific binary (including the firmware itself) that is executing on their devices back to the original source (where available) and verify that it has not been modified or tampered with, even by adversaries that may have access to the binary's signing keys.
Overview
Software supply chains are increasingly vulnerable to attacks, ranging from compromised signing keys to surreptitious code injection to insider attack.
To build greater confidence and trust in the software we rely on, we can create a transparency log with the following properties:
- Append only: content of the log cannot be deleted, modified, or retroactively inserted undetectably
- Cryptographically assured: guarantee the append-only property by leveraging the Merkle tree data structure
- Publicly auditable: anyone can query the contents of the log
Publishing the metadata of software as log content can increase confidence in the binaries we trust and run by providing a verifiable record of their provenance.
Projects
To date, we have launched two logs: