Connect with us

Gadgets

Google wants to standardize digital car key and ID support on Android

Published

on

Enlarge / The Android Ready SE logo.

Google

OK, it’s time to head out the door, so make sure you’ve got your phone, keys, and wallet.

That’s a lot of items to carry around, so what if you only had to bring your phone? After all, your keys and wallet are just legacy authentication devices. We could totally replace them with a phone! That’s the future Google is working toward as it pushes Android forward with support for driver’s licenses and digital car keys.

Google’s latest announcement details work to standardize an Android ecosystem around hardware and software, called the “Android Ready SE Alliance,” that will make all this work. “SE” here is “secure element,” a hardware component quarantined from the rest of the system, designed to only run secure computing tasks like an NFC payment. The idea is that phone manufacturers will be able to buy an “Android Ready SE” from secure element vendors like NXP, Thales, STMicroelectronics, Giesecke+Devrient, and Kigen, and Google says that these SE vendors are “joining hands with Google to create a set of open-source, validated, and ready-to-use SE Applets” that will support these emerging use cases.

With this new SE standardization effort, Google wants to support “digital keys” for your car, home, and office; mobile driver’s licenses; national IDs; ePassports; and the usual tap-and-go payments. Google notes that this initiative isn’t just for phones and tablets; Wear OS, Android Automotive, and Android TV are also supported. Having a car key in your watch or a driver’s license in your car computer sounds like a great idea, but Android TV? Why would I want a driver’s license in my television?

Google lays out the full requirements for Android Ready SE:

  1. Pick the appropriate, validated hardware part from their SE vendor
  2. Enable SE to be initialized from the bootloader and provision the root-of-trust (RoT) parameters through the SPI interface or cryptographic binding
  3. Work with Google to provision Attestation Keys/Certificates in the SE factory
  4. Use the GA version of the StrongBox for the SE applet, adapted to your SE
  5. Integrate HAL code
  6. Enable an SE upgrade mechanism
  7. Run CTS/VTS tests for StrongBox to verify that the integration is done correctly

What’s not clear from Google’s announcement is the difference between supporting StrongBox, Android’s usual standard for a tamper-resistant hardware security module, and being certified for “Android Ready SE.” StrongBox modules include their own CPU, secure storage, and a true random number generator, and they communicate with the rest of the system over the Keymaster HAL. StrongBox has been supported on Qualcomm chips through the Qualcomm “Secure Processing Unit” (SPU) since 2018’s Snapdragon 845. Today it looks like even the low end of Qualcomm’s lineup, like the Snapdragon 460, contains a Secure Processing Unit.

Qualcomm’s SPU isn’t good enough?

Qualcomm is conspicuously absent from Google’s blog post and the list of supported chipsets, so is the whole point of this initiative to say that on-die secure elements are not good enough? Google’s Pixel team has certainly moved in that direction with the development of the Titan M Security Chip in the Pixel 3 and up, and Samsung is building its own secure element now, too, for flagship phones. (Samsung is also not mentioned in Google’s blog post.) The post says that “most modern phones now include discrete tamper-resistant hardware called a Secure Element (SE)” and that “this SE offers the best path for introducing these new consumer use cases in Android.” This might lead one to believe the blog post is pushing for off-die secure elements, but it’s not clear how Google can use the word “most” if it’s not counting Qualcomm’s SPU. We’ve asked for clarification and will update this report if the company gets back to us.

Google is not the only company trying to lighten your daily loadout. Apple is working on digital IDs and car keys for iPhones, and Samsung is partnering with individual car manufacturers to try to beat Google to the punch on Android. There have also been plenty of one-off car key apps from companies like BMW and Tesla.

For now, Google says it’s prioritizing Mobile driver’s licenses and car keys. The company says it’s working with the ecosystem to deliver the SE applets for these two use cases “in conjunction with corresponding Android feature releases.” The Android feature release for mobile driver’s licenses is the Identity Credential API that launched with Android 11. The holdup here is mostly that your local government agency needs to both pass a law authorizing digital IDs and then make a digital ID app. As far as we can tell, there is not an Android feature release for digital car keys yet, even in Android 12. When that gets announced, it will hopefully support the Car Connectivity Consortium’s Digital Key standard, which would put Android and iOS on the same car key standard.

We’ll be on the lookout.

Continue Reading

Gadgets

Apple reaches quiet truce over iPhone privacy changes

Published

on

Enlarge / A privacy notice appears on an iPhone 12 under the new iOS 14.5.1 operating system. Developers of an application have to ask for the user’s permission to allow cross-app tracking.

Picture Alliance | Getty Images

Apple has allowed app developers to collect data from its 1 billion iPhone users for targeted advertising, in an unacknowledged shift that lets companies follow a much looser interpretation of its controversial privacy policy.

In May Apple communicated its privacy changes to the wider public, launching an advert that featured a harassed man whose daily activities were closely monitored by an ever-growing group of strangers. When his iPhone prompted him to “Ask App Not to Track,” he clicked it and they vanished. Apple’s message to potential customers was clear—if you choose an iPhone, you are choosing privacy.

But seven months later, companies including Snap and Facebook have been allowed to keep sharing user-level signals from iPhones, as long as that data is anonymised and aggregated rather than tied to specific user profiles.

For instance Snap has told investors that it plans to share data from its 306 million users—including those who ask Snap “not to track”—so advertisers can gain “a more complete, real-time view” on how ad campaigns are working. Any personally identifiable data will first be obfuscated and aggregated.

Similarly, Facebook operations chief Sheryl Sandberg said the social media group was engaged in a “multiyear effort” to rebuild ad infrastructure “using more aggregate or anonymized data”.

These companies point out that Apple has told developers they “may not derive data from a device for the purpose of uniquely identifying it.” This means they can observe “signals” from an iPhone at a group level, enabling ads that can still be tailored to “cohorts” aligning with certain behavior but not associated with unique IDs.

This type of tracking is becoming the norm. Oren Kaniel, the chief executive of AppsFlyer, a mobile attribution platform that works with app developers, said that when his company introduced such a “privacy-centric” tool based on aggregated measurement in July 2020, “the level of pushback that we received from the entire ecosystem was huge.”

But now such aggregated solutions are the default for 95 percent of his clients. “The market changed their minds in a radical way,” he said.

It is not clear whether Apple has actually blessed these solutions. Apple declined to answer specific questions for this article but described privacy as its North Star, implying it was setting a general destination rather than defining a narrow pathway for developers.

Cory Munchbach, chief operating officer at customer data platform BlueConic, said Apple had to stand back from a strict reading of its rules because the disruption to the mobile ads ecosystem would be too great.

“Apple can’t put themselves in a situation where they are basically gutting their top-performing apps from a user-consumption perspective,” she said. “That would ultimately hurt iOS.”

For anyone interpreting Apple’s rules strictly, these solutions break the privacy rules set out to iOS users.

Lockdown Privacy, an app that blocks ad trackers, has called Apple’s policy “functionally useless in stopping third-party tracking.” It performed a variety of tests on top apps and observed that personal data and device information is still “being sent to trackers in almost all cases.”

But the companies aggregating user-level data said the reason apps continue to “leak” information such as a user’s IP address and location was simply because some require such information to function. Advertisers must know certain things such as the user’s language or the device screen size, otherwise the app experience would be awful.

The risk is that by allowing user-level data to be used by opaque third parties so long as they promise not to abuse it, Apple is in effect trusting the very same groups that chief executive Tim Cook has lambasted as “hucksters just looking to make a quick buck.”

Companies will pledge that they only look at user-level data once it has been anonymized, but without access to the data or algorithms working behind the scenes, users won’t really know if their data privacy has been preserved, said Munchbach.

“If historical precedent in adtech holds, those black boxes hide a lot of sins,” she said. “It’s not unreasonable to assume it leaves a lot to be desired.”

© 2021 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.

Continue Reading

Gadgets

Roku vs. Google drama winds down as companies forge multi-year YouTube deal

Published

on

Enlarge / Roku’s 4K Streaming Stick.

Roku

Roku and Google have arrived at a multi-year deal that will keep the YouTube and YouTube TV apps available on Roku’s devices, Roku announced on Twitter this morning. The agreement comes months after the YouTube TV app was pulled from the Roku Channel Store and just one day before the regular YouTube app would have been removed from the store.

Specific terms of the deal haven’t been announced, including how many years “multi-year” means and whether Roku will begin adding decoding support for the AV1 video codec to its hardware. We also don’t know whether the $65-per-month YouTube TV service will return to the Roku store as its own dedicated app or if it will continue to be rolled into the main YouTube app, as it has been since Google added it there to sidestep Roku’s restrictions in May.

Support for the AV1 codec has been one of the major sticking points between the two companies. The YouTube and YouTube TV apps use AV1 (which is backed by Google, among other companies) to deliver compressed 4K and 8K video streams. But because streaming devices tend to use slower, cheaper processors, they rely on dedicated video decoding hardware to be able to actually decompress and display those video files, and while most of these devices support the commonly used H.265/HEVC codec for high-resolution video streams, fewer support the royalty-free AV1 codec.

Roku has said that adding AV1 support to its devices would “increase consumer costs,” and requiring it for YouTube and YouTube TV support would effectively allow Google to dictate which chips Roku uses in its own products. Google has also accused Roku of using its position in the streaming-device market to secure more favorable terms (Roku’s devices account for a plurality of all streaming in North America, though its market share is lower in other regions). The YouTube and YouTube TV apps may not be able to stream high-resolution video on devices without AV1 support, though having those apps available in Roku’s store in any capacity is probably better for both companies than allowing them to be pulled entirely.

Continue Reading

Gadgets

Razer’s RGB smartphone cooler attaches to iPhones with MagSafe

Published

on

Enlarge / Razer Phone Cooler Chroma.

PC gamers know about heat. When you’re in the middle of an intense in-game battle, the last thing you want is for your computer to start acting up because your CPU or GPU got too hot. That’s why gamers and other extreme users rely on products like CPU coolers and liquid cooling systems. You probably haven’t been as concerned about your smartphone’s thermals while playing Candy Crush on your iPhone. Nevertheless, Razer released a new product, the Phone Cooler Chroma, on Tuesday to ensure your smartphone doesn’t overheat the next time you use it for gaming.

Of course, mobile gaming has grown beyond the likes of Candy Crush and Angry Birds. Razer (and some other vendors) have been trying to make mobile gaming a serious thing for a while. The company’s efforts are mostly focused on controllers, like the Razer Kishi, that attach to your smartphone. There’s also Razer’s finger sleeve for mobile gaming.

The Phone Cooler Chroma released Tuesday has a different purpose. Compatible with both iPhone and Android phones (it supports “most smartphones,” Razer’s product page claims), the product is meant to help keep your phone cool while it’s pushing those frames.

Interestingly, the fan takes advantage of Apple’s MagSafe, allowing you to attach the cooler magnetically. That’s convenient, but it also means the cooler won’t sit directly above the phone’s SoC.

If you don’t have a MagSafe-compatible phone, you can opt for the version with a universal clamp.

Clamp option.

We don’t know how adjustable the cooler is, but Razer says it works with phones that are 2.64-3.46 inches (67-88 mm) wide.

Staying cool?

1. RGB, 2. cover, 3. fan, 4. heatsink, 5. Peltier cooling tile, 6. cooling plate.
Enlarge / 1. RGB, 2. cover, 3. fan, 4. heatsink, 5. Peltier cooling tile, 6. cooling plate.

A cooling plate sits on the back cover and is topped by an electronic tile that uses Peltier cooling, also known as thermoelectric cooling, to transfer heat. The next layer is a heatsink under a seven-bladed fan spinning at up to 6,400 revolutions per minute, adjustable via Bluetooth. Razer says the cooler can stay at 30 dB.

On top of the fan lies a cover with air vents, and—of course—RGB lighting. Does the lighting help your phone stay cool? Absolutely not. But it almost wouldn’t be a Razer product without it. The gaming brand even put RGB on its N95 mask, so Chroma lighting here is no surprise.

RGB feels like a Razer requirement.
Enlarge / RGB feels like a Razer requirement.

There are 12 RGB LEDs in the cover, and each can be set to its own color and effect.

You’ll need a USB-C cable to power the Phone Cooler Chroma. The cooler comes with a 4.9-foot (1.5 m) USB-C to USB-C cable, but this seems like it could be burdensome when gaming on the go, as a mobile gamer is inclined to do.

Power over USB-C required.
Enlarge / Power over USB-C required.

Razer didn’t make any claims about how much cooler the product will keep your phone’s components. Unlike a CPU cooler, this cooler doesn’t come into direct contact with the processor, and it doesn’t have any exhaust vents to work with as some laptop fan coolers do. So the heat transfer from the actual SoC may be limited. Hardcore mobile gamers can find out for themselves for $60.

Ars Technica may earn compensation for sales from links on this post through affiliate programs.

Continue Reading

Trending