With the Android 17 version, Google announced a new security feature that will allow users to understand whether the operating system installed on their devices is official or not. This step was developed against malware that masquerades as the official operating system but compromises device integrity.

The company will allow users to confirm that the version of Android running on their device is an official and widely distributed build. This new feature can be followed through a menu containing critical information such as the device’s Play Protect status, bootloader status and build number.

A New Authentication Mechanism for Security

This system, which will come with Android 17, aims to clearly reveal whether the device works with an official Android version. Although Google offers hints that this verification process can also be done on another device, the technical details of this option have not been shared yet.

The new security feature will first be available on Pixel phones with the stable version of Android 17. Other manufacturers are expected to access this feature when they bring Android 17 updates to their devices.

This development raises questions about what impact it will have, especially on custom ROMs and Android forks such as GrapheneOS. The GrapheneOS team expressed their criticism of such systems, stating that Google’s device verification systems carry the risk of locking users into the company’s ecosystem.

Transparency Ledger for Applications

In addition to operating system verification, Google also announced that it will create a public registry to increase the security of applications. This system will serve as a cryptographic source proving that Google-signed applications and APIs are official versions.

The company describes this system as a source of truth and states that Google-signed applications that are not included in this notebook are not an official version. For Pixel users, this feature will combine with the existing Pixel System Image Transparency to help prove that both the system and apps are official production software.

Google emphasizes that it aims to protect users from malicious software with these new security layers. However, the impact of such restrictions on the open source Android community and users developing custom software is not yet fully clear.

It is eagerly awaited to see what path Google will follow regarding custom ROMs and forks. Do you think this new verification feature will be enough to increase the security of the Android ecosystem?